diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index ce7e815a78..a27636e710 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -996,8 +996,8 @@ const UDP_ACTIVE = 1; ##< Endpoint has sent something. const ignore_checksums = F &redef; ## Checksums are ignored for all packets with a src address within this set of -## networks. Useful for cases where a host might be seeing packets collected -## from local hosts before checksums were applied by hardware. This frequently +## networks. Useful for cases where a host might be seeing packets collected +## from local hosts before checksums were applied by hardware. This frequently ## manifests when sniffing a local management interface on a host and Zeek sees ## packets before the hardware has had a chance to apply the checksums. option ignore_checksums_nets: set[subnet] = set(); @@ -1914,6 +1914,7 @@ type gtp_delete_pdp_ctx_response_elements: record { @load base/bif/option.bif @load base/frameworks/supervisor/api @load base/bif/supervisor.bif +@load base/bif/packet_analysis.bif ## Internal function. function add_interface(iold: string, inew: string): string @@ -5377,18 +5378,4 @@ event net_done(t: time) @if ( __init_primary_bifs() ) @endif -module PacketAnalyzer; - -export { - type DispatchEntry : record { - ## The analyzer to dispatch. - analyzer : PacketAnalyzer::Tag; - }; - - ## A packet analyzer may extract a numeric identifier, which can be found in the - ## packet data and denotes the encapsulated protocol. A DispatchMap allows to map - ## the identifier to a child analyzer, which is defined using a DispatchEntry. - type DispatchMap : table[count] of DispatchEntry; -} - @load base/packet-protocols diff --git a/scripts/base/packet-protocols/ethernet/main.zeek b/scripts/base/packet-protocols/ethernet/main.zeek index 0094003e8f..ee53a8706e 100644 --- a/scripts/base/packet-protocols/ethernet/main.zeek +++ b/scripts/base/packet-protocols/ethernet/main.zeek @@ -5,24 +5,22 @@ export { const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef; ## IEEE 802.2 SNAP analyzer - const snap_analyzer: PacketAnalyzer::Tag &redef; + global snap_analyzer: PacketAnalyzer::Tag &redef; ## Novell raw IEEE 802.3 analyzer - const novell_raw_analyzer: PacketAnalyzer::Tag &redef; + global novell_raw_analyzer: PacketAnalyzer::Tag &redef; ## IEEE 802.2 LLC analyzer - const llc_analyzer: PacketAnalyzer::Tag &redef; - - ## Identifier mappings based on EtherType - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; + global llc_analyzer: PacketAnalyzer::Tag &redef; } -redef dispatch_map += { - [0x8847] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_MPLS), - [0x0800] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x86DD] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0806] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), - [0x8035] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), - [0x8100] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_VLAN), - [0x88A8] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_VLAN), - [0x9100] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_VLAN), - [0x8864] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_PPPOE) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x8847, PacketAnalyzer::ANALYZER_MPLS); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x0800, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x86DD, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x0806, PacketAnalyzer::ANALYZER_ARP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x8035, PacketAnalyzer::ANALYZER_ARP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x8100, PacketAnalyzer::ANALYZER_VLAN); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x88A8, PacketAnalyzer::ANALYZER_VLAN); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x9100, PacketAnalyzer::ANALYZER_VLAN); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x8864, PacketAnalyzer::ANALYZER_PPPOE); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/ieee802_11/main.zeek b/scripts/base/packet-protocols/ieee802_11/main.zeek index ee12c03714..426497f5a1 100644 --- a/scripts/base/packet-protocols/ieee802_11/main.zeek +++ b/scripts/base/packet-protocols/ieee802_11/main.zeek @@ -1,13 +1,9 @@ module PacketAnalyzer::IEEE802_11; -export { - ## Identifier mappings based on EtherType - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - -redef dispatch_map += { - [0x0800] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x86DD] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0806] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), - [0x8035] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 0x0800, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 0x86DD, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 0x0806, PacketAnalyzer::ANALYZER_ARP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 0x8035, PacketAnalyzer::ANALYZER_ARP); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/ieee802_11_radio/main.zeek b/scripts/base/packet-protocols/ieee802_11_radio/main.zeek index 483a80acf0..ab766a62dc 100644 --- a/scripts/base/packet-protocols/ieee802_11_radio/main.zeek +++ b/scripts/base/packet-protocols/ieee802_11_radio/main.zeek @@ -1,12 +1,8 @@ module PacketAnalyzer::IEEE802_11_RADIO; -export { - ## Identifier mappings - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - const DLT_IEEE802_11 : count = 105; -redef dispatch_map += { - [DLT_IEEE802_11] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IEEE802_11) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, DLT_IEEE802_11, PacketAnalyzer::ANALYZER_IEEE802_11); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/ip/main.zeek b/scripts/base/packet-protocols/ip/main.zeek index a34ef987bd..1f33b6bc50 100644 --- a/scripts/base/packet-protocols/ip/main.zeek +++ b/scripts/base/packet-protocols/ip/main.zeek @@ -1,12 +1,8 @@ module PacketAnalyzer::IP; -export { - ## Identifier mappings based on IP version (4 or 6) - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - -redef dispatch_map += { - [4] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IPTUNNEL), # IPv4 tunnel - [41] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IPTUNNEL), # IPv6 tunnel - [47] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_GRE) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE); + } diff --git a/scripts/base/packet-protocols/linux_sll/main.zeek b/scripts/base/packet-protocols/linux_sll/main.zeek index 2c4f5334fb..c4abbbe101 100644 --- a/scripts/base/packet-protocols/linux_sll/main.zeek +++ b/scripts/base/packet-protocols/linux_sll/main.zeek @@ -1,14 +1,11 @@ module PacketAnalyzer::LINUXSLL; -export { - ## Identifier mappings based on EtherType - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x0800, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x86DD, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x0806, PacketAnalyzer::ANALYZER_ARP); -redef dispatch_map += { - [0x0800] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x86DD] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0806] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), # RARP - [0x8035] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP) -}; + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x8035, PacketAnalyzer::ANALYZER_ARP); + } diff --git a/scripts/base/packet-protocols/nflog/main.zeek b/scripts/base/packet-protocols/nflog/main.zeek index 92c399d60d..0afee2aecd 100644 --- a/scripts/base/packet-protocols/nflog/main.zeek +++ b/scripts/base/packet-protocols/nflog/main.zeek @@ -1,14 +1,10 @@ module PacketAnalyzer::NFLOG; -export { - ## Identifier mappings - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - const AF_INET : count = 2; const AF_INET6 : count = 10; -redef dispatch_map += { - [AF_INET] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [AF_INET6] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, AF_INET, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, AF_INET6, PacketAnalyzer::ANALYZER_IP); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/null/main.zeek b/scripts/base/packet-protocols/null/main.zeek index 1e088f8fb2..124155fb1c 100644 --- a/scripts/base/packet-protocols/null/main.zeek +++ b/scripts/base/packet-protocols/null/main.zeek @@ -1,24 +1,18 @@ module PacketAnalyzer::NULL; -export { - ## Identifier mappings - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - const DLT_NULL : count = 0; -redef PacketAnalyzer::ROOT::dispatch_map += { - [DLT_NULL] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_NULL) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_NULL, PacketAnalyzer::ANALYZER_NULL); -## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different -## values in {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and -## {Darwin/macOS}, so an IPv6 packet might have a link-layer header with 24, 28, -## or 30 as the ``AF_`` value. As we may be reading traces captured on platforms -## other than what we're running on, we accept them all here. -redef dispatch_map += { - [2] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [24] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [28] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [30] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP) -}; + # From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different + # values in {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and + # {Darwin/macOS}, so an IPv6 packet might have a link-layer header with 24, 28, + # or 30 as the ``AF_`` value. As we may be reading traces captured on platforms + # other than what we're running on, we accept them all here. + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP); + } diff --git a/scripts/base/packet-protocols/ppp_serial/main.zeek b/scripts/base/packet-protocols/ppp_serial/main.zeek index 86a9e7f971..849d613601 100644 --- a/scripts/base/packet-protocols/ppp_serial/main.zeek +++ b/scripts/base/packet-protocols/ppp_serial/main.zeek @@ -1,18 +1,12 @@ module PacketAnalyzer::PPP_SERIAL; -export { - ## Identifier mappings - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - const DLT_PPP_SERIAL : count = 50; -redef PacketAnalyzer::ROOT::dispatch_map += { - [DLT_PPP_SERIAL] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_PPP_SERIAL, PacketAnalyzer::ANALYZER_PPPSERIAL); -redef dispatch_map += { - [0x0281] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_MPLS), - [0x0021] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0057] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP) -}; + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0281, PacketAnalyzer::ANALYZER_MPLS); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0021, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0057, PacketAnalyzer::ANALYZER_IP); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/pppoe/main.zeek b/scripts/base/packet-protocols/pppoe/main.zeek index ffc372d120..7093dc5322 100644 --- a/scripts/base/packet-protocols/pppoe/main.zeek +++ b/scripts/base/packet-protocols/pppoe/main.zeek @@ -1,11 +1,7 @@ module PacketAnalyzer::PPPOE; -export { - ## Identifier mappings - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - -redef dispatch_map += { - [0x0021] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0057] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 0x0021, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 0x0057, PacketAnalyzer::ANALYZER_IP); + } \ No newline at end of file diff --git a/scripts/base/packet-protocols/root/main.zeek b/scripts/base/packet-protocols/root/main.zeek index a53788804f..f823e9f6c2 100644 --- a/scripts/base/packet-protocols/root/main.zeek +++ b/scripts/base/packet-protocols/root/main.zeek @@ -3,9 +3,6 @@ module PacketAnalyzer::ROOT; export { ## Default analyzer (if we don't know the link type, we assume raw IP) const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef; - - ## Identifier mappings based on link type - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; } const DLT_EN10MB : count = 1; @@ -15,12 +12,12 @@ const DLT_IEEE802_11_RADIO : count = 127; const DLT_LINUX_SLL : count = 113; const DLT_NFLOG : count = 239; -redef dispatch_map += { - [DLT_EN10MB] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ETHERNET), - [DLT_FDDI] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_FDDI), - [DLT_IEEE802_11] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IEEE802_11), - [DLT_IEEE802_11_RADIO] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO), - [DLT_LINUX_SLL] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_LINUXSLL), - [DLT_NFLOG] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_NFLOG) - -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_EN10MB, PacketAnalyzer::ANALYZER_ETHERNET); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_FDDI, PacketAnalyzer::ANALYZER_FDDI); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11, PacketAnalyzer::ANALYZER_IEEE802_11); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_IEEE802_11_RADIO, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_LINUX_SLL, PacketAnalyzer::ANALYZER_LINUXSLL); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_NFLOG, PacketAnalyzer::ANALYZER_NFLOG); + } diff --git a/scripts/base/packet-protocols/vlan/main.zeek b/scripts/base/packet-protocols/vlan/main.zeek index 9de5272913..7e18bc3506 100644 --- a/scripts/base/packet-protocols/vlan/main.zeek +++ b/scripts/base/packet-protocols/vlan/main.zeek @@ -1,16 +1,12 @@ module PacketAnalyzer::VLAN; -export { - ## Identifier mappings based on EtherType - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - -redef dispatch_map += { - [0x8847] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_MPLS), - [0x0800] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x86DD] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP), - [0x0806] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), - [0x8035] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP), - [0x8100] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_VLAN), - [0x8864] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_PPPOE) -}; +event zeek_init() &priority=20 + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8847, PacketAnalyzer::ANALYZER_MPLS); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x0800, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x86DD, PacketAnalyzer::ANALYZER_IP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x0806, PacketAnalyzer::ANALYZER_ARP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8035, PacketAnalyzer::ANALYZER_ARP); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8100, PacketAnalyzer::ANALYZER_VLAN); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 0x8864, PacketAnalyzer::ANALYZER_PPPOE); + } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a2d7fe5348..3d185041f2 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -112,6 +112,10 @@ set(BIF_SRCS # subdirectory BIFs are treated differently and don't support being called # *during* parsing (e.g. within an @if directive). supervisor/supervisor.bif + # The packet analysis BIF is treated like other top-level BIFs because + # it's needed before parsing the packet protocol scripts, which happen + # very near to the start of parsing. + packet_analysis/packet_analysis.bif ) foreach (bift ${BIF_SRCS}) diff --git a/src/Func.cc b/src/Func.cc index eb9a2a537f..f947f176d2 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -61,6 +61,7 @@ #include "strings.bif.func_h" #include "option.bif.func_h" #include "supervisor.bif.func_h" +#include "packet_analysis.bif.func_h" #include "zeek.bif.func_def" #include "stats.bif.func_def" @@ -68,6 +69,7 @@ #include "strings.bif.func_def" #include "option.bif.func_def" #include "supervisor.bif.func_def" +#include "packet_analysis.bif.func_def" extern RETSIGTYPE sig_handler(int signo); @@ -929,6 +931,7 @@ void init_primary_bifs() #include "strings.bif.func_init" #include "option.bif.func_init" #include "supervisor.bif.func_init" +#include "packet_analysis.bif.func_init" init_builtin_types(); did_builtin_init = true; diff --git a/src/NetVar.cc b/src/NetVar.cc index dfc52e0ea4..4b03939474 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -207,6 +207,7 @@ static void bif_init_net_var() #include "const.bif.netvar_init" #include "reporter.bif.netvar_init" #include "supervisor.bif.netvar_init" +#include "packet_analysis.bif.netvar_init" } static void init_bif_types() @@ -219,6 +220,7 @@ static void init_bif_types() #include "event.bif.netvar_def" #include "reporter.bif.netvar_def" #include "supervisor.bif.netvar_def" +#include "packet_analysis.bif.netvar_def" // Re-open the namespace now that the bif headers are all included. namespace zeek::detail { diff --git a/src/NetVar.h b/src/NetVar.h index 29a1bb55fc..3c9fa28626 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -345,3 +345,4 @@ extern zeek::StringVal* global_hash_seed; #include "event.bif.netvar_h" #include "reporter.bif.netvar_h" #include "supervisor.bif.netvar_h" +#include "packet_analysis.bif.netvar_h" diff --git a/src/Reporter.cc b/src/Reporter.cc index bea06323ad..0eabf67815 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -49,7 +49,6 @@ Reporter::Reporter(bool arg_abort_on_scripting_errors) info_to_stderr = true; warnings_to_stderr = true; errors_to_stderr = true; - after_zeek_init = false; weird_count = 0; weird_sampling_rate = 0; @@ -662,4 +661,10 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, free(alloced); } +bool Reporter::EmitToStderr(bool flag) + { + return flag || ! run_state::detail::zeek_init_done; + } + + } // namespace zeek diff --git a/src/Reporter.h b/src/Reporter.h index f58bc6e068..e381a7a1bb 100644 --- a/src/Reporter.h +++ b/src/Reporter.h @@ -269,13 +269,6 @@ public: this->weird_sampling_duration = weird_sampling_duration; } - /** - * Called after zeek_init() and toggles whether messages may stop being - * emitted to stderr. - */ - void ZeekInitDone() - { after_zeek_init = true; } - private: void DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Connection* conn, ValPList* addl, bool location, bool time, @@ -296,8 +289,7 @@ private: enum class PermitWeird { Allow, Deny, Unknown }; PermitWeird CheckGlobalWeirdLists(const char* name); - bool EmitToStderr(bool flag) - { return flag || ! after_zeek_init; } + bool EmitToStderr(bool flag); int errors; bool via_events; @@ -305,7 +297,6 @@ private: bool info_to_stderr; bool warnings_to_stderr; bool errors_to_stderr; - bool after_zeek_init; bool abort_on_scripting_errors = false; std::list > locations; diff --git a/src/RunState.cc b/src/RunState.cc index edd7684b44..f4faece9ee 100644 --- a/src/RunState.cc +++ b/src/RunState.cc @@ -56,6 +56,7 @@ double first_wallclock = 0.0; double first_timestamp = 0.0; double current_wallclock = 0.0; double current_pseudo = 0.0; +bool zeek_init_done = false; RETSIGTYPE watchdog(int /* signo */) { diff --git a/src/RunState.h b/src/RunState.h index 5afbea596e..eba77ff413 100644 --- a/src/RunState.h +++ b/src/RunState.h @@ -54,6 +54,8 @@ extern double first_timestamp; extern double current_wallclock; extern double current_pseudo; +extern bool zeek_init_done; + } // namespace detail // Functions to temporarily suspend processing of live input (network packets diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 5f1ee26dcc..b119c2b5e6 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -129,7 +129,6 @@ Manager::Manager(bool arg_use_real_time) { bound_port = 0; use_real_time = arg_use_real_time; - after_zeek_init = false; peer_count = 0; log_batch_size = 0; log_topic_func = nullptr; @@ -828,14 +827,14 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) bool Manager::Subscribe(const string& topic_prefix) { DBG_LOG(DBG_BROKER, "Subscribing to topic prefix %s", topic_prefix.c_str()); - bstate->subscriber.add_topic(topic_prefix, ! after_zeek_init); + bstate->subscriber.add_topic(topic_prefix, ! run_state::detail::zeek_init_done); // For backward compatibility, we also may receive messages on // "bro/" topic prefixes in addition to "zeek/". if ( strncmp(topic_prefix.data(), "zeek/", 5) == 0 ) { std::string alt_topic = "bro/" + topic_prefix.substr(5); - bstate->subscriber.add_topic(std::move(alt_topic), ! after_zeek_init); + bstate->subscriber.add_topic(std::move(alt_topic), ! run_state::detail::zeek_init_done); } return true; @@ -864,7 +863,7 @@ bool Manager::Unsubscribe(const string& topic_prefix) } DBG_LOG(DBG_BROKER, "Unsubscribing from topic prefix %s", topic_prefix.c_str()); - bstate->subscriber.remove_topic(topic_prefix, ! after_zeek_init); + bstate->subscriber.remove_topic(topic_prefix, ! run_state::detail::zeek_init_done); return true; } diff --git a/src/broker/Manager.h b/src/broker/Manager.h index fca8c26b77..6e313ab915 100644 --- a/src/broker/Manager.h +++ b/src/broker/Manager.h @@ -88,9 +88,6 @@ public: */ void InitPostScript(); - void ZeekInitDone() - { after_zeek_init = true; } - /** * Shuts Broker down at termination. */ @@ -424,7 +421,6 @@ private: uint16_t bound_port; bool use_real_time; - bool after_zeek_init; int peer_count; size_t log_batch_size; diff --git a/src/packet_analysis/Analyzer.cc b/src/packet_analysis/Analyzer.cc index 9587423ea2..3d26d41a80 100644 --- a/src/packet_analysis/Analyzer.cc +++ b/src/packet_analysis/Analyzer.cc @@ -1,9 +1,10 @@ // See the file "COPYING" in the main distribution directory for copyright. -#include "Analyzer.h" +#include "zeek/packet_analysis/Analyzer.h" -#include "Dict.h" -#include "DebugLogger.h" +#include "zeek/Dict.h" +#include "zeek/DebugLogger.h" +#include "zeek/RunState.h" namespace zeek::packet_analysis { @@ -30,31 +31,6 @@ void Analyzer::Init(const Tag& _tag) void Analyzer::Initialize() { default_analyzer = LoadAnalyzer("default_analyzer"); - - // Create dispatcher based on configuration - auto& mapping_id = zeek::id::find(GetModuleName() + "dispatch_map"); - if ( ! mapping_id ) - return; - - auto mapping_val = mapping_id->GetVal()->AsTableVal(); - auto mapping_tbl = mapping_val->AsTable(); - auto c = mapping_tbl->InitForIteration(); - - zeek::detail::HashKey* k = nullptr; - TableEntryVal* v; - while ( (v = mapping_tbl->NextEntry(k, c)) ) - { - auto key = mapping_val->RecreateIndex(*k); - delete k; - - auto identifier = key->Idx(0)->AsCount(); - auto config_entry_val = v->GetVal()->AsRecordVal(); - - auto mapped_tag = config_entry_val->GetField("analyzer")->AsEnumVal(); - auto mapped_analyzer = packet_mgr->GetAnalyzer(mapped_tag); - - dispatcher.Register(identifier, std::move(mapped_analyzer)); - } } zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string &name) @@ -132,4 +108,12 @@ void Analyzer::DumpDebug() const #endif } +void Analyzer::RegisterProtocol(uint32_t identifier, AnalyzerPtr child) + { + if ( run_state::detail::zeek_init_done ) + reporter->FatalError("Packet protocols cannot be registered after zeek_init has finished."); + + dispatcher.Register(identifier, std::move(child)); + } + } diff --git a/src/packet_analysis/Analyzer.h b/src/packet_analysis/Analyzer.h index b60553f541..96f6a387ff 100644 --- a/src/packet_analysis/Analyzer.h +++ b/src/packet_analysis/Analyzer.h @@ -85,6 +85,15 @@ public: */ void DumpDebug() const; + /** + * Adds a protocol to this analyzer's dispatcher. + * + * @param idenfitier The identifier for the protocol being added. + * @param child The analyzer that will be called for the new protocol during + * forwarding. + */ + void RegisterProtocol(uint32_t identifier, AnalyzerPtr child); + protected: friend class Manager; diff --git a/src/packet_analysis/CMakeLists.txt b/src/packet_analysis/CMakeLists.txt index 6ece492dce..e823e0399c 100644 --- a/src/packet_analysis/CMakeLists.txt +++ b/src/packet_analysis/CMakeLists.txt @@ -14,7 +14,7 @@ set(packet_analysis_SRCS Manager.cc Component.cc Tag.cc -) + ) bro_add_subdir_library(packet_analysis ${packet_analysis_SRCS}) add_dependencies(bro_packet_analysis generate_outputs) diff --git a/src/packet_analysis/packet_analysis.bif b/src/packet_analysis/packet_analysis.bif new file mode 100644 index 0000000000..cc60808d72 --- /dev/null +++ b/src/packet_analysis/packet_analysis.bif @@ -0,0 +1,49 @@ +module PacketAnalyzer; + +%%{ + +#include "zeek/packet_analysis/Analyzer.h" +#include "zeek/packet_analysis/Manager.h" + +%%} + +## Add an entry to parent's dispatcher that maps a protocol/index to a next-stage child analyzer. +## +## parent: The parent analyzer being modified +## identifier: The identifier for the protocol being registered +## child: The analyzer that will be called for the identifier +## +function register_packet_analyzer%(parent: PacketAnalyzer::Tag, identifier: count, child: PacketAnalyzer::Tag%): bool + %{ + packet_analysis::AnalyzerPtr parent_analyzer = packet_mgr->GetAnalyzer(parent->AsEnumVal()); + if ( ! parent_analyzer ) + return zeek::val_mgr->False(); + + packet_analysis::AnalyzerPtr child_analyzer = packet_mgr->GetAnalyzer(child->AsEnumVal()); + if ( ! child_analyzer ) + return zeek::val_mgr->False(); + + parent_analyzer->RegisterProtocol(identifier, child_analyzer); + return zeek::val_mgr->True(); + %} + +## Attempts to add an entry to `parent`'s dispatcher that maps a protocol/index to a next-stage `child` analyzer. +## This may fail if either of the two names does not respond to a known analyzer. +## +## parent: The parent analyzer being modified +## identifier: The identifier for the protocol being registered +## child: The analyzer that will be called for the identifier +## +function try_register_packet_analyzer_by_name%(parent: string, identifier: count, child: string%): bool + %{ + packet_analysis::AnalyzerPtr parent_analyzer = packet_mgr->GetAnalyzer(parent->ToStdString()); + if ( ! parent_analyzer ) + return zeek::val_mgr->False(); + + packet_analysis::AnalyzerPtr child_analyzer = packet_mgr->GetAnalyzer(child->ToStdString()); + if ( ! child_analyzer ) + return zeek::val_mgr->False(); + + parent_analyzer->RegisterProtocol(identifier, child_analyzer); + return zeek::val_mgr->True(); + %} diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index d95857aa80..c7ae181e92 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -908,8 +908,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) if ( reporter->Errors() > 0 && ! util::zeekenv("ZEEK_ALLOW_INIT_ERRORS") ) reporter->FatalError("errors occurred while initializing"); - broker_mgr->ZeekInitDone(); - reporter->ZeekInitDone(); + run_state::detail::zeek_init_done = true; analyzer_mgr->DumpDebug(); packet_mgr->DumpDebug(); diff --git a/testing/btest/Baseline/core.protocol-registration-error/.stderr b/testing/btest/Baseline/core.protocol-registration-error/.stderr new file mode 100644 index 0000000000..fdda343d88 --- /dev/null +++ b/testing/btest/Baseline/core.protocol-registration-error/.stderr @@ -0,0 +1 @@ +fatal error: Packet protocols cannot be registered after zeek_init has finished. diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index a5cb9597eb..ab27460182 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -1,9 +1,10 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path loaded_scripts -#open 2020-09-10-23-14-33 +#open XXXX-XX-XX-XX-XX-XX #fields name #types string scripts/base/init-bare.zeek @@ -16,6 +17,7 @@ scripts/base/init-bare.zeek build/scripts/base/bif/option.bif.zeek scripts/base/frameworks/supervisor/api.zeek build/scripts/base/bif/supervisor.bif.zeek + build/scripts/base/bif/packet_analysis.bif.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek @@ -220,4 +222,4 @@ scripts/base/init-frameworks-and-bifs.zeek build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek scripts/policy/misc/loaded-scripts.zeek scripts/base/utils/paths.zeek -#close 2020-09-10-23-14-33 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index a0e5808d45..9d354656f8 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -1,9 +1,10 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path loaded_scripts -#open 2020-09-23-19-37-26 +#open XXXX-XX-XX-XX-XX-XX #fields name #types string scripts/base/init-bare.zeek @@ -16,6 +17,7 @@ scripts/base/init-bare.zeek build/scripts/base/bif/option.bif.zeek scripts/base/frameworks/supervisor/api.zeek build/scripts/base/bif/supervisor.bif.zeek + build/scripts/base/bif/packet_analysis.bif.zeek build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek build/scripts/base/bif/event.bif.zeek @@ -416,4 +418,4 @@ scripts/base/init-default.zeek scripts/base/misc/find-filtered-trace.zeek scripts/base/misc/version.zeek scripts/policy/misc/loaded-scripts.zeek -#close 2020-09-23-19-37-26 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 174b67d711..c73639a111 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -1,3405 +1,3553 @@ -0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> -0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -> -0.000000 MetaHookPost CallFunction(Broker::__subscribe, , (zeek/supervisor)) -> -0.000000 MetaHookPost CallFunction(Broker::subscribe, , (zeek/supervisor)) -> -0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> -0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> -0.000000 MetaHookPost CallFunction(Cluster::local_node_type, , ()) -> -0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) -> -0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) -> -0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) -> -0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) -> -0.000000 MetaHookPost CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> -0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> -0.000000 MetaHookPost CallFunction(FilteredTraceDetection::should_detect, , ()) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (DHCP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (DNP3::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (DNS::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (DPD::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (FTP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Files::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (HTTP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (IRC::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Intel::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (KRB::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Modbus::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NTLM::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NTP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (PE::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RADIUS::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RDP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RFB::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Reporter::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SIP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SMTP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SNMP::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SOCKS::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SSH::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SSL::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Signatures::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Software::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Syslog::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Tunnel::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Weird::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (X509::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (mysql::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Config::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Files::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (PE::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Software::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (X509::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> -0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> -0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> -0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> -0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> -0.000000 MetaHookPost CallFunction(PacketFilter::install, , ()) -> -0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, , ([ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -0.000000 MetaHookPost CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -> -0.000000 MetaHookPost CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) -> -0.000000 MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) -> -0.000000 MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> -0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, , ()) -> -0.000000 MetaHookPost CallFunction(__init_primary_bifs, , ()) -> -0.000000 MetaHookPost CallFunction(__init_secondary_bifs, , ()) -> -0.000000 MetaHookPost CallFunction(current_time, , ()) -> -0.000000 MetaHookPost CallFunction(filter_change_tracking, , ()) -> -0.000000 MetaHookPost CallFunction(getenv, , (CLUSTER_NODE)) -> -0.000000 MetaHookPost CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> -0.000000 MetaHookPost CallFunction(global_ids, , ()) -> -0.000000 MetaHookPost CallFunction(network_time, , ()) -> -0.000000 MetaHookPost CallFunction(reading_live_traffic, , ()) -> -0.000000 MetaHookPost CallFunction(reading_traces, , ()) -> -0.000000 MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> -0.000000 MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> -0.000000 MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> -0.000000 MetaHookPost CallFunction(x509_set_certificate_cache, , ({})) -> -0.000000 MetaHookPost CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -> -0.000000 MetaHookPost CallFunction(zeek_args, , ()) -> -0.000000 MetaHookPost CallFunction(zeek_init, , ()) -> -0.000000 MetaHookPost DrainEvents() -> -0.000000 MetaHookPost LoadFile(0, ..<...>/main.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, ..<...>/plugin.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_File.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/acld.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/analyzer.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/api.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ascii.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/average.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/benchmark.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/binary.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/config.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const-dos-error.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const-nt-status.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/const.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/consts.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/contents.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/control.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ct-list.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/data.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/dcc-send.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/debug.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/drop.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/email_admin.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/entities.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/event.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/exec.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/file_analysis.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/files.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/gridftp.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/hll_unique.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/info.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/input.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/input.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/last.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/log.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/logging.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/magic) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/main.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/max.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/messaging.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/min.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/mozilla-ca-list.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/netstats.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/non-cluster.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/none.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/openflow.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/option.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/packetfilter.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/page.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/patterns.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pcap.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/plugin.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/plugins) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/polling.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pools.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/postprocessors) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/pp-alarms.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/raw.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/removal-hooks.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/reporter.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/ryu.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sample.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/scp.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sftp.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/shunt.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/site.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/smb1-main.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/smb2-main.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sqlite.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/stats.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/std-dev.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/store.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/store.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/strings.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/sum.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/supervisor.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/thresholds.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/top-k.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/topk.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/types.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/unique.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/utils-commands.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/zeek.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/analyzer.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/api.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/backtrace.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/bif) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/broker) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/cluster) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/comm.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/config) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/conn) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/conn-ids.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/const.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/control) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/data.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dce-rpc) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dhcp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dir.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/directions-and-hosts.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dnp3) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dns) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/dpd) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/email.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ethernet) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/event.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/exec.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/extract) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/fddi) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/file_analysis.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/files) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/files.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/find-checksum-offloading.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ftp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/gre) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/hash) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/hash_hrw.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/http) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ieee802_11) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ieee802_11_radio) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/imap) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/init-default.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/input) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/intel) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ip) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/iptunnel) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/irc) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/krb) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/logging) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/modbus) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/mpls) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/mqtt) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/mysql) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/nflog) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/notice) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ntlm) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ntp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/null) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/numbers.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/openflow) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/option.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/packet-filter) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/packet-protocols) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/paths.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/patterns.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/pe) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/plugins) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/pop3) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ppp_serial) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/pppoe) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/queue.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/radius) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/rdp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/removal-hooks.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/reporter) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/reporter.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/rfb) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/root) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/signatures) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/sip) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/site.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/skip) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/smb) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/smtp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/snmp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/socks) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/software) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ssh) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/ssl) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/stats.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/store.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/strings.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/strings.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/sumstats) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/supervisor) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/supervisor.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/syslog) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/thresholds.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/time.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/tunnels) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/types.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/urls.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/utils.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/version.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/vlan) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/weird.zeek) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/x509) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/xmpp) -> -1 -0.000000 MetaHookPost LoadFile(0, base<...>/zeek.bif.zeek) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/archive.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/audio.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/dpd.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/executable.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/font.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/general.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/image.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/java.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/libmagic.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/office.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/programming.sig) -> -1 -0.000000 MetaHookPost LoadFile(1, .<...>/video.sig) -> -1 -0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> -0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true -0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false -0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false -0.000000 MetaHookPost QueueEvent(zeek_init()) -> false -0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -0.000000 MetaHookPre CallFunction(Broker::__subscribe, , (zeek/supervisor)) -0.000000 MetaHookPre CallFunction(Broker::subscribe, , (zeek/supervisor)) -0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) -0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) -0.000000 MetaHookPre CallFunction(Cluster::local_node_type, , ()) -0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) -0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) -0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) -0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) -0.000000 MetaHookPre CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -0.000000 MetaHookPre CallFunction(FilteredTraceDetection::should_detect, , ()) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (DHCP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (DNP3::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (DNS::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (DPD::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (FTP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Files::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (HTTP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (IRC::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Intel::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (KRB::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Modbus::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NTLM::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NTP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (PE::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RADIUS::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RDP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RFB::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Reporter::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SIP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SMTP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SNMP::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SOCKS::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SSH::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SSL::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Signatures::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Software::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Syslog::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Tunnel::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Weird::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (X509::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (mysql::LOG)) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Config::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Files::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (PE::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Software::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (X509::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) -0.000000 MetaHookPre CallFunction(NetControl::init, , ()) -0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) -0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -0.000000 MetaHookPre CallFunction(PacketFilter::install, , ()) -0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, , ([ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -0.000000 MetaHookPre CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -0.000000 MetaHookPre CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) -0.000000 MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) -0.000000 MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, , ()) -0.000000 MetaHookPre CallFunction(__init_primary_bifs, , ()) -0.000000 MetaHookPre CallFunction(__init_secondary_bifs, , ()) -0.000000 MetaHookPre CallFunction(current_time, , ()) -0.000000 MetaHookPre CallFunction(filter_change_tracking, , ()) -0.000000 MetaHookPre CallFunction(getenv, , (CLUSTER_NODE)) -0.000000 MetaHookPre CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -0.000000 MetaHookPre CallFunction(global_ids, , ()) -0.000000 MetaHookPre CallFunction(network_time, , ()) -0.000000 MetaHookPre CallFunction(reading_live_traffic, , ()) -0.000000 MetaHookPre CallFunction(reading_traces, , ()) -0.000000 MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -0.000000 MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -0.000000 MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -0.000000 MetaHookPre CallFunction(x509_set_certificate_cache, , ({})) -0.000000 MetaHookPre CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -0.000000 MetaHookPre CallFunction(zeek_args, , ()) -0.000000 MetaHookPre CallFunction(zeek_init, , ()) -0.000000 MetaHookPre DrainEvents() -0.000000 MetaHookPre LoadFile(0, ..<...>/main.zeek) -0.000000 MetaHookPre LoadFile(0, ..<...>/plugin.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_File.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/acld.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/addrs.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/analyzer.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/api.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/ascii.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/average.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/benchmark.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/binary.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/broker.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/config.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/const-dos-error.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/const-nt-status.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/const.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/consts.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/contents.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/control.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/ct-list.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/data.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/dcc-send.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/debug.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/drop.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/email_admin.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/entities.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/event.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/exec.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/file_analysis.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/files.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/gridftp.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/hll_unique.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/info.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/input.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/input.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/last.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/log.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/logging.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/magic) -0.000000 MetaHookPre LoadFile(0, .<...>/main.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/max.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/messaging.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/min.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/mozilla-ca-list.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/netstats.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/non-cluster.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/none.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/openflow.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/option.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/packetfilter.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/page.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/patterns.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/pcap.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/plugin.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/plugins) -0.000000 MetaHookPre LoadFile(0, .<...>/polling.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/pools.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/postprocessors) -0.000000 MetaHookPre LoadFile(0, .<...>/pp-alarms.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/raw.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/removal-hooks.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/reporter.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/ryu.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/sample.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/scp.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/sftp.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/shunt.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/site.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/smb1-main.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/smb2-main.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/sqlite.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/stats.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/std-dev.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/store.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/store.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/strings.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/sum.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/supervisor.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/thresholds.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/top-k.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/topk.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/types.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/unique.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/utils-commands.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/utils.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/variance.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/weird.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/zeek.bif.zeek) -0.000000 MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) -0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek) -0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek) -0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/active-http.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/addrs.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/analyzer) -0.000000 MetaHookPre LoadFile(0, base<...>/analyzer.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/api.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/backtrace.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/bif) -0.000000 MetaHookPre LoadFile(0, base<...>/broker) -0.000000 MetaHookPre LoadFile(0, base<...>/cluster) -0.000000 MetaHookPre LoadFile(0, base<...>/comm.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/config) -0.000000 MetaHookPre LoadFile(0, base<...>/conn) -0.000000 MetaHookPre LoadFile(0, base<...>/conn-ids.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/const.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/control) -0.000000 MetaHookPre LoadFile(0, base<...>/data.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/dce-rpc) -0.000000 MetaHookPre LoadFile(0, base<...>/dhcp) -0.000000 MetaHookPre LoadFile(0, base<...>/dir.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/directions-and-hosts.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/dnp3) -0.000000 MetaHookPre LoadFile(0, base<...>/dns) -0.000000 MetaHookPre LoadFile(0, base<...>/dpd) -0.000000 MetaHookPre LoadFile(0, base<...>/email.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/ethernet) -0.000000 MetaHookPre LoadFile(0, base<...>/event.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/exec.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/extract) -0.000000 MetaHookPre LoadFile(0, base<...>/fddi) -0.000000 MetaHookPre LoadFile(0, base<...>/file_analysis.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/files) -0.000000 MetaHookPre LoadFile(0, base<...>/files.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/find-checksum-offloading.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/ftp) -0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/gre) -0.000000 MetaHookPre LoadFile(0, base<...>/hash) -0.000000 MetaHookPre LoadFile(0, base<...>/hash_hrw.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/http) -0.000000 MetaHookPre LoadFile(0, base<...>/ieee802_11) -0.000000 MetaHookPre LoadFile(0, base<...>/ieee802_11_radio) -0.000000 MetaHookPre LoadFile(0, base<...>/imap) -0.000000 MetaHookPre LoadFile(0, base<...>/init-default.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/input) -0.000000 MetaHookPre LoadFile(0, base<...>/input.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/intel) -0.000000 MetaHookPre LoadFile(0, base<...>/ip) -0.000000 MetaHookPre LoadFile(0, base<...>/iptunnel) -0.000000 MetaHookPre LoadFile(0, base<...>/irc) -0.000000 MetaHookPre LoadFile(0, base<...>/krb) -0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll) -0.000000 MetaHookPre LoadFile(0, base<...>/logging) -0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/main.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/messaging.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/modbus) -0.000000 MetaHookPre LoadFile(0, base<...>/mpls) -0.000000 MetaHookPre LoadFile(0, base<...>/mqtt) -0.000000 MetaHookPre LoadFile(0, base<...>/mysql) -0.000000 MetaHookPre LoadFile(0, base<...>/netcontrol) -0.000000 MetaHookPre LoadFile(0, base<...>/nflog) -0.000000 MetaHookPre LoadFile(0, base<...>/notice) -0.000000 MetaHookPre LoadFile(0, base<...>/ntlm) -0.000000 MetaHookPre LoadFile(0, base<...>/ntp) -0.000000 MetaHookPre LoadFile(0, base<...>/null) -0.000000 MetaHookPre LoadFile(0, base<...>/numbers.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/openflow) -0.000000 MetaHookPre LoadFile(0, base<...>/option.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/packet-filter) -0.000000 MetaHookPre LoadFile(0, base<...>/packet-protocols) -0.000000 MetaHookPre LoadFile(0, base<...>/paths.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/patterns.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/pe) -0.000000 MetaHookPre LoadFile(0, base<...>/plugins) -0.000000 MetaHookPre LoadFile(0, base<...>/pop3) -0.000000 MetaHookPre LoadFile(0, base<...>/ppp_serial) -0.000000 MetaHookPre LoadFile(0, base<...>/pppoe) -0.000000 MetaHookPre LoadFile(0, base<...>/queue.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/radius) -0.000000 MetaHookPre LoadFile(0, base<...>/rdp) -0.000000 MetaHookPre LoadFile(0, base<...>/removal-hooks.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/reporter) -0.000000 MetaHookPre LoadFile(0, base<...>/reporter.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/rfb) -0.000000 MetaHookPre LoadFile(0, base<...>/root) -0.000000 MetaHookPre LoadFile(0, base<...>/signatures) -0.000000 MetaHookPre LoadFile(0, base<...>/sip) -0.000000 MetaHookPre LoadFile(0, base<...>/site.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/skip) -0.000000 MetaHookPre LoadFile(0, base<...>/smb) -0.000000 MetaHookPre LoadFile(0, base<...>/smtp) -0.000000 MetaHookPre LoadFile(0, base<...>/snmp) -0.000000 MetaHookPre LoadFile(0, base<...>/socks) -0.000000 MetaHookPre LoadFile(0, base<...>/software) -0.000000 MetaHookPre LoadFile(0, base<...>/ssh) -0.000000 MetaHookPre LoadFile(0, base<...>/ssl) -0.000000 MetaHookPre LoadFile(0, base<...>/stats.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/store.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/strings.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/strings.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/sumstats) -0.000000 MetaHookPre LoadFile(0, base<...>/supervisor) -0.000000 MetaHookPre LoadFile(0, base<...>/supervisor.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/syslog) -0.000000 MetaHookPre LoadFile(0, base<...>/thresholds.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/time.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/tunnels) -0.000000 MetaHookPre LoadFile(0, base<...>/types.bif.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/urls.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/utils.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/version.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/vlan) -0.000000 MetaHookPre LoadFile(0, base<...>/weird.zeek) -0.000000 MetaHookPre LoadFile(0, base<...>/x509) -0.000000 MetaHookPre LoadFile(0, base<...>/xmpp) -0.000000 MetaHookPre LoadFile(0, base<...>/zeek.bif.zeek) -0.000000 MetaHookPre LoadFile(1, .<...>/archive.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/audio.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/dpd.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/executable.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/font.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/general.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/image.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/java.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/libmagic.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/office.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/programming.sig) -0.000000 MetaHookPre LoadFile(1, .<...>/video.sig) -0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -0.000000 MetaHookPre QueueEvent(NetControl::init()) -0.000000 MetaHookPre QueueEvent(filter_change_tracking()) -0.000000 MetaHookPre QueueEvent(zeek_init()) -0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) -0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 137/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB, 88/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_NTP, 123/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) -0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) -0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 137/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB, 88/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_NTP, 123/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, {1434<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_NTP, {123/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, {1812/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, {3389/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp}) -0.000000 | HookCallFunction Broker::__subscribe(zeek/supervisor) -0.000000 | HookCallFunction Broker::subscribe(zeek/supervisor) -0.000000 | HookCallFunction Cluster::is_enabled() -0.000000 | HookCallFunction Cluster::local_node_type() -0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F]) -0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F]) -0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F]) -0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)}) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/pkix-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-ca-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-user-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_PE, application/x-dosexec) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/pkix-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-ca-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-user-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/pkix-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-ca-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-user-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/pkix-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-ca-cert) -0.000000 | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-user-cert) -0.000000 | HookCallFunction Files::register_for_mime_types(Files::ANALYZER_PE, {application/x-dosexec}) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]) -0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) -0.000000 | HookCallFunction FilteredTraceDetection::should_detect() -0.000000 | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) -0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) -0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) -0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) -0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) -0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) -0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) -0.000000 | HookCallFunction Log::add_default_filter(DCE_RPC::LOG) -0.000000 | HookCallFunction Log::add_default_filter(DHCP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(DNP3::LOG) -0.000000 | HookCallFunction Log::add_default_filter(DNS::LOG) -0.000000 | HookCallFunction Log::add_default_filter(DPD::LOG) -0.000000 | HookCallFunction Log::add_default_filter(FTP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Files::LOG) -0.000000 | HookCallFunction Log::add_default_filter(HTTP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(IRC::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Intel::LOG) -0.000000 | HookCallFunction Log::add_default_filter(KRB::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Modbus::LOG) -0.000000 | HookCallFunction Log::add_default_filter(NTLM::LOG) -0.000000 | HookCallFunction Log::add_default_filter(NTP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(NetControl::DROP_LOG) -0.000000 | HookCallFunction Log::add_default_filter(NetControl::LOG) -0.000000 | HookCallFunction Log::add_default_filter(NetControl::SHUNT) -0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG) -0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG) -0.000000 | HookCallFunction Log::add_default_filter(OpenFlow::LOG) -0.000000 | HookCallFunction Log::add_default_filter(PE::LOG) -0.000000 | HookCallFunction Log::add_default_filter(PacketFilter::LOG) -0.000000 | HookCallFunction Log::add_default_filter(RADIUS::LOG) -0.000000 | HookCallFunction Log::add_default_filter(RDP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(RFB::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Reporter::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SIP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SMB::FILES_LOG) -0.000000 | HookCallFunction Log::add_default_filter(SMB::MAPPING_LOG) -0.000000 | HookCallFunction Log::add_default_filter(SMTP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SNMP::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SOCKS::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SSH::LOG) -0.000000 | HookCallFunction Log::add_default_filter(SSL::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Signatures::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Software::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Syslog::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Tunnel::LOG) -0.000000 | HookCallFunction Log::add_default_filter(Weird::LOG) -0.000000 | HookCallFunction Log::add_default_filter(X509::LOG) -0.000000 | HookCallFunction Log::add_default_filter(mysql::LOG) -0.000000 | HookCallFunction Log::add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Log::add_stream_filters(Broker::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Cluster::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Config::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Conn::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(DCE_RPC::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(DHCP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(DNP3::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(DNS::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(DPD::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(FTP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Files::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(HTTP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(IRC::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Intel::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(KRB::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Modbus::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(NTLM::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(NTP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(NetControl::DROP_LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(NetControl::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(NetControl::SHUNT, default) -0.000000 | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(OpenFlow::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(PE::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(PacketFilter::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(RADIUS::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(RDP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(RFB::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Reporter::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SIP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SMB::FILES_LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SMB::MAPPING_LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SMTP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SNMP::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SOCKS::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SSH::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(SSL::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Signatures::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Software::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Syslog::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default) -0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default) -0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) -0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) -0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) -0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) -0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) -0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) -0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) -0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) -0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) -0.000000 | HookCallFunction Log::create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) -0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) -0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) -0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) -0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) -0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) -0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) -0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) -0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) -0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) -0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) -0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) -0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) -0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) -0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) -0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction NetControl::check_plugins() -0.000000 | HookCallFunction NetControl::init() -0.000000 | HookCallFunction Notice::want_pp() -0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5) -0.000000 | HookCallFunction Option::set_change_handler(Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction Option::set_change_handler(udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) -0.000000 | HookCallFunction PacketFilter::build() -0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) -0.000000 | HookCallFunction PacketFilter::install() -0.000000 | HookCallFunction PacketFilter::log_policy([ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter) -0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip) -0.000000 | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::STD_DEV, SumStats::VARIANCE) -0.000000 | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::VARIANCE, SumStats::AVERAGE) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals}) -0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}) -0.000000 | HookCallFunction SumStats::register_observe_plugins() -0.000000 | HookCallFunction __init_primary_bifs() -0.000000 | HookCallFunction __init_secondary_bifs() -0.000000 | HookCallFunction current_time() -0.000000 | HookCallFunction filter_change_tracking() -0.000000 | HookCallFunction getenv(CLUSTER_NODE) -0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS) -0.000000 | HookCallFunction global_ids() -0.000000 | HookCallFunction network_time() -0.000000 | HookCallFunction reading_live_traffic() -0.000000 | HookCallFunction reading_traces() -0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) -0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F) -0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) -0.000000 | HookCallFunction x509_set_certificate_cache({}) -0.000000 | HookCallFunction x509_set_certificate_cache_hit_callback(X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}}) -0.000000 | HookCallFunction zeek_args() -0.000000 | HookCallFunction zeek_init() -0.000000 | HookDrainEvents -0.000000 | HookLoadFile ..<...>/main.zeek -0.000000 | HookLoadFile ..<...>/plugin.zeek -0.000000 | HookLoadFile .<...>/Zeek_ARP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_AsciiReader.ascii.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_AsciiWriter.ascii.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_BinaryReader.binary.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_BitTorrent.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_ConfigReader.config.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_ConnSize.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_ConnSize.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DCE_RPC.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DHCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DHCP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DNP3.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_DNS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_File.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FileEntropy.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FileExtract.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FileExtract.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_FileHash.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Finger.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_GSSAPI.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_GTPv1.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Gnutella.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_HTTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_HTTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_ICMP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_IMAP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_IRC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Ident.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_KRB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_KRB.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Login.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Login.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_MIME.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_MQTT.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_MQTT.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Modbus.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_MySQL.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NCP.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NTLM.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NTLM.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NTP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NetBIOS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NetBIOS.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_NoneWriter.none.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_PE.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_POP3.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RADIUS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RDP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RDP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RFB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RPC.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_RawReader.raw.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SIP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_close.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_echo.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb1_events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_close.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_create.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_read.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_com_write.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.smb2_events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMB.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMTP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SMTP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SNMP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SNMP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SOCKS.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SQLiteReader.sqlite.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSH.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSH.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSL.consts.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSL.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSL.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SSL.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_SteppingStone.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Syslog.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_TCP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_TCP.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_TCP.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Teredo.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_UDP.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Unified2.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_Unified2.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_VXLAN.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_X509.events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_X509.functions.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_X509.ocsp_events.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_X509.types.bif.zeek -0.000000 | HookLoadFile .<...>/Zeek_XMPP.events.bif.zeek -0.000000 | HookLoadFile .<...>/acld.zeek -0.000000 | HookLoadFile .<...>/add-geodata.zeek -0.000000 | HookLoadFile .<...>/addrs.zeek -0.000000 | HookLoadFile .<...>/analyzer.bif.zeek -0.000000 | HookLoadFile .<...>/api.zeek -0.000000 | HookLoadFile .<...>/archive.sig -0.000000 | HookLoadFile .<...>/ascii.zeek -0.000000 | HookLoadFile .<...>/audio.sig -0.000000 | HookLoadFile .<...>/average.zeek -0.000000 | HookLoadFile .<...>/benchmark.zeek -0.000000 | HookLoadFile .<...>/binary.zeek -0.000000 | HookLoadFile .<...>/bloom-filter.bif.zeek -0.000000 | HookLoadFile .<...>/broker.zeek -0.000000 | HookLoadFile .<...>/cardinality-counter.bif.zeek -0.000000 | HookLoadFile .<...>/comm.bif.zeek -0.000000 | HookLoadFile .<...>/config.zeek -0.000000 | HookLoadFile .<...>/const-dos-error.zeek -0.000000 | HookLoadFile .<...>/const-nt-status.zeek -0.000000 | HookLoadFile .<...>/const.bif.zeek -0.000000 | HookLoadFile .<...>/consts.zeek -0.000000 | HookLoadFile .<...>/contents.zeek -0.000000 | HookLoadFile .<...>/control.zeek -0.000000 | HookLoadFile .<...>/ct-list.zeek -0.000000 | HookLoadFile .<...>/data.bif.zeek -0.000000 | HookLoadFile .<...>/dcc-send.zeek -0.000000 | HookLoadFile .<...>/debug.zeek -0.000000 | HookLoadFile .<...>/dpd.sig -0.000000 | HookLoadFile .<...>/drop.zeek -0.000000 | HookLoadFile .<...>/email_admin.zeek -0.000000 | HookLoadFile .<...>/entities.zeek -0.000000 | HookLoadFile .<...>/event.bif.zeek -0.000000 | HookLoadFile .<...>/exec.zeek -0.000000 | HookLoadFile .<...>/executable.sig -0.000000 | HookLoadFile .<...>/file_analysis.bif.zeek -0.000000 | HookLoadFile .<...>/files.zeek -0.000000 | HookLoadFile .<...>/font.sig -0.000000 | HookLoadFile .<...>/general.sig -0.000000 | HookLoadFile .<...>/gridftp.zeek -0.000000 | HookLoadFile .<...>/hll_unique.zeek -0.000000 | HookLoadFile .<...>/hooks.bif.zeek -0.000000 | HookLoadFile .<...>/image.sig -0.000000 | HookLoadFile .<...>/inactivity.zeek -0.000000 | HookLoadFile .<...>/info.zeek -0.000000 | HookLoadFile .<...>/input.bif.zeek -0.000000 | HookLoadFile .<...>/input.zeek -0.000000 | HookLoadFile .<...>/java.sig -0.000000 | HookLoadFile .<...>/last.zeek -0.000000 | HookLoadFile .<...>/libmagic.sig -0.000000 | HookLoadFile .<...>/log.zeek -0.000000 | HookLoadFile .<...>/logging.bif.zeek -0.000000 | HookLoadFile .<...>/magic -0.000000 | HookLoadFile .<...>/main.zeek -0.000000 | HookLoadFile .<...>/max.zeek -0.000000 | HookLoadFile .<...>/messaging.bif.zeek -0.000000 | HookLoadFile .<...>/min.zeek -0.000000 | HookLoadFile .<...>/mozilla-ca-list.zeek -0.000000 | HookLoadFile .<...>/netstats.zeek -0.000000 | HookLoadFile .<...>/non-cluster.zeek -0.000000 | HookLoadFile .<...>/none.zeek -0.000000 | HookLoadFile .<...>/office.sig -0.000000 | HookLoadFile .<...>/openflow.zeek -0.000000 | HookLoadFile .<...>/option.bif.zeek -0.000000 | HookLoadFile .<...>/packetfilter.zeek -0.000000 | HookLoadFile .<...>/page.zeek -0.000000 | HookLoadFile .<...>/patterns.zeek -0.000000 | HookLoadFile .<...>/pcap.bif.zeek -0.000000 | HookLoadFile .<...>/plugin.zeek -0.000000 | HookLoadFile .<...>/plugins -0.000000 | HookLoadFile .<...>/polling.zeek -0.000000 | HookLoadFile .<...>/pools.zeek -0.000000 | HookLoadFile .<...>/postprocessors -0.000000 | HookLoadFile .<...>/pp-alarms.zeek -0.000000 | HookLoadFile .<...>/programming.sig -0.000000 | HookLoadFile .<...>/raw.zeek -0.000000 | HookLoadFile .<...>/removal-hooks.zeek -0.000000 | HookLoadFile .<...>/reporter.bif.zeek -0.000000 | HookLoadFile .<...>/ryu.zeek -0.000000 | HookLoadFile .<...>/sample.zeek -0.000000 | HookLoadFile .<...>/scp.zeek -0.000000 | HookLoadFile .<...>/sftp.zeek -0.000000 | HookLoadFile .<...>/shunt.zeek -0.000000 | HookLoadFile .<...>/site.zeek -0.000000 | HookLoadFile .<...>/smb1-main.zeek -0.000000 | HookLoadFile .<...>/smb2-main.zeek -0.000000 | HookLoadFile .<...>/sqlite.zeek -0.000000 | HookLoadFile .<...>/stats.bif.zeek -0.000000 | HookLoadFile .<...>/std-dev.zeek -0.000000 | HookLoadFile .<...>/store.bif.zeek -0.000000 | HookLoadFile .<...>/store.zeek -0.000000 | HookLoadFile .<...>/strings.bif.zeek -0.000000 | HookLoadFile .<...>/sum.zeek -0.000000 | HookLoadFile .<...>/supervisor.bif.zeek -0.000000 | HookLoadFile .<...>/thresholds.zeek -0.000000 | HookLoadFile .<...>/top-k.bif.zeek -0.000000 | HookLoadFile .<...>/topk.zeek -0.000000 | HookLoadFile .<...>/types.bif.zeek -0.000000 | HookLoadFile .<...>/types.zeek -0.000000 | HookLoadFile .<...>/unique.zeek -0.000000 | HookLoadFile .<...>/utils-commands.zeek -0.000000 | HookLoadFile .<...>/utils.zeek -0.000000 | HookLoadFile .<...>/variance.zeek -0.000000 | HookLoadFile .<...>/video.sig -0.000000 | HookLoadFile .<...>/weird.zeek -0.000000 | HookLoadFile .<...>/zeek.bif.zeek -0.000000 | HookLoadFile .<...>/zeekygen.bif.zeek -0.000000 | HookLoadFile <...>/__load__.zeek -0.000000 | HookLoadFile <...>/__preload__.zeek -0.000000 | HookLoadFile <...>/hooks.zeek -0.000000 | HookLoadFile base<...>/Zeek_KRB.types.bif.zeek -0.000000 | HookLoadFile base<...>/Zeek_SNMP.types.bif.zeek -0.000000 | HookLoadFile base<...>/active-http.zeek -0.000000 | HookLoadFile base<...>/addrs.zeek -0.000000 | HookLoadFile base<...>/analyzer -0.000000 | HookLoadFile base<...>/analyzer.bif.zeek -0.000000 | HookLoadFile base<...>/api.zeek -0.000000 | HookLoadFile base<...>/backtrace.zeek -0.000000 | HookLoadFile base<...>/bif -0.000000 | HookLoadFile base<...>/broker -0.000000 | HookLoadFile base<...>/cluster -0.000000 | HookLoadFile base<...>/comm.bif.zeek -0.000000 | HookLoadFile base<...>/config -0.000000 | HookLoadFile base<...>/conn -0.000000 | HookLoadFile base<...>/conn-ids.zeek -0.000000 | HookLoadFile base<...>/const.bif.zeek -0.000000 | HookLoadFile base<...>/control -0.000000 | HookLoadFile base<...>/data.bif.zeek -0.000000 | HookLoadFile base<...>/dce-rpc -0.000000 | HookLoadFile base<...>/dhcp -0.000000 | HookLoadFile base<...>/dir.zeek -0.000000 | HookLoadFile base<...>/directions-and-hosts.zeek -0.000000 | HookLoadFile base<...>/dnp3 -0.000000 | HookLoadFile base<...>/dns -0.000000 | HookLoadFile base<...>/dpd -0.000000 | HookLoadFile base<...>/email.zeek -0.000000 | HookLoadFile base<...>/ethernet -0.000000 | HookLoadFile base<...>/event.bif.zeek -0.000000 | HookLoadFile base<...>/exec.zeek -0.000000 | HookLoadFile base<...>/extract -0.000000 | HookLoadFile base<...>/fddi -0.000000 | HookLoadFile base<...>/file_analysis.bif.zeek -0.000000 | HookLoadFile base<...>/files -0.000000 | HookLoadFile base<...>/files.zeek -0.000000 | HookLoadFile base<...>/find-checksum-offloading.zeek -0.000000 | HookLoadFile base<...>/find-filtered-trace.zeek -0.000000 | HookLoadFile base<...>/ftp -0.000000 | HookLoadFile base<...>/geoip-distance.zeek -0.000000 | HookLoadFile base<...>/gre -0.000000 | HookLoadFile base<...>/hash -0.000000 | HookLoadFile base<...>/hash_hrw.zeek -0.000000 | HookLoadFile base<...>/http -0.000000 | HookLoadFile base<...>/ieee802_11 -0.000000 | HookLoadFile base<...>/ieee802_11_radio -0.000000 | HookLoadFile base<...>/imap -0.000000 | HookLoadFile base<...>/init-default.zeek -0.000000 | HookLoadFile base<...>/init-frameworks-and-bifs.zeek -0.000000 | HookLoadFile base<...>/input -0.000000 | HookLoadFile base<...>/input.bif.zeek -0.000000 | HookLoadFile base<...>/intel -0.000000 | HookLoadFile base<...>/ip -0.000000 | HookLoadFile base<...>/iptunnel -0.000000 | HookLoadFile base<...>/irc -0.000000 | HookLoadFile base<...>/krb -0.000000 | HookLoadFile base<...>/linux_sll -0.000000 | HookLoadFile base<...>/logging -0.000000 | HookLoadFile base<...>/logging.bif.zeek -0.000000 | HookLoadFile base<...>/main.zeek -0.000000 | HookLoadFile base<...>/messaging.bif.zeek -0.000000 | HookLoadFile base<...>/modbus -0.000000 | HookLoadFile base<...>/mpls -0.000000 | HookLoadFile base<...>/mqtt -0.000000 | HookLoadFile base<...>/mysql -0.000000 | HookLoadFile base<...>/netcontrol -0.000000 | HookLoadFile base<...>/nflog -0.000000 | HookLoadFile base<...>/notice -0.000000 | HookLoadFile base<...>/ntlm -0.000000 | HookLoadFile base<...>/ntp -0.000000 | HookLoadFile base<...>/null -0.000000 | HookLoadFile base<...>/numbers.zeek -0.000000 | HookLoadFile base<...>/openflow -0.000000 | HookLoadFile base<...>/option.bif.zeek -0.000000 | HookLoadFile base<...>/packet-filter -0.000000 | HookLoadFile base<...>/packet-protocols -0.000000 | HookLoadFile base<...>/paths.zeek -0.000000 | HookLoadFile base<...>/patterns.zeek -0.000000 | HookLoadFile base<...>/pe -0.000000 | HookLoadFile base<...>/plugins -0.000000 | HookLoadFile base<...>/pop3 -0.000000 | HookLoadFile base<...>/ppp_serial -0.000000 | HookLoadFile base<...>/pppoe -0.000000 | HookLoadFile base<...>/queue.zeek -0.000000 | HookLoadFile base<...>/radius -0.000000 | HookLoadFile base<...>/rdp -0.000000 | HookLoadFile base<...>/removal-hooks.zeek -0.000000 | HookLoadFile base<...>/reporter -0.000000 | HookLoadFile base<...>/reporter.bif.zeek -0.000000 | HookLoadFile base<...>/rfb -0.000000 | HookLoadFile base<...>/root -0.000000 | HookLoadFile base<...>/signatures -0.000000 | HookLoadFile base<...>/sip -0.000000 | HookLoadFile base<...>/site.zeek -0.000000 | HookLoadFile base<...>/skip -0.000000 | HookLoadFile base<...>/smb -0.000000 | HookLoadFile base<...>/smtp -0.000000 | HookLoadFile base<...>/snmp -0.000000 | HookLoadFile base<...>/socks -0.000000 | HookLoadFile base<...>/software -0.000000 | HookLoadFile base<...>/ssh -0.000000 | HookLoadFile base<...>/ssl -0.000000 | HookLoadFile base<...>/stats.bif.zeek -0.000000 | HookLoadFile base<...>/store.bif.zeek -0.000000 | HookLoadFile base<...>/strings.bif.zeek -0.000000 | HookLoadFile base<...>/strings.zeek -0.000000 | HookLoadFile base<...>/sumstats -0.000000 | HookLoadFile base<...>/supervisor -0.000000 | HookLoadFile base<...>/supervisor.bif.zeek -0.000000 | HookLoadFile base<...>/syslog -0.000000 | HookLoadFile base<...>/thresholds.zeek -0.000000 | HookLoadFile base<...>/time.zeek -0.000000 | HookLoadFile base<...>/tunnels -0.000000 | HookLoadFile base<...>/types.bif.zeek -0.000000 | HookLoadFile base<...>/urls.zeek -0.000000 | HookLoadFile base<...>/utils.zeek -0.000000 | HookLoadFile base<...>/version.zeek -0.000000 | HookLoadFile base<...>/vlan -0.000000 | HookLoadFile base<...>/weird.zeek -0.000000 | HookLoadFile base<...>/x509 -0.000000 | HookLoadFile base<...>/xmpp -0.000000 | HookLoadFile base<...>/zeek.bif.zeek -0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=1603387793.517728, node=zeek, filter=ip or not ip, init=T, success=T] -0.000000 | HookQueueEvent NetControl::init() -0.000000 | HookQueueEvent filter_change_tracking() -0.000000 | HookQueueEvent zeek_init() -1362692526.869344 MetaHookPost BroObjDtor() -> -1362692526.869344 MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> -1362692526.869344 MetaHookPost CallFunction(Broker::flush_logs, , ()) -> -1362692526.869344 MetaHookPost CallFunction(Broker::log_flush, , ()) -> -1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> -1362692526.869344 MetaHookPost CallFunction(filter_change_tracking, , ()) -> -1362692526.869344 MetaHookPost CallFunction(get_net_stats, , ()) -> -1362692526.869344 MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692526.869344 MetaHookPost DrainEvents() -> -1362692526.869344 MetaHookPost QueueEvent(Broker::log_flush()) -> false -1362692526.869344 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false -1362692526.869344 MetaHookPost QueueEvent(filter_change_tracking()) -> false -1362692526.869344 MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false -1362692526.869344 MetaHookPost SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> -1362692526.869344 MetaHookPost UpdateNetworkTime(1362692526.869344) -> -1362692526.869344 MetaHookPre BroObjDtor() -1362692526.869344 MetaHookPre CallFunction(Broker::__flush_logs, , ()) -1362692526.869344 MetaHookPre CallFunction(Broker::flush_logs, , ()) -1362692526.869344 MetaHookPre CallFunction(Broker::log_flush, , ()) -1362692526.869344 MetaHookPre CallFunction(ChecksumOffloading::check, , ()) -1362692526.869344 MetaHookPre CallFunction(filter_change_tracking, , ()) -1362692526.869344 MetaHookPre CallFunction(get_net_stats, , ()) -1362692526.869344 MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.869344 MetaHookPre DrainEvents() -1362692526.869344 MetaHookPre QueueEvent(Broker::log_flush()) -1362692526.869344 MetaHookPre QueueEvent(ChecksumOffloading::check()) -1362692526.869344 MetaHookPre QueueEvent(filter_change_tracking()) -1362692526.869344 MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.869344 MetaHookPre SetupAnalyzerTree(1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -1362692526.869344 MetaHookPre UpdateNetworkTime(1362692526.869344) -1362692526.869344 | HookBroObjDtor -1362692526.869344 | HookUpdateNetworkTime 1362692526.869344 -1362692526.869344 | HookCallFunction Broker::__flush_logs() -1362692526.869344 | HookCallFunction Broker::flush_logs() -1362692526.869344 | HookCallFunction Broker::log_flush() -1362692526.869344 | HookCallFunction ChecksumOffloading::check() -1362692526.869344 | HookCallFunction filter_change_tracking() -1362692526.869344 | HookCallFunction get_net_stats() -1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.869344 | HookDrainEvents -1362692526.869344 | HookQueueEvent Broker::log_flush() -1362692526.869344 | HookQueueEvent ChecksumOffloading::check() -1362692526.869344 | HookQueueEvent filter_change_tracking() -1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.869344 | HookSetupAnalyzerTree 1362692526.869344(1362692526.869344) TCP 141.142.228.5:59856 -> 192.150.187.43:80 -1362692526.869344 | RequestObjDtor Broker::log_flush() -1362692526.939084 MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692526.939084 MetaHookPost DrainEvents() -> -1362692526.939084 MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false -1362692526.939084 MetaHookPost UpdateNetworkTime(1362692526.939084) -> -1362692526.939084 MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.939084 MetaHookPre DrainEvents() -1362692526.939084 MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.939084 MetaHookPre UpdateNetworkTime(1362692526.939084) -1362692526.939084 | HookUpdateNetworkTime 1362692526.939084 -1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.939084 | HookDrainEvents -1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.939378 MetaHookPost DrainEvents() -> -1362692526.939378 MetaHookPost UpdateNetworkTime(1362692526.939378) -> -1362692526.939378 MetaHookPre DrainEvents() -1362692526.939378 MetaHookPre UpdateNetworkTime(1362692526.939378) -1362692526.939378 | HookUpdateNetworkTime 1362692526.939378 -1362692526.939378 | HookDrainEvents -1362692526.939527 MetaHookPost CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -> -1362692526.939527 MetaHookPost CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -> -1362692526.939527 MetaHookPost CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692526.939527 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692526.939527 MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> -1362692526.939527 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> -1362692526.939527 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> -1362692526.939527 MetaHookPost CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> -1362692526.939527 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> -1362692526.939527 MetaHookPost CallFunction(network_time, , ()) -> -1362692526.939527 MetaHookPost CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> -1362692526.939527 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692526.939527 MetaHookPost CallFunction(split_string1, , (bro.org, <...>/)) -> -1362692526.939527 MetaHookPost DrainEvents() -> -1362692526.939527 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false -1362692526.939527 MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false -1362692526.939527 MetaHookPost QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> false -1362692526.939527 MetaHookPost UpdateNetworkTime(1362692526.939527) -> -1362692526.939527 MetaHookPre CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -1362692526.939527 MetaHookPre CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -1362692526.939527 MetaHookPre CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) -1362692526.939527 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692526.939527 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692526.939527 MetaHookPre CallFunction(fmt, , (-%s, HTTP)) -1362692526.939527 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -1362692526.939527 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -1362692526.939527 MetaHookPre CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -1362692526.939527 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -1362692526.939527 MetaHookPre CallFunction(network_time, , ()) -1362692526.939527 MetaHookPre CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -1362692526.939527 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -1362692526.939527 MetaHookPre CallFunction(split_string1, , (bro.org, <...>/)) -1362692526.939527 MetaHookPre DrainEvents() -1362692526.939527 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -1362692526.939527 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -1362692526.939527 MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -1362692526.939527 MetaHookPre QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -1362692526.939527 MetaHookPre UpdateNetworkTime(1362692526.939527) -1362692526.939527 | HookUpdateNetworkTime 1362692526.939527 -1362692526.939527 | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) -1362692526.939527 | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) -1362692526.939527 | HookCallFunction Conn::register_removal_hook([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}) -1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692526.939527 | HookCallFunction fmt(-%s, HTTP) -1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) -1362692526.939527 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) -1362692526.939527 | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) -1362692526.939527 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) -1362692526.939527 | HookCallFunction network_time() -1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) -1362692526.939527 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) -1362692526.939527 | HookCallFunction split_string1(bro.org, <...>/) -1362692526.939527 | HookDrainEvents -1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) -1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) -1362692526.939527 | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) -1362692526.939527 | HookQueueEvent protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) -1362692527.008509 MetaHookPost DrainEvents() -> -1362692527.008509 MetaHookPost UpdateNetworkTime(1362692527.008509) -> -1362692527.008509 MetaHookPre DrainEvents() -1362692527.008509 MetaHookPre UpdateNetworkTime(1362692527.008509) -1362692527.008509 | HookUpdateNetworkTime 1362692527.008509 -1362692527.008509 | HookDrainEvents -1362692527.009512 MetaHookPost CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) -> -1362692527.009512 MetaHookPost CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) -> -1362692527.009512 MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009512 MetaHookPost CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> -1362692527.009512 MetaHookPost CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.009512 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> -1362692527.009512 MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> -1362692527.009512 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> -1362692527.009512 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009512 MetaHookPost DrainEvents() -> -1362692527.009512 MetaHookPost QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> false -1362692527.009512 MetaHookPost QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> false -1362692527.009512 MetaHookPost UpdateNetworkTime(1362692527.009512) -> -1362692527.009512 MetaHookPre CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) -1362692527.009512 MetaHookPre CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) -1362692527.009512 MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) -1362692527.009512 MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) -1362692527.009512 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009512 MetaHookPre CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -1362692527.009512 MetaHookPre CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.009512 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -1362692527.009512 MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -1362692527.009512 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -1362692527.009512 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009512 MetaHookPre DrainEvents() -1362692527.009512 MetaHookPre QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -1362692527.009512 MetaHookPre QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -1362692527.009512 MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -1362692527.009512 MetaHookPre UpdateNetworkTime(1362692527.009512) -1362692527.009512 | HookUpdateNetworkTime 1362692527.009512 -1362692527.009512 | HookCallFunction Files::__enable_reassembly(FMnxxt3xjVcWNS2141) -1362692527.009512 | HookCallFunction Files::__set_reassembly_buffer(FMnxxt3xjVcWNS2141, 524288) -1362692527.009512 | HookCallFunction Files::enable_reassembly([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) -1362692527.009512 | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) -1362692527.009512 | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) -1362692527.009512 | HookCallFunction Files::set_reassembly_buffer_size([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288) -1362692527.009512 | HookCallFunction HTTP::code_in_range(200, 100, 199) -1362692527.009512 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009512 | HookCallFunction file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) -1362692527.009512 | HookCallFunction file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.009512 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) -1362692527.009512 | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) -1362692527.009512 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) -1362692527.009512 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009512 | HookDrainEvents -1362692527.009512 | HookQueueEvent file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) -1362692527.009512 | HookQueueEvent file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) -1362692527.009512 | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) -1362692527.009721 MetaHookPost DrainEvents() -> -1362692527.009721 MetaHookPost UpdateNetworkTime(1362692527.009721) -> -1362692527.009721 MetaHookPre DrainEvents() -1362692527.009721 MetaHookPre UpdateNetworkTime(1362692527.009721) -1362692527.009721 | HookUpdateNetworkTime 1362692527.009721 -1362692527.009721 | HookDrainEvents -1362692527.009765 MetaHookPost DrainEvents() -> -1362692527.009765 MetaHookPost UpdateNetworkTime(1362692527.009765) -> -1362692527.009765 MetaHookPre DrainEvents() -1362692527.009765 MetaHookPre UpdateNetworkTime(1362692527.009765) -1362692527.009765 | HookUpdateNetworkTime 1362692527.009765 -1362692527.009765 | HookDrainEvents -1362692527.009775 MetaHookPost CallFunction(Files::log_policy, , ([ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -1362692527.009775 MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> -1362692527.009775 MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::log_policy, , ([ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> -1362692527.009775 MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> -1362692527.009775 MetaHookPost CallFunction(Log::write, , (Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> -1362692527.009775 MetaHookPost CallFunction(Log::write, , (HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> -1362692527.009775 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009775 MetaHookPost CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> -1362692527.009775 MetaHookPost CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> -1362692527.009775 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.009775 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> -1362692527.009775 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> -1362692527.009775 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009775 MetaHookPost DrainEvents() -> -1362692527.009775 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, files(1362692527.009775,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) -> -1362692527.009775 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, http(1362692527.009775,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) -> -1362692527.009775 MetaHookPost LogWrite(Log::WRITER_ASCII, default, files(1362692527.009775,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) -> true -1362692527.009775 MetaHookPost LogWrite(Log::WRITER_ASCII, default, http(1362692527.009775,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) -> true -1362692527.009775 MetaHookPost QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> false -1362692527.009775 MetaHookPost QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> false -1362692527.009775 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009775 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009775 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false -1362692527.009775 MetaHookPost UpdateNetworkTime(1362692527.009775) -> -1362692527.009775 MetaHookPre CallFunction(Files::log_policy, , ([ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -1362692527.009775 MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -1362692527.009775 MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -1362692527.009775 MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) -1362692527.009775 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(HTTP::log_policy, , ([ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -1362692527.009775 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -1362692527.009775 MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -1362692527.009775 MetaHookPre CallFunction(Log::write, , (Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -1362692527.009775 MetaHookPre CallFunction(Log::write, , (HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -1362692527.009775 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009775 MetaHookPre CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -1362692527.009775 MetaHookPre CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -1362692527.009775 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.009775 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -1362692527.009775 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -1362692527.009775 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009775 MetaHookPre DrainEvents() -1362692527.009775 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, files(1362692527.009775,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) -1362692527.009775 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, http(1362692527.009775,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) -1362692527.009775 MetaHookPre LogWrite(Log::WRITER_ASCII, default, files(1362692527.009775,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) -1362692527.009775 MetaHookPre LogWrite(Log::WRITER_ASCII, default, http(1362692527.009775,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) -1362692527.009775 MetaHookPre QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -1362692527.009775 MetaHookPre QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -1362692527.009775 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -1362692527.009775 MetaHookPre UpdateNetworkTime(1362692527.009775) -1362692527.009775 | HookUpdateNetworkTime 1362692527.009775 -1362692527.009775 | HookCallFunction Files::log_policy([ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -1362692527.009775 | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) -1362692527.009775 | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) -1362692527.009775 | HookCallFunction HTTP::code_in_range(200, 100, 199) -1362692527.009775 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction HTTP::log_policy([ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction Log::__write(Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) -1362692527.009775 | HookCallFunction Log::__write(HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) -1362692527.009775 | HookCallFunction Log::write(Files::LOG, [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) -1362692527.009775 | HookCallFunction Log::write(HTTP::LOG, [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) -1362692527.009775 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009775 | HookCallFunction file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) -1362692527.009775 | HookCallFunction file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) -1362692527.009775 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) -1362692527.009775 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) -1362692527.009775 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009775 | HookDrainEvents -1362692527.009775 | HookLogInit files 1/1 {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)} -1362692527.009775 | HookLogInit http 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])} -1362692527.009775 | HookLogWrite files [ts=1362692527.009512, fuid=FMnxxt3xjVcWNS2141, tx_hosts=192.150.187.43, rx_hosts=141.142.228.5, conn_uids=CHhAvVGS1DHFjwGM9, source=HTTP, depth=0, analyzers=, mime_type=text/plain, filename=, duration=0.000263, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, extracted=, extracted_cutoff=, extracted_size=] -1362692527.009775 | HookLogWrite http [ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, trans_depth=1, method=GET, host=bro.org, uri=<...>/plain] -1362692527.009775 | HookQueueEvent file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) -1362692527.009775 | HookQueueEvent file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) -1362692527.009775 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) -1362692527.009855 MetaHookPost DrainEvents() -> -1362692527.009855 MetaHookPost UpdateNetworkTime(1362692527.009855) -> -1362692527.009855 MetaHookPre DrainEvents() -1362692527.009855 MetaHookPre UpdateNetworkTime(1362692527.009855) -1362692527.009855 | HookUpdateNetworkTime 1362692527.009855 -1362692527.009855 | HookDrainEvents -1362692527.009887 MetaHookPost DrainEvents() -> -1362692527.009887 MetaHookPost UpdateNetworkTime(1362692527.009887) -> -1362692527.009887 MetaHookPre DrainEvents() -1362692527.009887 MetaHookPre UpdateNetworkTime(1362692527.009887) -1362692527.009887 | HookUpdateNetworkTime 1362692527.009887 -1362692527.009887 | HookDrainEvents -1362692527.011846 MetaHookPost DrainEvents() -> -1362692527.011846 MetaHookPost UpdateNetworkTime(1362692527.011846) -> -1362692527.011846 MetaHookPre DrainEvents() -1362692527.011846 MetaHookPre UpdateNetworkTime(1362692527.011846) -1362692527.011846 | HookUpdateNetworkTime 1362692527.011846 -1362692527.011846 | HookDrainEvents -1362692527.080828 MetaHookPost DrainEvents() -> -1362692527.080828 MetaHookPost UpdateNetworkTime(1362692527.080828) -> -1362692527.080828 MetaHookPre DrainEvents() -1362692527.080828 MetaHookPre UpdateNetworkTime(1362692527.080828) -1362692527.080828 | HookUpdateNetworkTime 1362692527.080828 -1362692527.080828 | HookDrainEvents -1362692527.080972 MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> -1362692527.080972 MetaHookPost CallFunction(Broker::flush_logs, , ()) -> -1362692527.080972 MetaHookPost CallFunction(Broker::log_flush, , ()) -> -1362692527.080972 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> -1362692527.080972 MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -> -1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692527.080972 MetaHookPost CallFunction(Conn::log_policy, , ([ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> -1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692527.080972 MetaHookPost CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692527.080972 MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> -1362692527.080972 MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> -1362692527.080972 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.080972 MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, , ()) -> -1362692527.080972 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.080972 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692527.080972 MetaHookPost CallFunction(get_net_stats, , ()) -> -1362692527.080972 MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> -1362692527.080972 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> -1362692527.080972 MetaHookPost CallFunction(is_tcp_port, , (59856/tcp)) -> -1362692527.080972 MetaHookPost CallFunction(net_done, , (1362692527.080972)) -> -1362692527.080972 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.080972 MetaHookPost CallFunction(sub_bytes, , (HTTP, 0, 1)) -> -1362692527.080972 MetaHookPost CallFunction(to_lower, , (HTTP)) -> -1362692527.080972 MetaHookPost CallFunction(zeek_done, , ()) -> -1362692527.080972 MetaHookPost DrainEvents() -> -1362692527.080972 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -> -1362692527.080972 MetaHookPost LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) -> true -1362692527.080972 MetaHookPost QueueEvent(Broker::log_flush()) -> false -1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false -1362692527.080972 MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false -1362692527.080972 MetaHookPost QueueEvent(filter_change_tracking()) -> false -1362692527.080972 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692527.080972 MetaHookPost QueueEvent(zeek_done()) -> false -1362692527.080972 MetaHookPost UpdateNetworkTime(1362692527.080972) -> -1362692527.080972 MetaHookPre CallFunction(Broker::__flush_logs, , ()) -1362692527.080972 MetaHookPre CallFunction(Broker::flush_logs, , ()) -1362692527.080972 MetaHookPre CallFunction(Broker::log_flush, , ()) -1362692527.080972 MetaHookPre CallFunction(ChecksumOffloading::check, , ()) -1362692527.080972 MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692527.080972 MetaHookPre CallFunction(Conn::log_policy, , ([ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692527.080972 MetaHookPre CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692527.080972 MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -1362692527.080972 MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -1362692527.080972 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.080972 MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, , ()) -1362692527.080972 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.080972 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692527.080972 MetaHookPre CallFunction(get_net_stats, , ()) -1362692527.080972 MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) -1362692527.080972 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -1362692527.080972 MetaHookPre CallFunction(is_tcp_port, , (59856/tcp)) -1362692527.080972 MetaHookPre CallFunction(net_done, , (1362692527.080972)) -1362692527.080972 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.080972 MetaHookPre CallFunction(sub_bytes, , (HTTP, 0, 1)) -1362692527.080972 MetaHookPre CallFunction(to_lower, , (HTTP)) -1362692527.080972 MetaHookPre CallFunction(zeek_done, , ()) -1362692527.080972 MetaHookPre DrainEvents() -1362692527.080972 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -1362692527.080972 MetaHookPre LogWrite(Log::WRITER_ASCII, default, conn(1362692527.080972,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) -1362692527.080972 MetaHookPre QueueEvent(Broker::log_flush()) -1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) -1362692527.080972 MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692527.080972 MetaHookPre QueueEvent(filter_change_tracking()) -1362692527.080972 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692527.080972 MetaHookPre QueueEvent(zeek_done()) -1362692527.080972 MetaHookPre UpdateNetworkTime(1362692527.080972) -1362692527.080972 | HookUpdateNetworkTime 1362692527.080972 -1362692527.080972 | HookCallFunction Broker::__flush_logs() -1362692527.080972 | HookCallFunction Broker::flush_logs() -1362692527.080972 | HookCallFunction Broker::log_flush() -1362692527.080972 | HookCallFunction ChecksumOffloading::check() -1362692527.080972 | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp) -1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692527.080972 | HookCallFunction Conn::log_policy([ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) -1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692527.080972 | HookCallFunction HTTP::finalize_http([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) -1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) -1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692527.080972 | HookCallFunction filter_change_tracking() -1362692527.080972 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692527.080972 | HookCallFunction get_net_stats() -1362692527.080972 | HookCallFunction get_port_transport_proto(80/tcp) -1362692527.080972 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) -1362692527.080972 | HookCallFunction is_tcp_port(59856/tcp) -1362692527.080972 | HookCallFunction net_done(1362692527.080972) -1362692527.080972 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) -1362692527.080972 | HookCallFunction sub_bytes(HTTP, 0, 1) -1362692527.080972 | HookCallFunction to_lower(HTTP) -1362692527.080972 | HookCallFunction zeek_done() -1362692527.080972 | HookDrainEvents -1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} -1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=] -1362692527.080972 | HookQueueEvent Broker::log_flush() -1362692527.080972 | HookQueueEvent ChecksumOffloading::check() -1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692527.080972 | HookQueueEvent filter_change_tracking() -1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692527.080972 | HookQueueEvent zeek_done() +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__subscribe, , (zeek/supervisor)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::subscribe, , (zeek/supervisor)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::local_node_type, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(FilteredTraceDetection::should_detect, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DHCP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DNP3::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DNS::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DPD::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (FTP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Files::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (HTTP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (IRC::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Intel::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (KRB::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Modbus::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NTLM::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NTP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (PE::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RADIUS::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RDP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RFB::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Reporter::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SIP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMTP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SNMP::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SOCKS::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SSH::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SSL::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Signatures::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Software::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Syslog::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Tunnel::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Weird::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (X509::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (mysql::LOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Config::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Files::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (PE::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Software::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (X509::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(NetControl::init, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Notice::want_pp, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::build, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::install, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugins, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(__init_primary_bifs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(__init_secondary_bifs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(current_time, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(getenv, , (CLUSTER_NODE)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(global_ids, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(network_time, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(reading_live_traffic, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(reading_traces, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(x509_set_certificate_cache, , ({})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_args, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_init, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, ..<...>/main.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, ..<...>/plugin.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_File.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/acld.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/analyzer.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/api.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ascii.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/average.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/benchmark.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/binary.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/config.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const-dos-error.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const-nt-status.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/consts.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/contents.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/control.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ct-list.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/data.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/dcc-send.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/debug.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/drop.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/email_admin.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/entities.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/event.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/exec.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/file_analysis.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/files.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/gridftp.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/hll_unique.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/hooks.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/inactivity.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/info.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/input.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/input.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/last.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/log.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/logging.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/magic) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/main.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/max.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/messaging.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/min.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/mozilla-ca-list.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/netstats.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/non-cluster.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/none.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/openflow.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/option.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/packet_analysis.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/packetfilter.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/page.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/patterns.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pcap.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/plugin.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/plugins) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/polling.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pools.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/postprocessors) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pp-alarms.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/raw.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/removal-hooks.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/reporter.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ryu.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sample.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/scp.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sftp.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/shunt.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/site.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/smb1-main.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/smb2-main.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sqlite.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/stats.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/std-dev.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/store.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/store.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/strings.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sum.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/supervisor.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/thresholds.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/top-k.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/topk.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/types.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/unique.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/utils-commands.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/zeek.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/analyzer.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/api.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/backtrace.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/bif) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/broker) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/cluster) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/comm.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/config) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/conn) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/conn-ids.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/const.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/control) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/data.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dce-rpc) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dhcp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dir.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/directions-and-hosts.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dnp3) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dns) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dpd) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/email.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ethernet) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/event.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/exec.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/extract) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/fddi) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/file_analysis.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/files) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/files.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/find-checksum-offloading.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/find-filtered-trace.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ftp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/geoip-distance.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/gre) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/hash) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/hash_hrw.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/http) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ieee802_11) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ieee802_11_radio) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/imap) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/init-default.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/input) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/intel) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ip) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/iptunnel) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/irc) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/krb) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/logging) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/logging.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/modbus) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mpls) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mqtt) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mysql) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/nflog) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/notice) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ntlm) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ntp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/null) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/numbers.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/openflow) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/option.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet-filter) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet-protocols) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet_analysis.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/paths.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/patterns.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pe) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/plugins) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pop3) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ppp_serial) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pppoe) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/queue.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/radius) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/rdp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/removal-hooks.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/reporter) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/reporter.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/rfb) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/root) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/signatures) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/sip) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/site.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/skip) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/smb) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/smtp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/snmp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/socks) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/software) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ssh) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ssl) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/stats.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/store.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/strings.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/strings.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/sumstats) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/supervisor) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/supervisor.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/syslog) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/thresholds.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/time.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/tunnels) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/types.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/urls.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/utils.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/version.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/vlan) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/weird.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/x509) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/xmpp) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/zeek.bif.zeek) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/archive.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/audio.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/dpd.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/executable.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/font.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/general.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/image.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/java.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/libmagic.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/office.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/programming.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/video.sig) -> -1 +XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> +XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(NetControl::init()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(zeek_init()) -> false +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__subscribe, , (zeek/supervisor)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::subscribe, , (zeek/supervisor)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::is_enabled, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::is_enabled, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::local_node_type, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(FilteredTraceDetection::should_detect, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DHCP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DNP3::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DNS::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DPD::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (FTP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Files::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (HTTP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (IRC::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Intel::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (KRB::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Modbus::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NTLM::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NTP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (PE::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RADIUS::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RDP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RFB::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Reporter::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SIP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMTP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SNMP::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SOCKS::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SSH::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SSL::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Signatures::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Software::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Syslog::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Tunnel::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Weird::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (X509::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (mysql::LOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Config::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Files::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (PE::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Software::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (X509::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(NetControl::check_plugins, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(NetControl::init, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Notice::want_pp, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::build, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::install, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugins, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(__init_primary_bifs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(__init_secondary_bifs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(current_time, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(getenv, , (CLUSTER_NODE)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(global_ids, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(network_time, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(reading_live_traffic, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(reading_traces, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(x509_set_certificate_cache, , ({})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_args, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_init, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, ..<...>/main.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, ..<...>/plugin.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_File.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/acld.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/addrs.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/analyzer.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/api.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ascii.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/average.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/benchmark.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/binary.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/broker.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/config.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const-dos-error.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const-nt-status.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/consts.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/contents.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/control.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ct-list.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/data.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/dcc-send.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/debug.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/drop.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/email_admin.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/entities.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/event.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/exec.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/file_analysis.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/files.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/gridftp.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/hll_unique.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/hooks.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/inactivity.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/info.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/input.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/input.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/last.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/log.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/logging.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/magic) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/main.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/max.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/messaging.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/min.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/mozilla-ca-list.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/netstats.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/non-cluster.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/none.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/openflow.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/option.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/packet_analysis.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/packetfilter.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/page.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/patterns.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pcap.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/plugin.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/plugins) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/polling.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pools.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/postprocessors) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pp-alarms.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/raw.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/removal-hooks.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/reporter.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ryu.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sample.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/scp.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sftp.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/shunt.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/site.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/smb1-main.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/smb2-main.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sqlite.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/stats.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/std-dev.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/store.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/store.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/strings.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sum.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/supervisor.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/thresholds.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/top-k.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/topk.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/types.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/unique.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/utils-commands.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/utils.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/variance.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/weird.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/zeek.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/__load__.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/__preload__.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/hooks.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/active-http.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/addrs.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/analyzer) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/analyzer.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/api.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/backtrace.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/bif) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/broker) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/cluster) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/comm.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/config) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/conn) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/conn-ids.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/const.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/control) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/data.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dce-rpc) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dhcp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dir.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/directions-and-hosts.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dnp3) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dns) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dpd) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/email.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ethernet) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/event.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/exec.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/extract) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/fddi) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/file_analysis.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/files) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/files.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/find-checksum-offloading.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/find-filtered-trace.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ftp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/geoip-distance.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/gre) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/hash) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/hash_hrw.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/http) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ieee802_11) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ieee802_11_radio) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/imap) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/init-default.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/input) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/input.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/intel) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ip) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/iptunnel) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/irc) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/krb) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/linux_sll) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/logging) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/logging.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/main.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/messaging.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/modbus) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mpls) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mqtt) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mysql) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/netcontrol) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/nflog) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/notice) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ntlm) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ntp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/null) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/numbers.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/openflow) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/option.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet-filter) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet-protocols) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet_analysis.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/paths.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/patterns.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pe) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/plugins) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pop3) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ppp_serial) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pppoe) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/queue.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/radius) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/rdp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/removal-hooks.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/reporter) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/reporter.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/rfb) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/root) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/signatures) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/sip) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/site.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/skip) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/smb) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/smtp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/snmp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/socks) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/software) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ssh) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ssl) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/stats.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/store.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/strings.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/strings.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/sumstats) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/supervisor) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/supervisor.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/syslog) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/thresholds.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/time.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/tunnels) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/types.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/urls.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/utils.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/version.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/vlan) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/weird.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/x509) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/xmpp) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/zeek.bif.zeek) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/archive.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/audio.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/dpd.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/executable.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/font.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/general.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/image.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/java.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/libmagic.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/office.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/programming.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/video.sig) +XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) +XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(NetControl::init()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(zeek_init()) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 137/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB, 88/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_NTP, 123/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 137/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB, 88/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_NTP, 123/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, {1434<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_NTP, {123/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, {1812/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, {3389/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp}) +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__subscribe(zeek/supervisor) +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::subscribe(zeek/supervisor) +XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::is_enabled() +XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::local_node_type() +XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F]) +XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F]) +XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)}) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/pkix-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-ca-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-user-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_PE, application/x-dosexec) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/pkix-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-ca-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-user-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/pkix-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-ca-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-user-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/pkix-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-ca-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-user-cert) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_types(Files::ANALYZER_PE, {application/x-dosexec}) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) +XXXXXXXXXX.XXXXXX | HookCallFunction FilteredTraceDetection::should_detect() +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Broker::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Cluster::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Config::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Conn::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DCE_RPC::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DHCP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DNP3::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DNS::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DPD::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(FTP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Files::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(HTTP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(IRC::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Intel::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(KRB::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Modbus::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NTLM::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NTP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::DROP_LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::SHUNT) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Notice::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(OpenFlow::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(PE::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(PacketFilter::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RADIUS::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RDP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RFB::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Reporter::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SIP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMB::FILES_LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMB::MAPPING_LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMTP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SNMP::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SOCKS::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SSH::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SSL::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Signatures::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Software::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Syslog::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Tunnel::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Weird::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(X509::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(mysql::LOG) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Broker::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Cluster::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Config::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Conn::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DCE_RPC::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DHCP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DNP3::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DNS::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DPD::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(FTP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Files::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(HTTP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(IRC::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Intel::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(KRB::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Modbus::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NTLM::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NTP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::DROP_LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::SHUNT, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Notice::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(OpenFlow::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(PE::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(PacketFilter::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RADIUS::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RDP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RFB::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Reporter::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SIP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMB::FILES_LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMB::MAPPING_LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMTP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SNMP::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SOCKS::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SSH::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SSL::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Signatures::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Software::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Syslog::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Weird::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(X509::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(mysql::LOG, default) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) +XXXXXXXXXX.XXXXXX | HookCallFunction NetControl::check_plugins() +XXXXXXXXXX.XXXXXX | HookCallFunction NetControl::init() +XXXXXXXXXX.XXXXXX | HookCallFunction Notice::want_pp() +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::build() +XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) +XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::install() +XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter) +XXXXXXXXXX.XXXXXX | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::STD_DEV, SumStats::VARIANCE) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::VARIANCE, SumStats::AVERAGE) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::HLL_UNIQUE, lambda_<943258244234523627>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::LAST, lambda_<14831357773699754131>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::MAX, lambda_<9734000075919044397>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::MIN, lambda_<2451066605226214733>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::SAMPLE, lambda_<11888441397542569241>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::TOPK, lambda_<2861372781530360365>{ topk_add(SumStats::rv$topk, SumStats::obs)}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, lambda_<10387912117292132662>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}) +XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugins() +XXXXXXXXXX.XXXXXX | HookCallFunction __init_primary_bifs() +XXXXXXXXXX.XXXXXX | HookCallFunction __init_secondary_bifs() +XXXXXXXXXX.XXXXXX | HookCallFunction current_time() +XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookCallFunction getenv(CLUSTER_NODE) +XXXXXXXXXX.XXXXXX | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS) +XXXXXXXXXX.XXXXXX | HookCallFunction global_ids() +XXXXXXXXXX.XXXXXX | HookCallFunction network_time() +XXXXXXXXXX.XXXXXX | HookCallFunction reading_live_traffic() +XXXXXXXXXX.XXXXXX | HookCallFunction reading_traces() +XXXXXXXXXX.XXXXXX | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) +XXXXXXXXXX.XXXXXX | HookCallFunction string_to_pattern((^\.?|\.)()$, F) +XXXXXXXXXX.XXXXXX | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) +XXXXXXXXXX.XXXXXX | HookCallFunction x509_set_certificate_cache({}) +XXXXXXXXXX.XXXXXX | HookCallFunction x509_set_certificate_cache_hit_callback(X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}}) +XXXXXXXXXX.XXXXXX | HookCallFunction zeek_args() +XXXXXXXXXX.XXXXXX | HookCallFunction zeek_init() +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookLoadFile ..<...>/main.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile ..<...>/plugin.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ARP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_AsciiReader.ascii.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_AsciiWriter.ascii.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BinaryReader.binary.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BitTorrent.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConfigReader.config.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConnSize.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConnSize.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.consts.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DHCP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DHCP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DNP3.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DNS.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FTP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FTP.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_File.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileEntropy.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileExtract.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileExtract.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileHash.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Finger.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_GSSAPI.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_GTPv1.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Gnutella.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_HTTP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_HTTP.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ICMP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_IMAP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_IRC.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Ident.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_KRB.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_KRB.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Login.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Login.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MIME.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MQTT.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MQTT.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Modbus.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MySQL.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NCP.consts.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NCP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTLM.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTLM.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NetBIOS.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NetBIOS.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NoneWriter.none.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_PE.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_POP3.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RADIUS.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RDP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RDP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RFB.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RPC.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RawReader.raw.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SIP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.consts.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_close.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_echo.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_close.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_create.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_read.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_write.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMTP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMTP.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SNMP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SNMP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SOCKS.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SQLiteReader.sqlite.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSH.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSH.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.consts.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SteppingStone.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Syslog.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Teredo.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_UDP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Unified2.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Unified2.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_VXLAN.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.functions.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.ocsp_events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_XMPP.events.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/acld.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/add-geodata.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/addrs.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/analyzer.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/api.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/archive.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ascii.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/audio.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/average.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/benchmark.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/binary.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/bloom-filter.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/broker.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/cardinality-counter.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/comm.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/config.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const-dos-error.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const-nt-status.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/consts.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/contents.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/control.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ct-list.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/data.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/dcc-send.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/debug.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/dpd.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/drop.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/email_admin.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/entities.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/event.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/exec.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/executable.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/file_analysis.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/files.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/font.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/general.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/gridftp.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/hll_unique.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/hooks.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/image.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/inactivity.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/info.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/input.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/input.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/java.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/last.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/libmagic.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/log.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/logging.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/magic +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/main.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/max.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/messaging.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/min.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/mozilla-ca-list.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/netstats.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/non-cluster.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/none.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/office.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/openflow.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/option.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/packet_analysis.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/packetfilter.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/page.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/patterns.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pcap.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/plugin.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/plugins +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/polling.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pools.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/postprocessors +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pp-alarms.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/programming.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/raw.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/removal-hooks.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/reporter.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ryu.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sample.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/scp.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sftp.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/shunt.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/site.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/smb1-main.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/smb2-main.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sqlite.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/stats.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/std-dev.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/store.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/store.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/strings.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sum.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/supervisor.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/thresholds.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/top-k.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/topk.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/types.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/unique.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/utils-commands.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/utils.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/variance.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/video.sig +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/weird.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/zeek.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/zeekygen.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile <...>/__load__.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile <...>/__preload__.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile <...>/hooks.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/Zeek_KRB.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/Zeek_SNMP.types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/active-http.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/addrs.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/analyzer +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/analyzer.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/api.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/backtrace.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/bif +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/broker +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/cluster +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/comm.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/config +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/conn +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/conn-ids.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/const.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/control +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/data.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dce-rpc +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dhcp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dir.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/directions-and-hosts.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dnp3 +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dns +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dpd +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/email.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ethernet +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/event.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/exec.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/extract +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/fddi +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/file_analysis.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/files +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/files.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/find-checksum-offloading.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/find-filtered-trace.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ftp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/geoip-distance.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/gre +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/hash +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/hash_hrw.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/http +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ieee802_11 +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ieee802_11_radio +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/imap +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/init-default.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/init-frameworks-and-bifs.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/input +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/input.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/intel +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ip +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/iptunnel +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/irc +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/krb +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/linux_sll +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/logging +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/logging.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/main.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/messaging.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/modbus +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mpls +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mqtt +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mysql +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/netcontrol +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/nflog +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/notice +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ntlm +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ntp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/null +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/numbers.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/openflow +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/option.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet-filter +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet-protocols +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet_analysis.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/paths.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/patterns.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pe +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/plugins +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pop3 +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ppp_serial +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pppoe +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/queue.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/radius +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/rdp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/removal-hooks.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/reporter +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/reporter.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/rfb +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/root +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/signatures +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/sip +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/site.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/skip +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/smb +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/smtp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/snmp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/socks +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/software +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ssh +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ssl +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/stats.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/store.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/strings.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/strings.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/sumstats +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/supervisor +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/supervisor.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/syslog +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/thresholds.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/time.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/tunnels +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/types.bif.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/urls.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/utils.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/version.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/vlan +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/weird.zeek +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/x509 +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/xmpp +XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/zeek.bif.zeek +XXXXXXXXXX.XXXXXX | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} +XXXXXXXXXX.XXXXXX | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T] +XXXXXXXXXX.XXXXXX | HookQueueEvent NetControl::init() +XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookQueueEvent zeek_init() +XXXXXXXXXX.XXXXXX MetaHookPost BroObjDtor() -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_net_stats, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre BroObjDtor() +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(ChecksumOffloading::check, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_net_stats, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(ChecksumOffloading::check()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookBroObjDtor +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() +XXXXXXXXXX.XXXXXX | HookCallFunction ChecksumOffloading::check() +XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookCallFunction get_net_stats() +XXXXXXXXXX.XXXXXX | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() +XXXXXXXXXX.XXXXXX | HookQueueEvent ChecksumOffloading::check() +XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookSetupAnalyzerTree XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80 +XXXXXXXXXX.XXXXXX | RequestObjDtor Broker::log_flush() +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(network_time, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(split_string1, , (bro.org, <...>/)) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (-%s, HTTP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(network_time, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(split_string1, , (bro.org, <...>/)) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) +XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) +XXXXXXXXXX.XXXXXX | HookCallFunction Conn::register_removal_hook([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction fmt(-%s, HTTP) +XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) +XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) +XXXXXXXXXX.XXXXXX | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) +XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) +XXXXXXXXXX.XXXXXX | HookCallFunction network_time() +XXXXXXXXXX.XXXXXX | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) +XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction split_string1(bro.org, <...>/) +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) +XXXXXXXXXX.XXXXXX | HookQueueEvent protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction Files::__enable_reassembly(FMnxxt3xjVcWNS2141) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::__set_reassembly_buffer(FMnxxt3xjVcWNS2141, 524288) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::enable_reassembly([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_reassembly_buffer_size([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) +XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) +XXXXXXXXXX.XXXXXX | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) +XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) +XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookQueueEvent file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookQueueEvent file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) -> +XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) -> +XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) -> true +XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) -> true +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) +XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) +XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) +XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction Files::log_policy([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) +XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) +XXXXXXXXXX.XXXXXX | HookCallFunction file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) +XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) +XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookLogInit files 1/1 {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)} +XXXXXXXXXX.XXXXXX | HookLogInit http 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])} +XXXXXXXXXX.XXXXXX | HookLogWrite files [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts=192.150.187.43, rx_hosts=141.142.228.5, conn_uids=CHhAvVGS1DHFjwGM9, source=HTTP, depth=0, analyzers=, mime_type=text/plain, filename=, duration=0.000263, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, extracted=, extracted_cutoff=, extracted_size=] +XXXXXXXXXX.XXXXXX | HookLogWrite http [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, trans_depth=1, method=GET, host=bro.org, uri=<...>/plain] +XXXXXXXXXX.XXXXXX | HookQueueEvent file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) +XXXXXXXXXX.XXXXXX | HookQueueEvent file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) +XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_net_stats, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(is_tcp_port, , (59856/tcp)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(sub_bytes, , (HTTP, 0, 1)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(to_lower, , (HTTP)) -> +XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_done, , ()) -> +XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> +XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -> +XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) -> true +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(zeek_done()) -> false +XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(ChecksumOffloading::check, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_net_stats, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(is_tcp_port, , (59856/tcp)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(sub_bytes, , (HTTP, 0, 1)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(to_lower, , (HTTP)) +XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_done, , ()) +XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() +XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) +XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(ChecksumOffloading::check()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(zeek_done()) +XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() +XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() +XXXXXXXXXX.XXXXXX | HookCallFunction ChecksumOffloading::check() +XXXXXXXXXX.XXXXXX | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Conn::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::finalize_http([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) +XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) +XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookCallFunction get_net_stats() +XXXXXXXXXX.XXXXXX | HookCallFunction get_port_transport_proto(80/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) +XXXXXXXXXX.XXXXXX | HookCallFunction is_tcp_port(59856/tcp) +XXXXXXXXXX.XXXXXX | HookCallFunction net_done(XXXXXXXXXX.XXXXXX) +XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) +XXXXXXXXXX.XXXXXX | HookCallFunction sub_bytes(HTTP, 0, 1) +XXXXXXXXXX.XXXXXX | HookCallFunction to_lower(HTTP) +XXXXXXXXXX.XXXXXX | HookCallFunction zeek_done() +XXXXXXXXXX.XXXXXX | HookDrainEvents +XXXXXXXXXX.XXXXXX | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} +XXXXXXXXXX.XXXXXX | HookLogWrite conn [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=] +XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() +XXXXXXXXXX.XXXXXX | HookQueueEvent ChecksumOffloading::check() +XXXXXXXXXX.XXXXXX | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() +XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +XXXXXXXXXX.XXXXXX | HookQueueEvent zeek_done() diff --git a/testing/btest/core/protocol-registration-error.zeek b/testing/btest/core/protocol-registration-error.zeek new file mode 100644 index 0000000000..894226ee6c --- /dev/null +++ b/testing/btest/core/protocol-registration-error.zeek @@ -0,0 +1,12 @@ +# @TEST-EXEC-FAIL: zeek -b %INPUT +# @TEST-EXEC: btest-diff .stderr + +event try_register() + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 12345, PacketAnalyzer::ANALYZER_ETHERNET); + } + +event zeek_init() + { + schedule 1sec { try_register() }; + } \ No newline at end of file diff --git a/testing/btest/core/skip_analyzer.zeek b/testing/btest/core/skip_analyzer.zeek index 62652d0373..a3f181be05 100644 --- a/testing/btest/core/skip_analyzer.zeek +++ b/testing/btest/core/skip_analyzer.zeek @@ -7,8 +7,9 @@ @load base/protocols/conn @load base/frameworks/tunnels -redef PacketAnalyzer::ROOT::dispatch_map += { - [1] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_SKIP) -}; - redef PacketAnalyzer::SKIP::skip_bytes: count = 38; + +event zeek_init() + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_SKIP); + } diff --git a/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek index be32149e59..1d90e1c8f8 100644 --- a/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek +++ b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek @@ -1,14 +1,7 @@ module PacketAnalyzer::RAW_LAYER; -export { - ## Identifier mapping - const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef; -} - -redef PacketAnalyzer::ETHERNET::dispatch_map += { - [0x88B5] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_RAW_LAYER) -}; - -redef dispatch_map += { - [0x4950] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP) -}; +event zeek_init() + { + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x88B5, PacketAnalyzer::ANALYZER_RAW_LAYER); + PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_RAW_LAYER, 0x4950, PacketAnalyzer::ANALYZER_IP); + }