### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. 0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Broker::__subscribe, , (zeek/supervisor)) -> 0.000000 MetaHookPost CallFunction(Broker::subscribe, , (zeek/supervisor)) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> 0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) -> 0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) -> 0.000000 MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) -> 0.000000 MetaHookPost CallFunction(Config::config_option_changed, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Analyzer::Logging::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Files::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (HTTP::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Tunnel::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Weird::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Analyzer::Logging::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Config::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Files::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) -> 0.000000 MetaHookPost CallFunction(Option::set, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Analyzer::Logging::failure_data_max_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_pending_requests, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Log::default_rotation_postprocessor_cmd_env, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_nets, Site::update_local_nets_table: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::result = Site::new_valueif (Site::private_address_space_is_local) { if (Site::local_nets_needs_private_address_space) Site::result = Site::new_value | Site::private_address_spaceSite::local_nets_needs_private_address_space = T}Site::local_nets_table = table()for ([Site::cidr] in Site::result) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::result)}, -5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_zones, Site::update_local_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Site::update_neighbor_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Site::private_address_space, Site::update_private_address_space: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::new_privates = Site::new_value - Site::private_address_spaceSite::old_privates = Site::private_address_space - Site::new_valueSite::new_local_nets = (Site::local_nets | Site::private_address_space) - Site::old_privatesSite::new_local_nets += Site::new_privatesSite::local_nets_needs_private_address_space = FOption::set(Site::local_nets, to_any_coerce Site::new_local_nets, )return (Site::new_value)}, -5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval: function(ID:string, new_value:interval, location:string) : interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist: function(ID:string, new_value:string_set, location:string) : string_set{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (ignore_checksums_nets, PacketAnalyzer::IP::analyzer_option_change_ignore_checksums_nets: function(ID:string, new_value:set[subnet], location:string) : set[subnet]{ if (ignore_checksums_nets == PacketAnalyzer::IP::ID) PacketAnalyzer::__set_ignore_checksums_nets(PacketAnalyzer::IP::new_value)return (PacketAnalyzer::IP::new_value)}, 5)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp})) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_AYIYA, 4, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_AYIYA, 41, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 1, PacketAnalyzer::ANALYZER_SNAP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 3, PacketAnalyzer::ANALYZER_LLC)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 35047, PacketAnalyzer::ANALYZER_PBB)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 35110, PacketAnalyzer::ANALYZER_VNTAG)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2269, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 25944, PacketAnalyzer::ANALYZER_ETHERNET)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 1, PacketAnalyzer::ANALYZER_ICMP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 17, PacketAnalyzer::ANALYZER_UDP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 58, PacketAnalyzer::ANALYZER_ICMP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 6, PacketAnalyzer::ANALYZER_TCP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33280, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33296, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33312, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33328, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33344, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33360, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33376, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33392, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33408, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33424, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33440, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33456, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33472, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33488, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33504, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33520, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33536, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33552, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33568, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33584, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33600, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33616, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33632, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33648, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 33, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 641, PacketAnalyzer::ANALYZER_MPLS)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 87, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 9, PacketAnalyzer::ANALYZER_PPP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 1, PacketAnalyzer::ANALYZER_SNAP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 3, PacketAnalyzer::ANALYZER_LLC)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_protocol_detection, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA)) -> 0.000000 MetaHookPost CallFunction(PacketAnalyzer::register_protocol_detection, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO)) -> 0.000000 MetaHookPost CallFunction(Site::update_local_nets_table, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,fec0::/10,::1/128,2002:ffff:ffff::/48,2002:cb00:7100::/40,2002:c633:6400::<...>/4,100::/64,2002:a00::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::<...>/8,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) -> 0.000000 MetaHookPost CallFunction(Site::update_local_nets_table, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) -> 0.000000 MetaHookPost CallFunction(Site::update_local_zones_regex, , (Site::local_zones, {})) -> 0.000000 MetaHookPost CallFunction(Site::update_neighbor_zones_regex, , (Site::neighbor_zones, {})) -> 0.000000 MetaHookPost CallFunction(Site::update_private_address_space, , (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) -> 0.000000 MetaHookPost CallFunction(Supervisor::__is_supervisor, , ()) -> 0.000000 MetaHookPost CallFunction(Supervisor::is_supervisor, , ()) -> 0.000000 MetaHookPost CallFunction(__init_primary_bifs, , ()) -> 0.000000 MetaHookPost CallFunction(__init_secondary_bifs, , ()) -> 0.000000 MetaHookPost CallFunction(getenv, , (CLUSTER_NODE)) -> 0.000000 MetaHookPost CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> 0.000000 MetaHookPost CallFunction(global_options, , ()) -> 0.000000 MetaHookPost CallFunction(have_spicy, , ()) -> 0.000000 MetaHookPost CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (2123/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (2152/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (3544/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (4754/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (4789/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (5072/udp)) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (6081/udp)) -> 0.000000 MetaHookPost CallFunction(reading_traces, , ()) -> 0.000000 MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> 0.000000 MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> 0.000000 MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> 0.000000 MetaHookPost CallFunction(zeek_init, , ()) -> 0.000000 MetaHookPost DrainEvents() -> 0.000000 MetaHookPost LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_AsciiReader.ascii.bif.zeek, <...>/Zeek_AsciiReader.ascii.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_AsciiWriter.ascii.bif.zeek, <...>/Zeek_AsciiWriter.ascii.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_BenchmarkReader.benchmark.bif.zeek, <...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_BinaryReader.binary.bif.zeek, <...>/Zeek_BinaryReader.binary.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_BitTorrent.events.bif.zeek, <...>/Zeek_BitTorrent.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek, <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_ConfigReader.config.bif.zeek, <...>/Zeek_ConfigReader.config.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_ConnSize.events.bif.zeek, <...>/Zeek_ConnSize.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_ConnSize.functions.bif.zeek, <...>/Zeek_ConnSize.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DCE_RPC.consts.bif.zeek, <...>/Zeek_DCE_RPC.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DCE_RPC.events.bif.zeek, <...>/Zeek_DCE_RPC.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DCE_RPC.types.bif.zeek, <...>/Zeek_DCE_RPC.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DHCP.events.bif.zeek, <...>/Zeek_DHCP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DHCP.types.bif.zeek, <...>/Zeek_DHCP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DNP3.events.bif.zeek, <...>/Zeek_DNP3.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_DNS.events.bif.zeek, <...>/Zeek_DNS.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FTP.events.bif.zeek, <...>/Zeek_FTP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FTP.functions.bif.zeek, <...>/Zeek_FTP.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_File.events.bif.zeek, <...>/Zeek_File.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileEntropy.events.bif.zeek, <...>/Zeek_FileEntropy.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Geneve.events.bif.zeek, <...>/Zeek_Geneve.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Geneve.functions.bif.zeek, <...>/Zeek_Geneve.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Gnutella.events.bif.zeek, <...>/Zeek_Gnutella.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_HTTP.events.bif.zeek, <...>/Zeek_HTTP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_HTTP.functions.bif.zeek, <...>/Zeek_HTTP.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_ICMP.events.bif.zeek, <...>/Zeek_ICMP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_IMAP.events.bif.zeek, <...>/Zeek_IMAP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_IRC.events.bif.zeek, <...>/Zeek_IRC.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Ident.events.bif.zeek, <...>/Zeek_Ident.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_KRB.events.bif.zeek, <...>/Zeek_KRB.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_KRB.types.bif.zeek, <...>/Zeek_KRB.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Login.events.bif.zeek, <...>/Zeek_Login.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Login.functions.bif.zeek, <...>/Zeek_Login.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_MIME.consts.bif.zeek, <...>/Zeek_MIME.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_MIME.events.bif.zeek, <...>/Zeek_MIME.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_MQTT.events.bif.zeek, <...>/Zeek_MQTT.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_MQTT.types.bif.zeek, <...>/Zeek_MQTT.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Modbus.events.bif.zeek, <...>/Zeek_Modbus.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_MySQL.events.bif.zeek, <...>/Zeek_MySQL.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NCP.consts.bif.zeek, <...>/Zeek_NCP.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NCP.events.bif.zeek, <...>/Zeek_NCP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NTLM.events.bif.zeek, <...>/Zeek_NTLM.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NTLM.types.bif.zeek, <...>/Zeek_NTLM.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NTP.events.bif.zeek, <...>/Zeek_NTP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NTP.types.bif.zeek, <...>/Zeek_NTP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NetBIOS.events.bif.zeek, <...>/Zeek_NetBIOS.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NetBIOS.functions.bif.zeek, <...>/Zeek_NetBIOS.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_NoneWriter.none.bif.zeek, <...>/Zeek_NoneWriter.none.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RFB.events.bif.zeek, <...>/Zeek_RFB.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RPC.events.bif.zeek, <...>/Zeek_RPC.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_RawReader.raw.bif.zeek, <...>/Zeek_RawReader.raw.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SIP.events.bif.zeek, <...>/Zeek_SIP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.consts.bif.zeek, <...>/Zeek_SMB.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.events.bif.zeek, <...>/Zeek_SMB.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_check_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_close.bif.zeek, <...>/Zeek_SMB.smb1_com_close.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_create_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_echo.bif.zeek, <...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_query_information.bif.zeek, <...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_read_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_transaction.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_transaction2.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_com_write_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb1_events.bif.zeek, <...>/Zeek_SMB.smb1_events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_close.bif.zeek, <...>/Zeek_SMB.smb2_com_close.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_create.bif.zeek, <...>/Zeek_SMB.smb2_com_create.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_read.bif.zeek, <...>/Zeek_SMB.smb2_com_read.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_session_setup.bif.zeek, <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_set_info.bif.zeek, <...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_transform_header.bif.zeek, <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_tree_connect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_com_write.bif.zeek, <...>/Zeek_SMB.smb2_com_write.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.smb2_events.bif.zeek, <...>/Zeek_SMB.smb2_events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMB.types.bif.zeek, <...>/Zeek_SMB.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMTP.consts.bif.zeek, <...>/Zeek_SMTP.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMTP.events.bif.zeek, <...>/Zeek_SMTP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SMTP.functions.bif.zeek, <...>/Zeek_SMTP.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SNMP.events.bif.zeek, <...>/Zeek_SNMP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SNMP.types.bif.zeek, <...>/Zeek_SNMP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SOCKS.events.bif.zeek, <...>/Zeek_SOCKS.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SQLiteReader.sqlite.bif.zeek, <...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SQLiteWriter.sqlite.bif.zeek, <...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSH.events.bif.zeek, <...>/Zeek_SSH.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSH.types.bif.zeek, <...>/Zeek_SSH.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSL.consts.bif.zeek, <...>/Zeek_SSL.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSL.events.bif.zeek, <...>/Zeek_SSL.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSL.functions.bif.zeek, <...>/Zeek_SSL.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_SSL.types.bif.zeek, <...>/Zeek_SSL.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_StreamEvent.events.bif.zeek, <...>/Zeek_StreamEvent.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Teredo.functions.bif.zeek, <...>/Zeek_Teredo.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_UDP.events.bif.zeek, <...>/Zeek_UDP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_VXLAN.events.bif.zeek, <...>/Zeek_VXLAN.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_WebSocket.consts.bif.zeek, <...>/Zeek_WebSocket.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_WebSocket.events.bif.zeek, <...>/Zeek_WebSocket.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_WebSocket.functions.bif.zeek, <...>/Zeek_WebSocket.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_WebSocket.types.bif.zeek, <...>/Zeek_WebSocket.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.events.bif.zeek, <...>/Zeek_X509.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.functions.bif.zeek, <...>/Zeek_X509.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./addrs, <...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./api, <...>/api.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./backpressure, <...>/backpressure.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./cluster.bif.zeek, <...>/cluster.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./contents, <...>/contents.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./control, <...>/control.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./dpd, <...>/dpd.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./entities, <...>/entities.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./file_analysis.bif.zeek, <...>/file_analysis.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./files, <...>/files.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./hooks.bif.zeek, <...>/hooks.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./inactivity, <...>/inactivity.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./input, <...>/input.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./log, <...>/log.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./logging, <...>/logging.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./magic, <...>/magic) -> -1 0.000000 MetaHookPost LoadFile(0, ./main, <...>/main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./main.zeek, <...>/main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./messaging.bif.zeek, <...>/messaging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./mmdb.bif.zeek, <...>/mmdb.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./option.bif.zeek, <...>/option.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./packet_analysis.bif.zeek, <...>/packet_analysis.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./patterns, <...>/patterns.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./pcap.bif.zeek, <...>/pcap.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./polling, <...>/polling.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./pools, <...>/pools.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./postprocessors, <...>/postprocessors) -> -1 0.000000 MetaHookPost LoadFile(0, ./pubsub, <...>/pubsub.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./removal-hooks, <...>/removal-hooks.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./reporter.bif.zeek, <...>/reporter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./scp, <...>/scp.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./sftp, <...>/sftp.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./spicy.bif.zeek, <...>/spicy.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./storage-async.bif.zeek, <...>/storage-async.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./storage-events.bif.zeek, <...>/storage-events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./storage-sync.bif.zeek, <...>/storage-sync.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./storage.bif.zeek, <...>/storage.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./store, <...>/store.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./store.bif.zeek, <...>/store.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./strings.bif.zeek, <...>/strings.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./telemetry, <...>/telemetry.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./thresholds, <...>/thresholds.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./types, <...>/types.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./types.bif.zeek, <...>/types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./utils, <...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./weird, <...>/weird.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./zeek.bif.zeek, <...>/zeek.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./zeekygen.bif.zeek, <...>/zeekygen.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/ascii, <...>/ascii.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/benchmark, <...>/benchmark.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/binary, <...>/binary.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/config, <...>/config.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/none, <...>/none.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/raw, <...>/raw.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, .<...>/sqlite, <...>/sqlite.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base/bif, <...>/bif) -> -1 0.000000 MetaHookPost LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base/packet-protocols, <...>/packet-protocols) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_GTPv1.events.bif, <...>/Zeek_GTPv1.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_GTPv1.functions.bif, <...>/Zeek_GTPv1.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_KRB.types.bif, <...>/Zeek_KRB.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_SNMP.types.bif, <...>/Zeek_SNMP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/Zeek_Teredo.functions.bif, <...>/Zeek_Teredo.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/addrs, <...>/addrs.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer, <...>/analyzer) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/analyzer.bif, <...>/analyzer.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/api, <...>/api.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ayiya, <...>/ayiya) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/broker, <...>/broker) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/cluster, <...>/cluster) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/cluster.bif, <...>/cluster.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/comm.bif, <...>/comm.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/communityid.bif, <...>/communityid.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/config, <...>/config) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/conn, <...>/conn) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/conn-ids, <...>/conn-ids.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/const.bif, <...>/const.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/control, <...>/control) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/data.bif, <...>/data.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ethernet, <...>/ethernet) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/fddi, <...>/fddi) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/file_analysis.bif, <...>/file_analysis.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/files, <...>/files) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/files, <...>/files.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/geneve, <...>/geneve) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/gre, <...>/gre) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/gtpv1, <...>/gtpv1) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/hash_hrw, <...>/hash_hrw.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/http, <...>/http) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/icmp, <...>/icmp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ieee802_11, <...>/ieee802_11) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ieee802_11_radio, <...>/ieee802_11_radio) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/init-bare, <...>/init-bare.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/init-framework, <...>/init-framework.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/input, <...>/input) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/input.bif, <...>/input.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ip, <...>/ip) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/iptunnel, <...>/iptunnel) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll, <...>/linux_sll) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/linux_sll2, <...>/linux_sll2) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/llc, <...>/llc) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/logging, <...>/logging) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/logging.bif, <...>/logging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/main, <...>/main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek, <...>/main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif, <...>/messaging.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/mmdb.bif, <...>/mmdb.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/mpls, <...>/mpls) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/nflog, <...>/nflog) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/novell_802_3, <...>/novell_802_3) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/null, <...>/null) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/numbers, <...>/numbers.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/option.bif, <...>/option.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/options, <...>/options.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/packet_analysis.bif, <...>/packet_analysis.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/pbb, <...>/pbb) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/plugins, <...>/plugins) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ppp, <...>/ppp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/pppoe, <...>/pppoe) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/root, <...>/root) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/site, <...>/site.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/skip, <...>/skip) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/snap, <...>/snap) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/stats.bif, <...>/stats.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/store.bif, <...>/store.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/strings, <...>/strings.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/strings.bif, <...>/strings.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/supervisor, <...>/supervisor) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/tcp, <...>/tcp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/teredo, <...>/teredo) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/tunnels, <...>/tunnels) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/udp, <...>/udp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/utils, <...>/utils.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/vlan, <...>/vlan) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/vntag, <...>/vntag) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/vxlan, <...>/vxlan) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/weird, <...>/weird.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/zeek.bif, <...>/zeek.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, s1.sig, ./s1.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./archive, <...>/archive.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./audio, <...>/audio.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./dpd.sig, <...>/dpd.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./executable, <...>/executable.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./font, <...>/font.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./general, <...>/general.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./image, <...>/image.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./java, <...>/java.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./libmagic, <...>/libmagic.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./office, <...>/office.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./programming, <...>/programming.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./python, <...>/python.sig) -> -1 0.000000 MetaHookPost LoadFile(1, ./video, <...>/video.sig) -> -1 0.000000 MetaHookPost LoadFile(1, s2, ./s2.sig) -> -1 0.000000 MetaHookPost LoadFileExtended(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_AsciiReader.ascii.bif.zeek, <...>/Zeek_AsciiReader.ascii.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_AsciiWriter.ascii.bif.zeek, <...>/Zeek_AsciiWriter.ascii.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_BenchmarkReader.benchmark.bif.zeek, <...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_BinaryReader.binary.bif.zeek, <...>/Zeek_BinaryReader.binary.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_BitTorrent.events.bif.zeek, <...>/Zeek_BitTorrent.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek, <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_ConfigReader.config.bif.zeek, <...>/Zeek_ConfigReader.config.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_ConnSize.events.bif.zeek, <...>/Zeek_ConnSize.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_ConnSize.functions.bif.zeek, <...>/Zeek_ConnSize.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DCE_RPC.consts.bif.zeek, <...>/Zeek_DCE_RPC.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DCE_RPC.events.bif.zeek, <...>/Zeek_DCE_RPC.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DCE_RPC.types.bif.zeek, <...>/Zeek_DCE_RPC.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DHCP.events.bif.zeek, <...>/Zeek_DHCP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DHCP.types.bif.zeek, <...>/Zeek_DHCP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DNP3.events.bif.zeek, <...>/Zeek_DNP3.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_DNS.events.bif.zeek, <...>/Zeek_DNS.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FTP.events.bif.zeek, <...>/Zeek_FTP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FTP.functions.bif.zeek, <...>/Zeek_FTP.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_File.events.bif.zeek, <...>/Zeek_File.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileEntropy.events.bif.zeek, <...>/Zeek_FileEntropy.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Geneve.events.bif.zeek, <...>/Zeek_Geneve.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Geneve.functions.bif.zeek, <...>/Zeek_Geneve.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Gnutella.events.bif.zeek, <...>/Zeek_Gnutella.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_HTTP.events.bif.zeek, <...>/Zeek_HTTP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_HTTP.functions.bif.zeek, <...>/Zeek_HTTP.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_ICMP.events.bif.zeek, <...>/Zeek_ICMP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_IMAP.events.bif.zeek, <...>/Zeek_IMAP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_IRC.events.bif.zeek, <...>/Zeek_IRC.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Ident.events.bif.zeek, <...>/Zeek_Ident.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_KRB.events.bif.zeek, <...>/Zeek_KRB.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_KRB.types.bif.zeek, <...>/Zeek_KRB.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Login.events.bif.zeek, <...>/Zeek_Login.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Login.functions.bif.zeek, <...>/Zeek_Login.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_MIME.consts.bif.zeek, <...>/Zeek_MIME.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_MIME.events.bif.zeek, <...>/Zeek_MIME.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_MQTT.events.bif.zeek, <...>/Zeek_MQTT.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_MQTT.types.bif.zeek, <...>/Zeek_MQTT.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Modbus.events.bif.zeek, <...>/Zeek_Modbus.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_MySQL.events.bif.zeek, <...>/Zeek_MySQL.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NCP.consts.bif.zeek, <...>/Zeek_NCP.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NCP.events.bif.zeek, <...>/Zeek_NCP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NTLM.events.bif.zeek, <...>/Zeek_NTLM.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NTLM.types.bif.zeek, <...>/Zeek_NTLM.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NTP.events.bif.zeek, <...>/Zeek_NTP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NTP.types.bif.zeek, <...>/Zeek_NTP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NetBIOS.events.bif.zeek, <...>/Zeek_NetBIOS.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NetBIOS.functions.bif.zeek, <...>/Zeek_NetBIOS.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_NoneWriter.none.bif.zeek, <...>/Zeek_NoneWriter.none.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RFB.events.bif.zeek, <...>/Zeek_RFB.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RPC.events.bif.zeek, <...>/Zeek_RPC.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_RawReader.raw.bif.zeek, <...>/Zeek_RawReader.raw.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SIP.events.bif.zeek, <...>/Zeek_SIP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.consts.bif.zeek, <...>/Zeek_SMB.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.events.bif.zeek, <...>/Zeek_SMB.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_check_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_close.bif.zeek, <...>/Zeek_SMB.smb1_com_close.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_create_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_echo.bif.zeek, <...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_query_information.bif.zeek, <...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_read_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction2.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_com_write_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb1_events.bif.zeek, <...>/Zeek_SMB.smb1_events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_close.bif.zeek, <...>/Zeek_SMB.smb2_com_close.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_create.bif.zeek, <...>/Zeek_SMB.smb2_com_create.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_read.bif.zeek, <...>/Zeek_SMB.smb2_com_read.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_session_setup.bif.zeek, <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_set_info.bif.zeek, <...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_transform_header.bif.zeek, <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_tree_connect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_com_write.bif.zeek, <...>/Zeek_SMB.smb2_com_write.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.smb2_events.bif.zeek, <...>/Zeek_SMB.smb2_events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMB.types.bif.zeek, <...>/Zeek_SMB.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMTP.consts.bif.zeek, <...>/Zeek_SMTP.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMTP.events.bif.zeek, <...>/Zeek_SMTP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SMTP.functions.bif.zeek, <...>/Zeek_SMTP.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SNMP.events.bif.zeek, <...>/Zeek_SNMP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SNMP.types.bif.zeek, <...>/Zeek_SNMP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SOCKS.events.bif.zeek, <...>/Zeek_SOCKS.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SQLiteReader.sqlite.bif.zeek, <...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SQLiteWriter.sqlite.bif.zeek, <...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSH.events.bif.zeek, <...>/Zeek_SSH.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSH.types.bif.zeek, <...>/Zeek_SSH.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSL.consts.bif.zeek, <...>/Zeek_SSL.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSL.events.bif.zeek, <...>/Zeek_SSL.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSL.functions.bif.zeek, <...>/Zeek_SSL.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_SSL.types.bif.zeek, <...>/Zeek_SSL.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_StreamEvent.events.bif.zeek, <...>/Zeek_StreamEvent.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Teredo.functions.bif.zeek, <...>/Zeek_Teredo.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_UDP.events.bif.zeek, <...>/Zeek_UDP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_VXLAN.events.bif.zeek, <...>/Zeek_VXLAN.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_WebSocket.consts.bif.zeek, <...>/Zeek_WebSocket.consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_WebSocket.events.bif.zeek, <...>/Zeek_WebSocket.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_WebSocket.functions.bif.zeek, <...>/Zeek_WebSocket.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_WebSocket.types.bif.zeek, <...>/Zeek_WebSocket.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.events.bif.zeek, <...>/Zeek_X509.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.functions.bif.zeek, <...>/Zeek_X509.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./addrs, <...>/addrs.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./api, <...>/api.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./backpressure, <...>/backpressure.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./cluster.bif.zeek, <...>/cluster.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./contents, <...>/contents.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./control, <...>/control.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./dpd, <...>/dpd.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./entities, <...>/entities.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./file_analysis.bif.zeek, <...>/file_analysis.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./files, <...>/files.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./hooks.bif.zeek, <...>/hooks.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./inactivity, <...>/inactivity.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./input, <...>/input.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./input.bif.zeek, <...>/input.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./log, <...>/log.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./logging, <...>/logging.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./magic, <...>/magic) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./main, <...>/main.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./main.zeek, <...>/main.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./messaging.bif.zeek, <...>/messaging.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./mmdb.bif.zeek, <...>/mmdb.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./option.bif.zeek, <...>/option.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./packet_analysis.bif.zeek, <...>/packet_analysis.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./patterns, <...>/patterns.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./pcap.bif.zeek, <...>/pcap.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./polling, <...>/polling.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./pools, <...>/pools.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./postprocessors, <...>/postprocessors) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./pubsub, <...>/pubsub.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./removal-hooks, <...>/removal-hooks.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./reporter.bif.zeek, <...>/reporter.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./scp, <...>/scp.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./sftp, <...>/sftp.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./spicy.bif.zeek, <...>/spicy.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./storage-async.bif.zeek, <...>/storage-async.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./storage-events.bif.zeek, <...>/storage-events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./storage-sync.bif.zeek, <...>/storage-sync.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./storage.bif.zeek, <...>/storage.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./store, <...>/store.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./store.bif.zeek, <...>/store.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./strings.bif.zeek, <...>/strings.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./telemetry, <...>/telemetry.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./thresholds, <...>/thresholds.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./types, <...>/types.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./types.bif.zeek, <...>/types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./utils, <...>/utils.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./weird, <...>/weird.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./zeek.bif.zeek, <...>/zeek.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, ./zeekygen.bif.zeek, <...>/zeekygen.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/ascii, <...>/ascii.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/benchmark, <...>/benchmark.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/binary, <...>/binary.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/config, <...>/config.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/none, <...>/none.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/raw, <...>/raw.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, .<...>/sqlite, <...>/sqlite.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base/bif, <...>/bif) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_GTPv1.events.bif, <...>/Zeek_GTPv1.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_GTPv1.functions.bif, <...>/Zeek_GTPv1.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_KRB.types.bif, <...>/Zeek_KRB.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_SNMP.types.bif, <...>/Zeek_SNMP.types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/Zeek_Teredo.functions.bif, <...>/Zeek_Teredo.functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/addrs, <...>/addrs.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/analyzer, <...>/analyzer) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/analyzer.bif, <...>/analyzer.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/api, <...>/api.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ayiya, <...>/ayiya) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/broker, <...>/broker) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/cluster, <...>/cluster) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/cluster.bif, <...>/cluster.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/comm.bif, <...>/comm.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/communityid.bif, <...>/communityid.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/config, <...>/config) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/conn, <...>/conn) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/conn-ids, <...>/conn-ids.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/const.bif, <...>/const.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/control, <...>/control) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/data.bif, <...>/data.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ethernet, <...>/ethernet) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/fddi, <...>/fddi) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/file_analysis.bif, <...>/file_analysis.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/files, <...>/files) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/files, <...>/files.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/geneve, <...>/geneve) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/gre, <...>/gre) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/gtpv1, <...>/gtpv1) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/hash_hrw, <...>/hash_hrw.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/http, <...>/http) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/icmp, <...>/icmp) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ieee802_11, <...>/ieee802_11) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ieee802_11_radio, <...>/ieee802_11_radio) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/init-bare, <...>/init-bare.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/init-framework, <...>/init-framework.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/input, <...>/input) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/input.bif, <...>/input.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ip, <...>/ip) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/iptunnel, <...>/iptunnel) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/linux_sll, <...>/linux_sll) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/linux_sll2, <...>/linux_sll2) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/llc, <...>/llc) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/logging, <...>/logging) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/logging.bif, <...>/logging.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/main, <...>/main.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/main.zeek, <...>/main.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/messaging.bif, <...>/messaging.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/mmdb.bif, <...>/mmdb.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/mpls, <...>/mpls) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/nflog, <...>/nflog) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/novell_802_3, <...>/novell_802_3) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/null, <...>/null) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/numbers, <...>/numbers.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/option.bif, <...>/option.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/options, <...>/options.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/packet_analysis.bif, <...>/packet_analysis.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/pbb, <...>/pbb) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/plugins, <...>/plugins) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ppp, <...>/ppp) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/pppoe, <...>/pppoe) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/root, <...>/root) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/site, <...>/site.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/skip, <...>/skip) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/snap, <...>/snap) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/stats.bif, <...>/stats.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/store.bif, <...>/store.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/strings, <...>/strings.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/strings.bif, <...>/strings.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/supervisor, <...>/supervisor) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/tcp, <...>/tcp) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/teredo, <...>/teredo) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/tunnels, <...>/tunnels) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/udp, <...>/udp) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/utils, <...>/utils.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/vlan, <...>/vlan) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/vntag, <...>/vntag) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/vxlan, <...>/vxlan) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/weird, <...>/weird.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/zeek.bif, <...>/zeek.bif.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(0, s1.sig, ./s1.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./archive, <...>/archive.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./audio, <...>/audio.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./dpd.sig, <...>/dpd.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./executable, <...>/executable.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./font, <...>/font.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./general, <...>/general.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./image, <...>/image.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./java, <...>/java.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./libmagic, <...>/libmagic.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./office, <...>/office.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./programming, <...>/programming.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./python, <...>/python.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./video, <...>/video.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, s2, ./s2.sig) -> (-1, ) 0.000000 MetaHookPost QueueEvent(zeek_init()) -> false 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) 0.000000 MetaHookPre CallFunction(Broker::__subscribe, , (zeek/supervisor)) 0.000000 MetaHookPre CallFunction(Broker::subscribe, , (zeek/supervisor)) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) 0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) 0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) 0.000000 MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) 0.000000 MetaHookPre CallFunction(Config::config_option_changed, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Analyzer::Logging::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Files::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (HTTP::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Tunnel::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Weird::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Analyzer::Logging::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Config::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Files::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500])) 0.000000 MetaHookPre CallFunction(Option::set, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, )) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Analyzer::Logging::failure_data_max_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_pending_requests, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Log::default_rotation_postprocessor_cmd_env, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_nets, Site::update_local_nets_table: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::result = Site::new_valueif (Site::private_address_space_is_local) { if (Site::local_nets_needs_private_address_space) Site::result = Site::new_value | Site::private_address_spaceSite::local_nets_needs_private_address_space = T}Site::local_nets_table = table()for ([Site::cidr] in Site::result) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::result)}, -5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_zones, Site::update_local_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Site::update_neighbor_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Site::private_address_space, Site::update_private_address_space: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::new_privates = Site::new_value - Site::private_address_spaceSite::old_privates = Site::private_address_space - Site::new_valueSite::new_local_nets = (Site::local_nets | Site::private_address_space) - Site::old_privatesSite::new_local_nets += Site::new_privatesSite::local_nets_needs_private_address_space = FOption::set(Site::local_nets, to_any_coerce Site::new_local_nets, )return (Site::new_value)}, -5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval: function(ID:string, new_value:interval, location:string) : interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist: function(ID:string, new_value:string_set, location:string) : string_set{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (ignore_checksums_nets, PacketAnalyzer::IP::analyzer_option_change_ignore_checksums_nets: function(ID:string, new_value:set[subnet], location:string) : set[subnet]{ if (ignore_checksums_nets == PacketAnalyzer::IP::ID) PacketAnalyzer::__set_ignore_checksums_nets(PacketAnalyzer::IP::new_value)return (PacketAnalyzer::IP::new_value)}, 5)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_port, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_for_ports, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp})) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_AYIYA, 4, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_AYIYA, 41, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 1, PacketAnalyzer::ANALYZER_SNAP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 3, PacketAnalyzer::ANALYZER_LLC)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 35047, PacketAnalyzer::ANALYZER_PBB)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 35110, PacketAnalyzer::ANALYZER_VNTAG)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 2269, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_GENEVE, 25944, PacketAnalyzer::ANALYZER_ETHERNET)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 1, PacketAnalyzer::ANALYZER_ICMP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 17, PacketAnalyzer::ANALYZER_UDP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 58, PacketAnalyzer::ANALYZER_ICMP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 6, PacketAnalyzer::ANALYZER_TCP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33280, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33296, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33312, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33328, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33344, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33360, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33376, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33392, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33408, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33424, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33440, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33456, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33472, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33488, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33504, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33520, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33536, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33552, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33568, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33584, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33600, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33616, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33632, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IPTUNNEL, 33648, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL2, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 33, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 641, PacketAnalyzer::ANALYZER_MPLS)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPP, 87, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 9, PacketAnalyzer::ANALYZER_PPP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 1, PacketAnalyzer::ANALYZER_SNAP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 3, PacketAnalyzer::ANALYZER_LLC)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_protocol_detection, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA)) 0.000000 MetaHookPre CallFunction(PacketAnalyzer::register_protocol_detection, , (PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO)) 0.000000 MetaHookPre CallFunction(Site::update_local_nets_table, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,fec0::/10,::1/128,2002:ffff:ffff::/48,2002:cb00:7100::/40,2002:c633:6400::<...>/4,100::/64,2002:a00::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::<...>/8,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) 0.000000 MetaHookPre CallFunction(Site::update_local_nets_table, , (Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) 0.000000 MetaHookPre CallFunction(Site::update_local_zones_regex, , (Site::local_zones, {})) 0.000000 MetaHookPre CallFunction(Site::update_neighbor_zones_regex, , (Site::neighbor_zones, {})) 0.000000 MetaHookPre CallFunction(Site::update_private_address_space, , (Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24})) 0.000000 MetaHookPre CallFunction(Supervisor::__is_supervisor, , ()) 0.000000 MetaHookPre CallFunction(Supervisor::is_supervisor, , ()) 0.000000 MetaHookPre CallFunction(__init_primary_bifs, , ()) 0.000000 MetaHookPre CallFunction(__init_secondary_bifs, , ()) 0.000000 MetaHookPre CallFunction(getenv, , (CLUSTER_NODE)) 0.000000 MetaHookPre CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) 0.000000 MetaHookPre CallFunction(global_options, , ()) 0.000000 MetaHookPre CallFunction(have_spicy, , ()) 0.000000 MetaHookPre CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(port_to_count, , (2123/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (2152/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (3544/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (4754/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (4789/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (5072/udp)) 0.000000 MetaHookPre CallFunction(port_to_count, , (6081/udp)) 0.000000 MetaHookPre CallFunction(reading_traces, , ()) 0.000000 MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) 0.000000 MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) 0.000000 MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) 0.000000 MetaHookPre CallFunction(zeek_init, , ()) 0.000000 MetaHookPre DrainEvents() 0.000000 MetaHookPre LoadFile(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_AsciiReader.ascii.bif.zeek, <...>/Zeek_AsciiReader.ascii.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_AsciiWriter.ascii.bif.zeek, <...>/Zeek_AsciiWriter.ascii.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_BenchmarkReader.benchmark.bif.zeek, <...>/Zeek_BenchmarkReader.benchmark.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_BinaryReader.binary.bif.zeek, <...>/Zeek_BinaryReader.binary.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_BitTorrent.events.bif.zeek, <...>/Zeek_BitTorrent.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek, <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_ConfigReader.config.bif.zeek, <...>/Zeek_ConfigReader.config.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_ConnSize.events.bif.zeek, <...>/Zeek_ConnSize.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_ConnSize.functions.bif.zeek, <...>/Zeek_ConnSize.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DCE_RPC.consts.bif.zeek, <...>/Zeek_DCE_RPC.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DCE_RPC.events.bif.zeek, <...>/Zeek_DCE_RPC.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DCE_RPC.types.bif.zeek, <...>/Zeek_DCE_RPC.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DHCP.events.bif.zeek, <...>/Zeek_DHCP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DHCP.types.bif.zeek, <...>/Zeek_DHCP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DNP3.events.bif.zeek, <...>/Zeek_DNP3.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_DNS.events.bif.zeek, <...>/Zeek_DNS.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FTP.events.bif.zeek, <...>/Zeek_FTP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FTP.functions.bif.zeek, <...>/Zeek_FTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_File.events.bif.zeek, <...>/Zeek_File.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileEntropy.events.bif.zeek, <...>/Zeek_FileEntropy.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Geneve.events.bif.zeek, <...>/Zeek_Geneve.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Geneve.functions.bif.zeek, <...>/Zeek_Geneve.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Gnutella.events.bif.zeek, <...>/Zeek_Gnutella.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_HTTP.events.bif.zeek, <...>/Zeek_HTTP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_HTTP.functions.bif.zeek, <...>/Zeek_HTTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_ICMP.events.bif.zeek, <...>/Zeek_ICMP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_IMAP.events.bif.zeek, <...>/Zeek_IMAP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_IRC.events.bif.zeek, <...>/Zeek_IRC.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Ident.events.bif.zeek, <...>/Zeek_Ident.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_KRB.events.bif.zeek, <...>/Zeek_KRB.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_KRB.types.bif.zeek, <...>/Zeek_KRB.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Login.events.bif.zeek, <...>/Zeek_Login.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Login.functions.bif.zeek, <...>/Zeek_Login.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_MIME.consts.bif.zeek, <...>/Zeek_MIME.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_MIME.events.bif.zeek, <...>/Zeek_MIME.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_MQTT.events.bif.zeek, <...>/Zeek_MQTT.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_MQTT.types.bif.zeek, <...>/Zeek_MQTT.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Modbus.events.bif.zeek, <...>/Zeek_Modbus.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_MySQL.events.bif.zeek, <...>/Zeek_MySQL.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NCP.consts.bif.zeek, <...>/Zeek_NCP.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NCP.events.bif.zeek, <...>/Zeek_NCP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NTLM.events.bif.zeek, <...>/Zeek_NTLM.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NTLM.types.bif.zeek, <...>/Zeek_NTLM.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NTP.events.bif.zeek, <...>/Zeek_NTP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NTP.types.bif.zeek, <...>/Zeek_NTP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NetBIOS.events.bif.zeek, <...>/Zeek_NetBIOS.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NetBIOS.functions.bif.zeek, <...>/Zeek_NetBIOS.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_NoneWriter.none.bif.zeek, <...>/Zeek_NoneWriter.none.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RFB.events.bif.zeek, <...>/Zeek_RFB.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RPC.events.bif.zeek, <...>/Zeek_RPC.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_RawReader.raw.bif.zeek, <...>/Zeek_RawReader.raw.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SIP.events.bif.zeek, <...>/Zeek_SIP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.consts.bif.zeek, <...>/Zeek_SMB.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.events.bif.zeek, <...>/Zeek_SMB.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_check_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_close.bif.zeek, <...>/Zeek_SMB.smb1_com_close.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_create_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_echo.bif.zeek, <...>/Zeek_SMB.smb1_com_echo.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_query_information.bif.zeek, <...>/Zeek_SMB.smb1_com_query_information.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_read_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_transaction.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_transaction2.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_com_write_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb1_events.bif.zeek, <...>/Zeek_SMB.smb1_events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_close.bif.zeek, <...>/Zeek_SMB.smb2_com_close.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_create.bif.zeek, <...>/Zeek_SMB.smb2_com_create.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_read.bif.zeek, <...>/Zeek_SMB.smb2_com_read.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_session_setup.bif.zeek, <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_set_info.bif.zeek, <...>/Zeek_SMB.smb2_com_set_info.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_transform_header.bif.zeek, <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_tree_connect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_com_write.bif.zeek, <...>/Zeek_SMB.smb2_com_write.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.smb2_events.bif.zeek, <...>/Zeek_SMB.smb2_events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMB.types.bif.zeek, <...>/Zeek_SMB.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMTP.consts.bif.zeek, <...>/Zeek_SMTP.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMTP.events.bif.zeek, <...>/Zeek_SMTP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SMTP.functions.bif.zeek, <...>/Zeek_SMTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SNMP.events.bif.zeek, <...>/Zeek_SNMP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SNMP.types.bif.zeek, <...>/Zeek_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SOCKS.events.bif.zeek, <...>/Zeek_SOCKS.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SQLiteReader.sqlite.bif.zeek, <...>/Zeek_SQLiteReader.sqlite.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SQLiteWriter.sqlite.bif.zeek, <...>/Zeek_SQLiteWriter.sqlite.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSH.events.bif.zeek, <...>/Zeek_SSH.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSH.types.bif.zeek, <...>/Zeek_SSH.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSL.consts.bif.zeek, <...>/Zeek_SSL.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSL.events.bif.zeek, <...>/Zeek_SSL.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSL.functions.bif.zeek, <...>/Zeek_SSL.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_SSL.types.bif.zeek, <...>/Zeek_SSL.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_StreamEvent.events.bif.zeek, <...>/Zeek_StreamEvent.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Teredo.functions.bif.zeek, <...>/Zeek_Teredo.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_UDP.events.bif.zeek, <...>/Zeek_UDP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_VXLAN.events.bif.zeek, <...>/Zeek_VXLAN.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_WebSocket.consts.bif.zeek, <...>/Zeek_WebSocket.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_WebSocket.events.bif.zeek, <...>/Zeek_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_WebSocket.functions.bif.zeek, <...>/Zeek_WebSocket.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_WebSocket.types.bif.zeek, <...>/Zeek_WebSocket.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.events.bif.zeek, <...>/Zeek_X509.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.functions.bif.zeek, <...>/Zeek_X509.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./addrs, <...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./api, <...>/api.zeek) 0.000000 MetaHookPre LoadFile(0, ./backpressure, <...>/backpressure.zeek) 0.000000 MetaHookPre LoadFile(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./cluster.bif.zeek, <...>/cluster.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./contents, <...>/contents.zeek) 0.000000 MetaHookPre LoadFile(0, ./control, <...>/control.zeek) 0.000000 MetaHookPre LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./dpd, <...>/dpd.zeek) 0.000000 MetaHookPre LoadFile(0, ./entities, <...>/entities.zeek) 0.000000 MetaHookPre LoadFile(0, ./event.bif.zeek, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./file_analysis.bif.zeek, <...>/file_analysis.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./files, <...>/files.zeek) 0.000000 MetaHookPre LoadFile(0, ./hooks.bif.zeek, <...>/hooks.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./inactivity, <...>/inactivity.zeek) 0.000000 MetaHookPre LoadFile(0, ./input, <...>/input.zeek) 0.000000 MetaHookPre LoadFile(0, ./input.bif.zeek, <...>/input.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./log, <...>/log.zeek) 0.000000 MetaHookPre LoadFile(0, ./logging, <...>/logging.zeek) 0.000000 MetaHookPre LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./magic, <...>/magic) 0.000000 MetaHookPre LoadFile(0, ./main, <...>/main.zeek) 0.000000 MetaHookPre LoadFile(0, ./main.zeek, <...>/main.zeek) 0.000000 MetaHookPre LoadFile(0, ./messaging.bif.zeek, <...>/messaging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./mmdb.bif.zeek, <...>/mmdb.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./option.bif.zeek, <...>/option.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./packet_analysis.bif.zeek, <...>/packet_analysis.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./patterns, <...>/patterns.zeek) 0.000000 MetaHookPre LoadFile(0, ./pcap.bif.zeek, <...>/pcap.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./polling, <...>/polling.zeek) 0.000000 MetaHookPre LoadFile(0, ./pools, <...>/pools.zeek) 0.000000 MetaHookPre LoadFile(0, ./postprocessors, <...>/postprocessors) 0.000000 MetaHookPre LoadFile(0, ./pubsub, <...>/pubsub.zeek) 0.000000 MetaHookPre LoadFile(0, ./removal-hooks, <...>/removal-hooks.zeek) 0.000000 MetaHookPre LoadFile(0, ./reporter.bif.zeek, <...>/reporter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./scp, <...>/scp.zeek) 0.000000 MetaHookPre LoadFile(0, ./sftp, <...>/sftp.zeek) 0.000000 MetaHookPre LoadFile(0, ./spicy.bif.zeek, <...>/spicy.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./storage-async.bif.zeek, <...>/storage-async.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./storage-events.bif.zeek, <...>/storage-events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./storage-sync.bif.zeek, <...>/storage-sync.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./storage.bif.zeek, <...>/storage.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./store, <...>/store.zeek) 0.000000 MetaHookPre LoadFile(0, ./store.bif.zeek, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./strings.bif.zeek, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./telemetry, <...>/telemetry.zeek) 0.000000 MetaHookPre LoadFile(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./thresholds, <...>/thresholds.zeek) 0.000000 MetaHookPre LoadFile(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./types, <...>/types.zeek) 0.000000 MetaHookPre LoadFile(0, ./types.bif.zeek, <...>/types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./utils, <...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, ./weird, <...>/weird.zeek) 0.000000 MetaHookPre LoadFile(0, ./zeek.bif.zeek, <...>/zeek.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./zeekygen.bif.zeek, <...>/zeekygen.bif.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/ascii, <...>/ascii.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/benchmark, <...>/benchmark.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/binary, <...>/binary.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/config, <...>/config.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/none, <...>/none.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/raw, <...>/raw.zeek) 0.000000 MetaHookPre LoadFile(0, .<...>/sqlite, <...>/sqlite.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek) 0.000000 MetaHookPre LoadFile(0, base/bif, <...>/bif) 0.000000 MetaHookPre LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) 0.000000 MetaHookPre LoadFile(0, base/packet-protocols, <...>/packet-protocols) 0.000000 MetaHookPre LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_GTPv1.events.bif, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_GTPv1.functions.bif, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_KRB.types.bif, <...>/Zeek_KRB.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_SNMP.types.bif, <...>/Zeek_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/Zeek_Teredo.functions.bif, <...>/Zeek_Teredo.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/addrs, <...>/addrs.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer, <...>/analyzer) 0.000000 MetaHookPre LoadFile(0, base<...>/analyzer.bif, <...>/analyzer.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/api, <...>/api.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/ayiya, <...>/ayiya) 0.000000 MetaHookPre LoadFile(0, base<...>/broker, <...>/broker) 0.000000 MetaHookPre LoadFile(0, base<...>/cluster, <...>/cluster) 0.000000 MetaHookPre LoadFile(0, base<...>/cluster.bif, <...>/cluster.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/comm.bif, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/communityid.bif, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/config, <...>/config) 0.000000 MetaHookPre LoadFile(0, base<...>/conn, <...>/conn) 0.000000 MetaHookPre LoadFile(0, base<...>/conn-ids, <...>/conn-ids.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/const.bif, <...>/const.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/control, <...>/control) 0.000000 MetaHookPre LoadFile(0, base<...>/data.bif, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/ethernet, <...>/ethernet) 0.000000 MetaHookPre LoadFile(0, base<...>/event.bif, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/fddi, <...>/fddi) 0.000000 MetaHookPre LoadFile(0, base<...>/file_analysis.bif, <...>/file_analysis.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/files, <...>/files) 0.000000 MetaHookPre LoadFile(0, base<...>/files, <...>/files.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/geneve, <...>/geneve) 0.000000 MetaHookPre LoadFile(0, base<...>/gre, <...>/gre) 0.000000 MetaHookPre LoadFile(0, base<...>/gtpv1, <...>/gtpv1) 0.000000 MetaHookPre LoadFile(0, base<...>/hash_hrw, <...>/hash_hrw.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/http, <...>/http) 0.000000 MetaHookPre LoadFile(0, base<...>/icmp, <...>/icmp) 0.000000 MetaHookPre LoadFile(0, base<...>/ieee802_11, <...>/ieee802_11) 0.000000 MetaHookPre LoadFile(0, base<...>/ieee802_11_radio, <...>/ieee802_11_radio) 0.000000 MetaHookPre LoadFile(0, base<...>/init-bare, <...>/init-bare.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/init-framework, <...>/init-framework.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/input, <...>/input) 0.000000 MetaHookPre LoadFile(0, base<...>/input.bif, <...>/input.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/ip, <...>/ip) 0.000000 MetaHookPre LoadFile(0, base<...>/iptunnel, <...>/iptunnel) 0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll, <...>/linux_sll) 0.000000 MetaHookPre LoadFile(0, base<...>/linux_sll2, <...>/linux_sll2) 0.000000 MetaHookPre LoadFile(0, base<...>/llc, <...>/llc) 0.000000 MetaHookPre LoadFile(0, base<...>/logging, <...>/logging) 0.000000 MetaHookPre LoadFile(0, base<...>/logging.bif, <...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/main, <...>/main.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/main.zeek, <...>/main.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/messaging.bif, <...>/messaging.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/mmdb.bif, <...>/mmdb.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/mpls, <...>/mpls) 0.000000 MetaHookPre LoadFile(0, base<...>/nflog, <...>/nflog) 0.000000 MetaHookPre LoadFile(0, base<...>/novell_802_3, <...>/novell_802_3) 0.000000 MetaHookPre LoadFile(0, base<...>/null, <...>/null) 0.000000 MetaHookPre LoadFile(0, base<...>/numbers, <...>/numbers.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/option.bif, <...>/option.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/options, <...>/options.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/packet_analysis.bif, <...>/packet_analysis.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/pbb, <...>/pbb) 0.000000 MetaHookPre LoadFile(0, base<...>/plugins, <...>/plugins) 0.000000 MetaHookPre LoadFile(0, base<...>/ppp, <...>/ppp) 0.000000 MetaHookPre LoadFile(0, base<...>/ppp_serial, <...>/ppp_serial) 0.000000 MetaHookPre LoadFile(0, base<...>/pppoe, <...>/pppoe) 0.000000 MetaHookPre LoadFile(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/root, <...>/root) 0.000000 MetaHookPre LoadFile(0, base<...>/site, <...>/site.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/skip, <...>/skip) 0.000000 MetaHookPre LoadFile(0, base<...>/snap, <...>/snap) 0.000000 MetaHookPre LoadFile(0, base<...>/stats.bif, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/store.bif, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/strings, <...>/strings.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/strings.bif, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/supervisor, <...>/supervisor) 0.000000 MetaHookPre LoadFile(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/tcp, <...>/tcp) 0.000000 MetaHookPre LoadFile(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/teredo, <...>/teredo) 0.000000 MetaHookPre LoadFile(0, base<...>/tunnels, <...>/tunnels) 0.000000 MetaHookPre LoadFile(0, base<...>/types.bif, <...>/types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/udp, <...>/udp) 0.000000 MetaHookPre LoadFile(0, base<...>/utils, <...>/utils.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/vlan, <...>/vlan) 0.000000 MetaHookPre LoadFile(0, base<...>/vntag, <...>/vntag) 0.000000 MetaHookPre LoadFile(0, base<...>/vxlan, <...>/vxlan) 0.000000 MetaHookPre LoadFile(0, base<...>/weird, <...>/weird.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/zeek.bif, <...>/zeek.bif.zeek) 0.000000 MetaHookPre LoadFile(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFile(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFile(0, s1.sig, ./s1.sig) 0.000000 MetaHookPre LoadFile(1, ./archive, <...>/archive.sig) 0.000000 MetaHookPre LoadFile(1, ./audio, <...>/audio.sig) 0.000000 MetaHookPre LoadFile(1, ./dpd.sig, <...>/dpd.sig) 0.000000 MetaHookPre LoadFile(1, ./executable, <...>/executable.sig) 0.000000 MetaHookPre LoadFile(1, ./font, <...>/font.sig) 0.000000 MetaHookPre LoadFile(1, ./general, <...>/general.sig) 0.000000 MetaHookPre LoadFile(1, ./image, <...>/image.sig) 0.000000 MetaHookPre LoadFile(1, ./java, <...>/java.sig) 0.000000 MetaHookPre LoadFile(1, ./libmagic, <...>/libmagic.sig) 0.000000 MetaHookPre LoadFile(1, ./office, <...>/office.sig) 0.000000 MetaHookPre LoadFile(1, ./programming, <...>/programming.sig) 0.000000 MetaHookPre LoadFile(1, ./python, <...>/python.sig) 0.000000 MetaHookPre LoadFile(1, ./video, <...>/video.sig) 0.000000 MetaHookPre LoadFile(1, s2, ./s2.sig) 0.000000 MetaHookPre LoadFileExtended(0, ./CPP-load.bif.zeek, <...>/CPP-load.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_ARP.events.bif.zeek, <...>/Zeek_ARP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_AsciiReader.ascii.bif.zeek, <...>/Zeek_AsciiReader.ascii.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_AsciiWriter.ascii.bif.zeek, <...>/Zeek_AsciiWriter.ascii.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_BenchmarkReader.benchmark.bif.zeek, <...>/Zeek_BenchmarkReader.benchmark.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_BinaryReader.binary.bif.zeek, <...>/Zeek_BinaryReader.binary.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_BitTorrent.events.bif.zeek, <...>/Zeek_BitTorrent.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek, <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_ConfigReader.config.bif.zeek, <...>/Zeek_ConfigReader.config.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_ConnSize.events.bif.zeek, <...>/Zeek_ConnSize.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_ConnSize.functions.bif.zeek, <...>/Zeek_ConnSize.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DCE_RPC.consts.bif.zeek, <...>/Zeek_DCE_RPC.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DCE_RPC.events.bif.zeek, <...>/Zeek_DCE_RPC.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DCE_RPC.types.bif.zeek, <...>/Zeek_DCE_RPC.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DHCP.events.bif.zeek, <...>/Zeek_DHCP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DHCP.types.bif.zeek, <...>/Zeek_DHCP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DNP3.events.bif.zeek, <...>/Zeek_DNP3.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_DNS.events.bif.zeek, <...>/Zeek_DNS.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FTP.events.bif.zeek, <...>/Zeek_FTP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FTP.functions.bif.zeek, <...>/Zeek_FTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_File.events.bif.zeek, <...>/Zeek_File.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileEntropy.events.bif.zeek, <...>/Zeek_FileEntropy.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Geneve.events.bif.zeek, <...>/Zeek_Geneve.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Geneve.functions.bif.zeek, <...>/Zeek_Geneve.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Gnutella.events.bif.zeek, <...>/Zeek_Gnutella.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_HTTP.events.bif.zeek, <...>/Zeek_HTTP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_HTTP.functions.bif.zeek, <...>/Zeek_HTTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_ICMP.events.bif.zeek, <...>/Zeek_ICMP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_IMAP.events.bif.zeek, <...>/Zeek_IMAP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_IRC.events.bif.zeek, <...>/Zeek_IRC.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Ident.events.bif.zeek, <...>/Zeek_Ident.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_KRB.events.bif.zeek, <...>/Zeek_KRB.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_KRB.types.bif.zeek, <...>/Zeek_KRB.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Login.events.bif.zeek, <...>/Zeek_Login.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Login.functions.bif.zeek, <...>/Zeek_Login.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_MIME.consts.bif.zeek, <...>/Zeek_MIME.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_MIME.events.bif.zeek, <...>/Zeek_MIME.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_MQTT.events.bif.zeek, <...>/Zeek_MQTT.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_MQTT.types.bif.zeek, <...>/Zeek_MQTT.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Modbus.events.bif.zeek, <...>/Zeek_Modbus.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_MySQL.events.bif.zeek, <...>/Zeek_MySQL.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NCP.consts.bif.zeek, <...>/Zeek_NCP.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NCP.events.bif.zeek, <...>/Zeek_NCP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NTLM.events.bif.zeek, <...>/Zeek_NTLM.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NTLM.types.bif.zeek, <...>/Zeek_NTLM.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NTP.events.bif.zeek, <...>/Zeek_NTP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NTP.types.bif.zeek, <...>/Zeek_NTP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NetBIOS.events.bif.zeek, <...>/Zeek_NetBIOS.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NetBIOS.functions.bif.zeek, <...>/Zeek_NetBIOS.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_NoneWriter.none.bif.zeek, <...>/Zeek_NoneWriter.none.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RFB.events.bif.zeek, <...>/Zeek_RFB.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RPC.events.bif.zeek, <...>/Zeek_RPC.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_RawReader.raw.bif.zeek, <...>/Zeek_RawReader.raw.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SIP.events.bif.zeek, <...>/Zeek_SIP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.consts.bif.zeek, <...>/Zeek_SMB.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.events.bif.zeek, <...>/Zeek_SMB.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_check_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_close.bif.zeek, <...>/Zeek_SMB.smb1_com_close.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_create_directory.bif.zeek, <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_echo.bif.zeek, <...>/Zeek_SMB.smb1_com_echo.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_query_information.bif.zeek, <...>/Zeek_SMB.smb1_com_query_information.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_read_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction2.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek, <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_com_write_andx.bif.zeek, <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb1_events.bif.zeek, <...>/Zeek_SMB.smb1_events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_close.bif.zeek, <...>/Zeek_SMB.smb2_com_close.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_create.bif.zeek, <...>/Zeek_SMB.smb2_com_create.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_negotiate.bif.zeek, <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_read.bif.zeek, <...>/Zeek_SMB.smb2_com_read.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_session_setup.bif.zeek, <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_set_info.bif.zeek, <...>/Zeek_SMB.smb2_com_set_info.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_transform_header.bif.zeek, <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_tree_connect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek, <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_com_write.bif.zeek, <...>/Zeek_SMB.smb2_com_write.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.smb2_events.bif.zeek, <...>/Zeek_SMB.smb2_events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMB.types.bif.zeek, <...>/Zeek_SMB.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMTP.consts.bif.zeek, <...>/Zeek_SMTP.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMTP.events.bif.zeek, <...>/Zeek_SMTP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SMTP.functions.bif.zeek, <...>/Zeek_SMTP.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SNMP.events.bif.zeek, <...>/Zeek_SNMP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SNMP.types.bif.zeek, <...>/Zeek_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SOCKS.events.bif.zeek, <...>/Zeek_SOCKS.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SQLiteReader.sqlite.bif.zeek, <...>/Zeek_SQLiteReader.sqlite.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SQLiteWriter.sqlite.bif.zeek, <...>/Zeek_SQLiteWriter.sqlite.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSH.events.bif.zeek, <...>/Zeek_SSH.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSH.types.bif.zeek, <...>/Zeek_SSH.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSL.consts.bif.zeek, <...>/Zeek_SSL.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSL.events.bif.zeek, <...>/Zeek_SSL.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSL.functions.bif.zeek, <...>/Zeek_SSL.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_SSL.types.bif.zeek, <...>/Zeek_SSL.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_StreamEvent.events.bif.zeek, <...>/Zeek_StreamEvent.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Teredo.functions.bif.zeek, <...>/Zeek_Teredo.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_UDP.events.bif.zeek, <...>/Zeek_UDP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_VXLAN.events.bif.zeek, <...>/Zeek_VXLAN.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_WebSocket.consts.bif.zeek, <...>/Zeek_WebSocket.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_WebSocket.events.bif.zeek, <...>/Zeek_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_WebSocket.functions.bif.zeek, <...>/Zeek_WebSocket.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_WebSocket.types.bif.zeek, <...>/Zeek_WebSocket.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.events.bif.zeek, <...>/Zeek_X509.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.functions.bif.zeek, <...>/Zeek_X509.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./addrs, <...>/addrs.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./api, <...>/api.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./backpressure, <...>/backpressure.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./bloom-filter.bif.zeek, <...>/bloom-filter.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./cardinality-counter.bif.zeek, <...>/cardinality-counter.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./cluster.bif.zeek, <...>/cluster.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./contents, <...>/contents.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./control, <...>/control.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./dpd, <...>/dpd.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./entities, <...>/entities.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./event.bif.zeek, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./file_analysis.bif.zeek, <...>/file_analysis.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./files, <...>/files.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./hooks.bif.zeek, <...>/hooks.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./inactivity, <...>/inactivity.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./input, <...>/input.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./input.bif.zeek, <...>/input.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./log, <...>/log.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./logging, <...>/logging.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./magic, <...>/magic) 0.000000 MetaHookPre LoadFileExtended(0, ./main, <...>/main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./main.zeek, <...>/main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./messaging.bif.zeek, <...>/messaging.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./mmdb.bif.zeek, <...>/mmdb.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./option.bif.zeek, <...>/option.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./packet_analysis.bif.zeek, <...>/packet_analysis.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./patterns, <...>/patterns.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./pcap.bif.zeek, <...>/pcap.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./polling, <...>/polling.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./pools, <...>/pools.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./postprocessors, <...>/postprocessors) 0.000000 MetaHookPre LoadFileExtended(0, ./pubsub, <...>/pubsub.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./removal-hooks, <...>/removal-hooks.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./reporter.bif.zeek, <...>/reporter.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./scp, <...>/scp.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./sftp, <...>/sftp.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./spicy.bif.zeek, <...>/spicy.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./storage-async.bif.zeek, <...>/storage-async.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./storage-events.bif.zeek, <...>/storage-events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./storage-sync.bif.zeek, <...>/storage-sync.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./storage.bif.zeek, <...>/storage.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./store, <...>/store.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./store.bif.zeek, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./strings.bif.zeek, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./supervisor.bif.zeek, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./telemetry, <...>/telemetry.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_consts.bif.zeek, <...>/telemetry_consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_functions.bif.zeek, <...>/telemetry_functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./telemetry_types.bif.zeek, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./thresholds, <...>/thresholds.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./top-k.bif.zeek, <...>/top-k.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./types, <...>/types.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./types.bif.zeek, <...>/types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./utils, <...>/utils.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./weird, <...>/weird.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./zeek.bif.zeek, <...>/zeek.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./zeekygen.bif.zeek, <...>/zeekygen.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/ascii, <...>/ascii.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/benchmark, <...>/benchmark.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/binary, <...>/binary.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/config, <...>/config.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/none, <...>/none.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/raw, <...>/raw.zeek) 0.000000 MetaHookPre LoadFileExtended(0, .<...>/sqlite, <...>/sqlite.zeek) 0.000000 MetaHookPre LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base/bif, <...>/bif) 0.000000 MetaHookPre LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_Cluster_WebSocket.events.bif.zeek, <...>/Zeek_Cluster_WebSocket.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_GTPv1.events.bif, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_GTPv1.functions.bif, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_KRB.types.bif, <...>/Zeek_KRB.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_SNMP.types.bif, <...>/Zeek_SNMP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_Teredo.events.bif.zeek, <...>/Zeek_Teredo.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/Zeek_Teredo.functions.bif, <...>/Zeek_Teredo.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/addrs, <...>/addrs.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/analyzer, <...>/analyzer) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/analyzer.bif, <...>/analyzer.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/api, <...>/api.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ayiya, <...>/ayiya) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/broker, <...>/broker) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/cluster, <...>/cluster) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/cluster.bif, <...>/cluster.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/comm.bif, <...>/comm.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/communityid.bif, <...>/communityid.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/config, <...>/config) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/conn, <...>/conn) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/conn-ids, <...>/conn-ids.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/const.bif, <...>/const.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/control, <...>/control) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/data.bif, <...>/data.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ethernet, <...>/ethernet) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/event.bif, <...>/event.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/fddi, <...>/fddi) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/file_analysis.bif, <...>/file_analysis.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/files, <...>/files) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/files, <...>/files.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/geneve, <...>/geneve) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/gre, <...>/gre) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/gtpv1, <...>/gtpv1) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/hash_hrw, <...>/hash_hrw.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/http, <...>/http) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/icmp, <...>/icmp) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ieee802_11, <...>/ieee802_11) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ieee802_11_radio, <...>/ieee802_11_radio) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/init-bare, <...>/init-bare.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/init-framework, <...>/init-framework.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/input, <...>/input) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/input.bif, <...>/input.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ip, <...>/ip) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/iptunnel, <...>/iptunnel) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/linux_sll, <...>/linux_sll) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/linux_sll2, <...>/linux_sll2) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/llc, <...>/llc) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/logging, <...>/logging) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/logging.bif, <...>/logging.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/main, <...>/main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/main.zeek, <...>/main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/messaging.bif, <...>/messaging.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/mmdb.bif, <...>/mmdb.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/mpls, <...>/mpls) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/nflog, <...>/nflog) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/novell_802_3, <...>/novell_802_3) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/null, <...>/null) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/numbers, <...>/numbers.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/option.bif, <...>/option.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/options, <...>/options.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/packet_analysis.bif, <...>/packet_analysis.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/pbb, <...>/pbb) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/plugins, <...>/plugins) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ppp, <...>/ppp) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ppp_serial, <...>/ppp_serial) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/pppoe, <...>/pppoe) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/removal-hooks, <...>/removal-hooks.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/reporter.bif, <...>/reporter.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/root, <...>/root) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/site, <...>/site.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/skip, <...>/skip) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/snap, <...>/snap) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/stats.bif, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/store.bif, <...>/store.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/strings, <...>/strings.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/strings.bif, <...>/strings.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/supervisor, <...>/supervisor) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/supervisor.bif, <...>/supervisor.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/tcp, <...>/tcp) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/telemetry_functions.bif, <...>/telemetry_functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/telemetry_types.bif, <...>/telemetry_types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/teredo, <...>/teredo) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/tunnels, <...>/tunnels) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/types.bif, <...>/types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/udp, <...>/udp) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/utils, <...>/utils.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/vlan, <...>/vlan) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/vntag, <...>/vntag) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/vxlan, <...>/vxlan) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/weird, <...>/weird.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/zeek.bif, <...>/zeek.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek) 0.000000 MetaHookPre LoadFileExtended(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek) 0.000000 MetaHookPre LoadFileExtended(0, s1.sig, ./s1.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./archive, <...>/archive.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./audio, <...>/audio.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./dpd.sig, <...>/dpd.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./executable, <...>/executable.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./font, <...>/font.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./general, <...>/general.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./image, <...>/image.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./java, <...>/java.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./libmagic, <...>/libmagic.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./office, <...>/office.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./programming, <...>/programming.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./python, <...>/python.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./video, <...>/video.sig) 0.000000 MetaHookPre LoadFileExtended(1, s2, ./s2.sig) 0.000000 MetaHookPre QueueEvent(zeek_init()) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) 0.000000 | HookCallFunction Analyzer::disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp}) 0.000000 | HookCallFunction Broker::__subscribe(zeek/supervisor) 0.000000 | HookCallFunction Broker::subscribe(zeek/supervisor) 0.000000 | HookCallFunction Cluster::is_enabled() 0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F]) 0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F]) 0.000000 | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F]) 0.000000 | HookCallFunction Config::config_option_changed(Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, ) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle: function(c:connection, is_orig:bool) : string{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file: function(f:fa_file) : string{ if (HTTP::f$source != HTTP) return ()for ([HTTP::_], HTTP::c in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}]) 0.000000 | HookCallFunction Log::__add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::add_default_filter(Analyzer::Logging::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Files::LOG) 0.000000 | HookCallFunction Log::add_default_filter(HTTP::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG) 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Tunnel::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Weird::LOG) 0.000000 | HookCallFunction Log::add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Log::add_stream_filters(Analyzer::Logging::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Broker::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Cluster::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Config::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Conn::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Files::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(HTTP::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Notice::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default) 0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=Analyzer::Logging::log_analyzer: event(rec:Analyzer::Logging::Info), path=analyzer, policy=Analyzer::Logging::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config: event(rec:Config::Info), path=config, policy=Config::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn: event(rec:Conn::Info), path=conn, policy=Conn::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files: event(rec:Files::Info), path=files, policy=Files::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http: event(rec:HTTP::Info), path=http, policy=HTTP::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=0, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice: event(rec:Notice::Info), path=notice, policy=Notice::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird: event(rec:Weird::Info), path=weird, policy=Weird::log_policy: Log::PolicyHook, event_groups={}, max_delay_interval=200.0 msecs, max_delay_queue_size=1000, max_field_string_bytes=4096, max_total_string_bytes=256000, max_field_container_elements=100, max_total_container_elements=500]) 0.000000 | HookCallFunction Option::set(Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}, ) 0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::failure_data_max_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Broker::peer_counts_as_iosource, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Conn::analyzer_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Conn::default_extract, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Conn::extraction_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::http_methods, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::max_files_orig, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::max_files_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::max_pending_requests, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(HTTP::proxy_headers, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Input::default_mode, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Input::default_reader, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Log::default_rotation_dir, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Log::default_rotation_postprocessor_cmd_env, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(MQTT::max_payload_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::alarmed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::default_suppression_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::emailed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::ignored_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::mail_from, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::mail_subject_prefix, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::not_suppressed_types, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::reply_to, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Notice::sendmail, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Site::update_local_nets_table: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::result = Site::new_valueif (Site::private_address_space_is_local) { if (Site::local_nets_needs_private_address_space) Site::result = Site::new_value | Site::private_address_spaceSite::local_nets_needs_private_address_space = T}Site::local_nets_table = table()for ([Site::cidr] in Site::result) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::result)}, -5) 0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Site::update_local_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5) 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Site::update_neighbor_zones_regex: function(id:string, new_value:set[string]) : set[string]{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5) 0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Site::update_private_address_space: function(id:string, new_value:set[subnet]) : set[subnet]{ Site::new_privates = Site::new_value - Site::private_address_spaceSite::old_privates = Site::private_address_space - Site::new_valueSite::new_local_nets = (Site::local_nets | Site::private_address_space) - Site::old_privatesSite::new_local_nets += Site::new_privatesSite::local_nets_needs_private_address_space = FOption::set(Site::local_nets, to_any_coerce Site::new_local_nets, )return (Site::new_value)}, -5) 0.000000 | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::weird_option_change_interval: function(ID:string, new_value:interval, location:string) : interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_global_list, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::weird_option_change_count: function(ID:string, new_value:count, location:string) : count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist: function(ID:string, new_value:string_set, location:string) : string_set{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5) 0.000000 | HookCallFunction Option::set_change_handler(Weird::weird_do_not_ignore_repeats, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(default_file_bof_buffer_size, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(default_file_timeout_interval, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(ignore_checksums_nets, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(ignore_checksums_nets, PacketAnalyzer::IP::analyzer_option_change_ignore_checksums_nets: function(ID:string, new_value:set[subnet], location:string) : set[subnet]{ if (ignore_checksums_nets == PacketAnalyzer::IP::ID) PacketAnalyzer::__set_ignore_checksums_nets(PacketAnalyzer::IP::new_value)return (PacketAnalyzer::IP::new_value)}, 5) 0.000000 | HookCallFunction Option::set_change_handler(udp_content_delivery_ports_use_resp, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction Option::set_change_handler(udp_content_ports, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if ( == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, 5072/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, 6081/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, 4754/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2123/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, 2152/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, 3544/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_port(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, 4789/udp) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA, {5072/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GENEVE, {6081/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GRE, {4754/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_GTPV1, {2152<...>/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO, {3544/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_for_ports(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_VXLAN, {4789/udp}) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_AYIYA, 4, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_AYIYA, 41, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 1, PacketAnalyzer::ANALYZER_SNAP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 3, PacketAnalyzer::ANALYZER_LLC) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 35047, PacketAnalyzer::ANALYZER_PBB) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 35110, PacketAnalyzer::ANALYZER_VNTAG) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 2269, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_GENEVE, 25944, PacketAnalyzer::ANALYZER_ETHERNET) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 1, PacketAnalyzer::ANALYZER_ICMP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 17, PacketAnalyzer::ANALYZER_UDP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 58, PacketAnalyzer::ANALYZER_ICMP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 6, PacketAnalyzer::ANALYZER_TCP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33280, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33296, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33312, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33328, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33344, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33360, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33376, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33392, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33408, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33424, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33440, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33456, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33472, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33488, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33504, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33520, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33536, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33552, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33568, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33584, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33600, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33616, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33632, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IPTUNNEL, 33648, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL2, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 33, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 641, PacketAnalyzer::ANALYZER_MPLS) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 87, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 276, PacketAnalyzer::ANALYZER_LINUXSLL2) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 9, PacketAnalyzer::ANALYZER_PPP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SNAP, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2123, PacketAnalyzer::ANALYZER_GTPV1) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 2152, PacketAnalyzer::ANALYZER_GTPV1) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 3544, PacketAnalyzer::ANALYZER_TEREDO) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 4754, PacketAnalyzer::ANALYZER_GRE) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 4789, PacketAnalyzer::ANALYZER_VXLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 5072, PacketAnalyzer::ANALYZER_AYIYA) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_UDP, 6081, PacketAnalyzer::ANALYZER_GENEVE) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 1, PacketAnalyzer::ANALYZER_SNAP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2, PacketAnalyzer::ANALYZER_NOVELL_802_3) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 3, PacketAnalyzer::ANALYZER_LLC) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 35047, PacketAnalyzer::ANALYZER_PBB) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 35110, PacketAnalyzer::ANALYZER_VNTAG) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 33024, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 34984, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VNTAG, 37120, PacketAnalyzer::ANALYZER_VLAN) 0.000000 | HookCallFunction PacketAnalyzer::register_protocol_detection(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_AYIYA) 0.000000 | HookCallFunction PacketAnalyzer::register_protocol_detection(PacketAnalyzer::ANALYZER_UDP, PacketAnalyzer::ANALYZER_TEREDO) 0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}) 0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,fec0::/10,::1/128,2002:ffff:ffff::/48,2002:cb00:7100::/40,2002:c633:6400::<...>/4,100::/64,2002:a00::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::<...>/8,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}) 0.000000 | HookCallFunction Site::update_local_zones_regex(Site::local_zones, {}) 0.000000 | HookCallFunction Site::update_neighbor_zones_regex(Site::neighbor_zones, {}) 0.000000 | HookCallFunction Site::update_private_address_space(Site::private_address_space, {64:ff9b:1::<...>/15,fc00::<...>/10,::/128,2002:ffff:ffff::/48,::1/128,fec0::/10,2002:cb00:7100::/40,2002:c633:6400::<...>/4,2002:a00::/24,100::<...>/8,2001:2::<...>/12,2002:c000:200::/40,2002:f000::/20,2002:7f00::/24,2001::/23,2002:6440::/26,2002:c000::<...>/16,2002:ac10::/28,2002:a9fe::<...>/16,2002:c612::/31,2002::/24,fe80::/10,2001:db8::/32,2002:ef00::<...>/24,2002:e000::/40,2002:c0a8::<...>/24}) 0.000000 | HookCallFunction Supervisor::__is_supervisor() 0.000000 | HookCallFunction Supervisor::is_supervisor() 0.000000 | HookCallFunction __init_primary_bifs() 0.000000 | HookCallFunction __init_secondary_bifs() 0.000000 | HookCallFunction getenv(CLUSTER_NODE) 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS) 0.000000 | HookCallFunction global_options() 0.000000 | HookCallFunction have_spicy() 0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction port_to_count(2123/udp) 0.000000 | HookCallFunction port_to_count(2152/udp) 0.000000 | HookCallFunction port_to_count(3544/udp) 0.000000 | HookCallFunction port_to_count(4754/udp) 0.000000 | HookCallFunction port_to_count(4789/udp) 0.000000 | HookCallFunction port_to_count(5072/udp) 0.000000 | HookCallFunction port_to_count(6081/udp) 0.000000 | HookCallFunction reading_traces() 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F) 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) 0.000000 | HookCallFunction zeek_init() 0.000000 | HookDrainEvents 0.000000 | HookLoadFile ./CPP-load.bif.zeek <...>/CPP-load.bif.zeek 0.000000 | HookLoadFile ./Zeek_ARP.events.bif.zeek <...>/Zeek_ARP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_AsciiReader.ascii.bif.zeek <...>/Zeek_AsciiReader.ascii.bif.zeek 0.000000 | HookLoadFile ./Zeek_AsciiWriter.ascii.bif.zeek <...>/Zeek_AsciiWriter.ascii.bif.zeek 0.000000 | HookLoadFile ./Zeek_BenchmarkReader.benchmark.bif.zeek <...>/Zeek_BenchmarkReader.benchmark.bif.zeek 0.000000 | HookLoadFile ./Zeek_BinaryReader.binary.bif.zeek <...>/Zeek_BinaryReader.binary.bif.zeek 0.000000 | HookLoadFile ./Zeek_BitTorrent.events.bif.zeek <...>/Zeek_BitTorrent.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek 0.000000 | HookLoadFile ./Zeek_Cluster_WebSocket.events.bif.zeek <...>/Zeek_Cluster_WebSocket.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_ConfigReader.config.bif.zeek <...>/Zeek_ConfigReader.config.bif.zeek 0.000000 | HookLoadFile ./Zeek_ConnSize.events.bif.zeek <...>/Zeek_ConnSize.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_ConnSize.functions.bif.zeek <...>/Zeek_ConnSize.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_DCE_RPC.consts.bif.zeek <...>/Zeek_DCE_RPC.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_DCE_RPC.events.bif.zeek <...>/Zeek_DCE_RPC.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_DCE_RPC.types.bif.zeek <...>/Zeek_DCE_RPC.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_DHCP.events.bif.zeek <...>/Zeek_DHCP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_DHCP.types.bif.zeek <...>/Zeek_DHCP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_DNP3.events.bif.zeek <...>/Zeek_DNP3.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_DNS.events.bif.zeek <...>/Zeek_DNS.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FTP.events.bif.zeek <...>/Zeek_FTP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FTP.functions.bif.zeek <...>/Zeek_FTP.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_File.events.bif.zeek <...>/Zeek_File.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileEntropy.events.bif.zeek <...>/Zeek_FileEntropy.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_Geneve.events.bif.zeek <...>/Zeek_Geneve.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Geneve.functions.bif.zeek <...>/Zeek_Geneve.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_Gnutella.events.bif.zeek <...>/Zeek_Gnutella.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_HTTP.events.bif.zeek <...>/Zeek_HTTP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_HTTP.functions.bif.zeek <...>/Zeek_HTTP.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_ICMP.events.bif.zeek <...>/Zeek_ICMP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_IMAP.events.bif.zeek <...>/Zeek_IMAP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_IRC.events.bif.zeek <...>/Zeek_IRC.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Ident.events.bif.zeek <...>/Zeek_Ident.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_KRB.events.bif.zeek <...>/Zeek_KRB.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_KRB.types.bif.zeek <...>/Zeek_KRB.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_Login.events.bif.zeek <...>/Zeek_Login.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Login.functions.bif.zeek <...>/Zeek_Login.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_MIME.consts.bif.zeek <...>/Zeek_MIME.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_MIME.events.bif.zeek <...>/Zeek_MIME.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_MQTT.events.bif.zeek <...>/Zeek_MQTT.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_MQTT.types.bif.zeek <...>/Zeek_MQTT.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_Modbus.events.bif.zeek <...>/Zeek_Modbus.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_MySQL.events.bif.zeek <...>/Zeek_MySQL.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_NCP.consts.bif.zeek <...>/Zeek_NCP.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_NCP.events.bif.zeek <...>/Zeek_NCP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_NTLM.events.bif.zeek <...>/Zeek_NTLM.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_NTLM.types.bif.zeek <...>/Zeek_NTLM.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_NTP.events.bif.zeek <...>/Zeek_NTP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_NTP.types.bif.zeek <...>/Zeek_NTP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_NetBIOS.events.bif.zeek <...>/Zeek_NetBIOS.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_NetBIOS.functions.bif.zeek <...>/Zeek_NetBIOS.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_NoneWriter.none.bif.zeek <...>/Zeek_NoneWriter.none.bif.zeek 0.000000 | HookLoadFile ./Zeek_PE.events.bif.zeek <...>/Zeek_PE.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_POP3.consts.bif.zeek <...>/Zeek_POP3.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_POP3.events.bif.zeek <...>/Zeek_POP3.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_PPPoE.functions.bif.zeek <...>/Zeek_PPPoE.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_RADIUS.events.bif.zeek <...>/Zeek_RADIUS.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_RDP.events.bif.zeek <...>/Zeek_RDP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_RDP.types.bif.zeek <...>/Zeek_RDP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_RFB.events.bif.zeek <...>/Zeek_RFB.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_RPC.events.bif.zeek <...>/Zeek_RPC.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_RawReader.raw.bif.zeek <...>/Zeek_RawReader.raw.bif.zeek 0.000000 | HookLoadFile ./Zeek_SIP.events.bif.zeek <...>/Zeek_SIP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.consts.bif.zeek <...>/Zeek_SMB.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.events.bif.zeek <...>/Zeek_SMB.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_check_directory.bif.zeek <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_close.bif.zeek <...>/Zeek_SMB.smb1_com_close.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_create_directory.bif.zeek <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_echo.bif.zeek <...>/Zeek_SMB.smb1_com_echo.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_negotiate.bif.zeek <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_query_information.bif.zeek <...>/Zeek_SMB.smb1_com_query_information.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_read_andx.bif.zeek <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_transaction.bif.zeek <...>/Zeek_SMB.smb1_com_transaction.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_transaction2.bif.zeek <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_com_write_andx.bif.zeek <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb1_events.bif.zeek <...>/Zeek_SMB.smb1_events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_close.bif.zeek <...>/Zeek_SMB.smb2_com_close.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_create.bif.zeek <...>/Zeek_SMB.smb2_com_create.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_negotiate.bif.zeek <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_read.bif.zeek <...>/Zeek_SMB.smb2_com_read.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_session_setup.bif.zeek <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_set_info.bif.zeek <...>/Zeek_SMB.smb2_com_set_info.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_transform_header.bif.zeek <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_tree_connect.bif.zeek <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_com_write.bif.zeek <...>/Zeek_SMB.smb2_com_write.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.smb2_events.bif.zeek <...>/Zeek_SMB.smb2_events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMB.types.bif.zeek <...>/Zeek_SMB.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMTP.consts.bif.zeek <...>/Zeek_SMTP.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMTP.events.bif.zeek <...>/Zeek_SMTP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SMTP.functions.bif.zeek <...>/Zeek_SMTP.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_SNMP.events.bif.zeek <...>/Zeek_SNMP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SNMP.types.bif.zeek <...>/Zeek_SNMP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_SOCKS.events.bif.zeek <...>/Zeek_SOCKS.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SQLiteReader.sqlite.bif.zeek <...>/Zeek_SQLiteReader.sqlite.bif.zeek 0.000000 | HookLoadFile ./Zeek_SQLiteWriter.sqlite.bif.zeek <...>/Zeek_SQLiteWriter.sqlite.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSH.events.bif.zeek <...>/Zeek_SSH.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSH.types.bif.zeek <...>/Zeek_SSH.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSL.consts.bif.zeek <...>/Zeek_SSL.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSL.events.bif.zeek <...>/Zeek_SSL.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSL.functions.bif.zeek <...>/Zeek_SSL.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_SSL.types.bif.zeek <...>/Zeek_SSL.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_StreamEvent.events.bif.zeek <...>/Zeek_StreamEvent.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_Teredo.events.bif.zeek <...>/Zeek_Teredo.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Teredo.functions.bif.zeek <...>/Zeek_Teredo.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_UDP.events.bif.zeek <...>/Zeek_UDP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_VXLAN.events.bif.zeek <...>/Zeek_VXLAN.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_WebSocket.consts.bif.zeek <...>/Zeek_WebSocket.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_WebSocket.events.bif.zeek <...>/Zeek_WebSocket.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_WebSocket.functions.bif.zeek <...>/Zeek_WebSocket.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_WebSocket.types.bif.zeek <...>/Zeek_WebSocket.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_X509.events.bif.zeek <...>/Zeek_X509.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_X509.functions.bif.zeek <...>/Zeek_X509.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek 0.000000 | HookLoadFile ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek 0.000000 | HookLoadFile ./addrs <...>/addrs.zeek 0.000000 | HookLoadFile ./analyzer.bif.zeek <...>/analyzer.bif.zeek 0.000000 | HookLoadFile ./api <...>/api.zeek 0.000000 | HookLoadFile ./archive <...>/archive.sig 0.000000 | HookLoadFile ./audio <...>/audio.sig 0.000000 | HookLoadFile ./backpressure <...>/backpressure.zeek 0.000000 | HookLoadFile ./bloom-filter.bif.zeek <...>/bloom-filter.bif.zeek 0.000000 | HookLoadFile ./cardinality-counter.bif.zeek <...>/cardinality-counter.bif.zeek 0.000000 | HookLoadFile ./cluster.bif.zeek <...>/cluster.bif.zeek 0.000000 | HookLoadFile ./comm.bif.zeek <...>/comm.bif.zeek 0.000000 | HookLoadFile ./communityid.bif.zeek <...>/communityid.bif.zeek 0.000000 | HookLoadFile ./const.bif.zeek <...>/const.bif.zeek 0.000000 | HookLoadFile ./contents <...>/contents.zeek 0.000000 | HookLoadFile ./control <...>/control.zeek 0.000000 | HookLoadFile ./data.bif.zeek <...>/data.bif.zeek 0.000000 | HookLoadFile ./dpd <...>/dpd.zeek 0.000000 | HookLoadFile ./dpd.sig <...>/dpd.sig 0.000000 | HookLoadFile ./entities <...>/entities.zeek 0.000000 | HookLoadFile ./event.bif.zeek <...>/event.bif.zeek 0.000000 | HookLoadFile ./executable <...>/executable.sig 0.000000 | HookLoadFile ./file_analysis.bif.zeek <...>/file_analysis.bif.zeek 0.000000 | HookLoadFile ./files <...>/files.zeek 0.000000 | HookLoadFile ./font <...>/font.sig 0.000000 | HookLoadFile ./general <...>/general.sig 0.000000 | HookLoadFile ./hooks.bif.zeek <...>/hooks.bif.zeek 0.000000 | HookLoadFile ./image <...>/image.sig 0.000000 | HookLoadFile ./inactivity <...>/inactivity.zeek 0.000000 | HookLoadFile ./input <...>/input.zeek 0.000000 | HookLoadFile ./input.bif.zeek <...>/input.bif.zeek 0.000000 | HookLoadFile ./java <...>/java.sig 0.000000 | HookLoadFile ./libmagic <...>/libmagic.sig 0.000000 | HookLoadFile ./log <...>/log.zeek 0.000000 | HookLoadFile ./logging <...>/logging.zeek 0.000000 | HookLoadFile ./logging.bif.zeek <...>/logging.bif.zeek 0.000000 | HookLoadFile ./magic <...>/magic 0.000000 | HookLoadFile ./main <...>/main.zeek 0.000000 | HookLoadFile ./main.zeek <...>/main.zeek 0.000000 | HookLoadFile ./messaging.bif.zeek <...>/messaging.bif.zeek 0.000000 | HookLoadFile ./mmdb.bif.zeek <...>/mmdb.bif.zeek 0.000000 | HookLoadFile ./office <...>/office.sig 0.000000 | HookLoadFile ./option.bif.zeek <...>/option.bif.zeek 0.000000 | HookLoadFile ./packet_analysis.bif.zeek <...>/packet_analysis.bif.zeek 0.000000 | HookLoadFile ./patterns <...>/patterns.zeek 0.000000 | HookLoadFile ./pcap.bif.zeek <...>/pcap.bif.zeek 0.000000 | HookLoadFile ./polling <...>/polling.zeek 0.000000 | HookLoadFile ./pools <...>/pools.zeek 0.000000 | HookLoadFile ./postprocessors <...>/postprocessors 0.000000 | HookLoadFile ./programming <...>/programming.sig 0.000000 | HookLoadFile ./pubsub <...>/pubsub.zeek 0.000000 | HookLoadFile ./python <...>/python.sig 0.000000 | HookLoadFile ./removal-hooks <...>/removal-hooks.zeek 0.000000 | HookLoadFile ./reporter.bif.zeek <...>/reporter.bif.zeek 0.000000 | HookLoadFile ./scp <...>/scp.zeek 0.000000 | HookLoadFile ./sftp <...>/sftp.zeek 0.000000 | HookLoadFile ./spicy.bif.zeek <...>/spicy.bif.zeek 0.000000 | HookLoadFile ./stats.bif.zeek <...>/stats.bif.zeek 0.000000 | HookLoadFile ./storage-async.bif.zeek <...>/storage-async.bif.zeek 0.000000 | HookLoadFile ./storage-events.bif.zeek <...>/storage-events.bif.zeek 0.000000 | HookLoadFile ./storage-sync.bif.zeek <...>/storage-sync.bif.zeek 0.000000 | HookLoadFile ./storage.bif.zeek <...>/storage.bif.zeek 0.000000 | HookLoadFile ./store <...>/store.zeek 0.000000 | HookLoadFile ./store.bif.zeek <...>/store.bif.zeek 0.000000 | HookLoadFile ./strings.bif.zeek <...>/strings.bif.zeek 0.000000 | HookLoadFile ./supervisor.bif.zeek <...>/supervisor.bif.zeek 0.000000 | HookLoadFile ./telemetry <...>/telemetry.zeek 0.000000 | HookLoadFile ./telemetry_consts.bif.zeek <...>/telemetry_consts.bif.zeek 0.000000 | HookLoadFile ./telemetry_functions.bif.zeek <...>/telemetry_functions.bif.zeek 0.000000 | HookLoadFile ./telemetry_types.bif.zeek <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFile ./thresholds <...>/thresholds.zeek 0.000000 | HookLoadFile ./top-k.bif.zeek <...>/top-k.bif.zeek 0.000000 | HookLoadFile ./types <...>/types.zeek 0.000000 | HookLoadFile ./types.bif.zeek <...>/types.bif.zeek 0.000000 | HookLoadFile ./utils <...>/utils.zeek 0.000000 | HookLoadFile ./video <...>/video.sig 0.000000 | HookLoadFile ./weird <...>/weird.zeek 0.000000 | HookLoadFile ./zeek.bif.zeek <...>/zeek.bif.zeek 0.000000 | HookLoadFile ./zeekygen.bif.zeek <...>/zeekygen.bif.zeek 0.000000 | HookLoadFile .<...>/ascii <...>/ascii.zeek 0.000000 | HookLoadFile .<...>/benchmark <...>/benchmark.zeek 0.000000 | HookLoadFile .<...>/binary <...>/binary.zeek 0.000000 | HookLoadFile .<...>/config <...>/config.zeek 0.000000 | HookLoadFile .<...>/none <...>/none.zeek 0.000000 | HookLoadFile .<...>/raw <...>/raw.zeek 0.000000 | HookLoadFile .<...>/sqlite <...>/sqlite.zeek 0.000000 | HookLoadFile <...>/__load__.zeek <...>/__load__.zeek 0.000000 | HookLoadFile <...>/__preload__.zeek <...>/__preload__.zeek 0.000000 | HookLoadFile <...>/hooks.zeek <...>/hooks.zeek 0.000000 | HookLoadFile base/bif <...>/bif 0.000000 | HookLoadFile base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek 0.000000 | HookLoadFile base/packet-protocols <...>/packet-protocols 0.000000 | HookLoadFile base<...>/CPP-load.bif <...>/CPP-load.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_Cluster_WebSocket.events.bif.zeek <...>/Zeek_Cluster_WebSocket.events.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_GTPv1.events.bif <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_GTPv1.functions.bif <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_KRB.types.bif <...>/Zeek_KRB.types.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_SNMP.types.bif <...>/Zeek_SNMP.types.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_Teredo.events.bif.zeek <...>/Zeek_Teredo.events.bif.zeek 0.000000 | HookLoadFile base<...>/Zeek_Teredo.functions.bif <...>/Zeek_Teredo.functions.bif.zeek 0.000000 | HookLoadFile base<...>/addrs <...>/addrs.zeek 0.000000 | HookLoadFile base<...>/analyzer <...>/analyzer 0.000000 | HookLoadFile base<...>/analyzer.bif <...>/analyzer.bif.zeek 0.000000 | HookLoadFile base<...>/api <...>/api.zeek 0.000000 | HookLoadFile base<...>/ayiya <...>/ayiya 0.000000 | HookLoadFile base<...>/broker <...>/broker 0.000000 | HookLoadFile base<...>/cluster <...>/cluster 0.000000 | HookLoadFile base<...>/cluster.bif <...>/cluster.bif.zeek 0.000000 | HookLoadFile base<...>/comm.bif <...>/comm.bif.zeek 0.000000 | HookLoadFile base<...>/communityid.bif <...>/communityid.bif.zeek 0.000000 | HookLoadFile base<...>/config <...>/config 0.000000 | HookLoadFile base<...>/conn <...>/conn 0.000000 | HookLoadFile base<...>/conn-ids <...>/conn-ids.zeek 0.000000 | HookLoadFile base<...>/const.bif <...>/const.bif.zeek 0.000000 | HookLoadFile base<...>/control <...>/control 0.000000 | HookLoadFile base<...>/data.bif <...>/data.bif.zeek 0.000000 | HookLoadFile base<...>/ethernet <...>/ethernet 0.000000 | HookLoadFile base<...>/event.bif <...>/event.bif.zeek 0.000000 | HookLoadFile base<...>/fddi <...>/fddi 0.000000 | HookLoadFile base<...>/file_analysis.bif <...>/file_analysis.bif.zeek 0.000000 | HookLoadFile base<...>/files <...>/files 0.000000 | HookLoadFile base<...>/files <...>/files.zeek 0.000000 | HookLoadFile base<...>/geneve <...>/geneve 0.000000 | HookLoadFile base<...>/gre <...>/gre 0.000000 | HookLoadFile base<...>/gtpv1 <...>/gtpv1 0.000000 | HookLoadFile base<...>/hash_hrw <...>/hash_hrw.zeek 0.000000 | HookLoadFile base<...>/http <...>/http 0.000000 | HookLoadFile base<...>/icmp <...>/icmp 0.000000 | HookLoadFile base<...>/ieee802_11 <...>/ieee802_11 0.000000 | HookLoadFile base<...>/ieee802_11_radio <...>/ieee802_11_radio 0.000000 | HookLoadFile base<...>/init-bare <...>/init-bare.zeek 0.000000 | HookLoadFile base<...>/init-framework <...>/init-framework.zeek 0.000000 | HookLoadFile base<...>/input <...>/input 0.000000 | HookLoadFile base<...>/input.bif <...>/input.bif.zeek 0.000000 | HookLoadFile base<...>/ip <...>/ip 0.000000 | HookLoadFile base<...>/iptunnel <...>/iptunnel 0.000000 | HookLoadFile base<...>/linux_sll <...>/linux_sll 0.000000 | HookLoadFile base<...>/linux_sll2 <...>/linux_sll2 0.000000 | HookLoadFile base<...>/llc <...>/llc 0.000000 | HookLoadFile base<...>/logging <...>/logging 0.000000 | HookLoadFile base<...>/logging.bif <...>/logging.bif.zeek 0.000000 | HookLoadFile base<...>/main <...>/main.zeek 0.000000 | HookLoadFile base<...>/main.zeek <...>/main.zeek 0.000000 | HookLoadFile base<...>/messaging.bif <...>/messaging.bif.zeek 0.000000 | HookLoadFile base<...>/mmdb.bif <...>/mmdb.bif.zeek 0.000000 | HookLoadFile base<...>/mpls <...>/mpls 0.000000 | HookLoadFile base<...>/nflog <...>/nflog 0.000000 | HookLoadFile base<...>/novell_802_3 <...>/novell_802_3 0.000000 | HookLoadFile base<...>/null <...>/null 0.000000 | HookLoadFile base<...>/numbers <...>/numbers.zeek 0.000000 | HookLoadFile base<...>/option.bif <...>/option.bif.zeek 0.000000 | HookLoadFile base<...>/options <...>/options.zeek 0.000000 | HookLoadFile base<...>/packet_analysis.bif <...>/packet_analysis.bif.zeek 0.000000 | HookLoadFile base<...>/pbb <...>/pbb 0.000000 | HookLoadFile base<...>/plugins <...>/plugins 0.000000 | HookLoadFile base<...>/ppp <...>/ppp 0.000000 | HookLoadFile base<...>/ppp_serial <...>/ppp_serial 0.000000 | HookLoadFile base<...>/pppoe <...>/pppoe 0.000000 | HookLoadFile base<...>/removal-hooks <...>/removal-hooks.zeek 0.000000 | HookLoadFile base<...>/reporter.bif <...>/reporter.bif.zeek 0.000000 | HookLoadFile base<...>/root <...>/root 0.000000 | HookLoadFile base<...>/site <...>/site.zeek 0.000000 | HookLoadFile base<...>/skip <...>/skip 0.000000 | HookLoadFile base<...>/snap <...>/snap 0.000000 | HookLoadFile base<...>/stats.bif <...>/stats.bif.zeek 0.000000 | HookLoadFile base<...>/store.bif <...>/store.bif.zeek 0.000000 | HookLoadFile base<...>/strings <...>/strings.zeek 0.000000 | HookLoadFile base<...>/strings.bif <...>/strings.bif.zeek 0.000000 | HookLoadFile base<...>/supervisor <...>/supervisor 0.000000 | HookLoadFile base<...>/supervisor.bif <...>/supervisor.bif.zeek 0.000000 | HookLoadFile base<...>/tcp <...>/tcp 0.000000 | HookLoadFile base<...>/telemetry_functions.bif <...>/telemetry_functions.bif.zeek 0.000000 | HookLoadFile base<...>/telemetry_types.bif <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFile base<...>/teredo <...>/teredo 0.000000 | HookLoadFile base<...>/tunnels <...>/tunnels 0.000000 | HookLoadFile base<...>/types.bif <...>/types.bif.zeek 0.000000 | HookLoadFile base<...>/udp <...>/udp 0.000000 | HookLoadFile base<...>/utils <...>/utils.zeek 0.000000 | HookLoadFile base<...>/vlan <...>/vlan 0.000000 | HookLoadFile base<...>/vntag <...>/vntag 0.000000 | HookLoadFile base<...>/vxlan <...>/vxlan 0.000000 | HookLoadFile base<...>/weird <...>/weird.zeek 0.000000 | HookLoadFile base<...>/zeek.bif <...>/zeek.bif.zeek 0.000000 | HookLoadFile builtin-plugins/__load__.zeek <...>/__load__.zeek 0.000000 | HookLoadFile builtin-plugins/__preload__.zeek <...>/__preload__.zeek 0.000000 | HookLoadFile s1.sig ./s1.sig 0.000000 | HookLoadFile s2 ./s2.sig 0.000000 | HookLoadFileExtended ./CPP-load.bif.zeek <...>/CPP-load.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_ARP.events.bif.zeek <...>/Zeek_ARP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_AsciiReader.ascii.bif.zeek <...>/Zeek_AsciiReader.ascii.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_AsciiWriter.ascii.bif.zeek <...>/Zeek_AsciiWriter.ascii.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_BenchmarkReader.benchmark.bif.zeek <...>/Zeek_BenchmarkReader.benchmark.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_BinaryReader.binary.bif.zeek <...>/Zeek_BinaryReader.binary.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_BitTorrent.events.bif.zeek <...>/Zeek_BitTorrent.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek <...>/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Cluster_WebSocket.events.bif.zeek <...>/Zeek_Cluster_WebSocket.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_ConfigReader.config.bif.zeek <...>/Zeek_ConfigReader.config.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_ConnSize.events.bif.zeek <...>/Zeek_ConnSize.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_ConnSize.functions.bif.zeek <...>/Zeek_ConnSize.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DCE_RPC.consts.bif.zeek <...>/Zeek_DCE_RPC.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DCE_RPC.events.bif.zeek <...>/Zeek_DCE_RPC.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DCE_RPC.types.bif.zeek <...>/Zeek_DCE_RPC.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DHCP.events.bif.zeek <...>/Zeek_DHCP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DHCP.types.bif.zeek <...>/Zeek_DHCP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DNP3.events.bif.zeek <...>/Zeek_DNP3.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_DNS.events.bif.zeek <...>/Zeek_DNS.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FTP.events.bif.zeek <...>/Zeek_FTP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FTP.functions.bif.zeek <...>/Zeek_FTP.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_File.events.bif.zeek <...>/Zeek_File.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileEntropy.events.bif.zeek <...>/Zeek_FileEntropy.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Geneve.events.bif.zeek <...>/Zeek_Geneve.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Geneve.functions.bif.zeek <...>/Zeek_Geneve.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Gnutella.events.bif.zeek <...>/Zeek_Gnutella.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_HTTP.events.bif.zeek <...>/Zeek_HTTP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_HTTP.functions.bif.zeek <...>/Zeek_HTTP.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_ICMP.events.bif.zeek <...>/Zeek_ICMP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_IMAP.events.bif.zeek <...>/Zeek_IMAP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_IRC.events.bif.zeek <...>/Zeek_IRC.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Ident.events.bif.zeek <...>/Zeek_Ident.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_KRB.events.bif.zeek <...>/Zeek_KRB.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_KRB.types.bif.zeek <...>/Zeek_KRB.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Login.events.bif.zeek <...>/Zeek_Login.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Login.functions.bif.zeek <...>/Zeek_Login.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_MIME.consts.bif.zeek <...>/Zeek_MIME.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_MIME.events.bif.zeek <...>/Zeek_MIME.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_MQTT.events.bif.zeek <...>/Zeek_MQTT.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_MQTT.types.bif.zeek <...>/Zeek_MQTT.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Modbus.events.bif.zeek <...>/Zeek_Modbus.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_MySQL.events.bif.zeek <...>/Zeek_MySQL.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NCP.consts.bif.zeek <...>/Zeek_NCP.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NCP.events.bif.zeek <...>/Zeek_NCP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NTLM.events.bif.zeek <...>/Zeek_NTLM.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NTLM.types.bif.zeek <...>/Zeek_NTLM.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NTP.events.bif.zeek <...>/Zeek_NTP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NTP.types.bif.zeek <...>/Zeek_NTP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NetBIOS.events.bif.zeek <...>/Zeek_NetBIOS.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NetBIOS.functions.bif.zeek <...>/Zeek_NetBIOS.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_NoneWriter.none.bif.zeek <...>/Zeek_NoneWriter.none.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_PE.events.bif.zeek <...>/Zeek_PE.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_POP3.consts.bif.zeek <...>/Zeek_POP3.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_POP3.events.bif.zeek <...>/Zeek_POP3.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_PPPoE.functions.bif.zeek <...>/Zeek_PPPoE.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RADIUS.events.bif.zeek <...>/Zeek_RADIUS.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RDP.events.bif.zeek <...>/Zeek_RDP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RDP.types.bif.zeek <...>/Zeek_RDP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RFB.events.bif.zeek <...>/Zeek_RFB.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RPC.events.bif.zeek <...>/Zeek_RPC.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_RawReader.raw.bif.zeek <...>/Zeek_RawReader.raw.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SIP.events.bif.zeek <...>/Zeek_SIP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.consts.bif.zeek <...>/Zeek_SMB.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.events.bif.zeek <...>/Zeek_SMB.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_check_directory.bif.zeek <...>/Zeek_SMB.smb1_com_check_directory.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_close.bif.zeek <...>/Zeek_SMB.smb1_com_close.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_create_directory.bif.zeek <...>/Zeek_SMB.smb1_com_create_directory.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_echo.bif.zeek <...>/Zeek_SMB.smb1_com_echo.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_logoff_andx.bif.zeek <...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_negotiate.bif.zeek <...>/Zeek_SMB.smb1_com_negotiate.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_nt_cancel.bif.zeek <...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_nt_create_andx.bif.zeek <...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_query_information.bif.zeek <...>/Zeek_SMB.smb1_com_query_information.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_read_andx.bif.zeek <...>/Zeek_SMB.smb1_com_read_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_session_setup_andx.bif.zeek <...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_transaction.bif.zeek <...>/Zeek_SMB.smb1_com_transaction.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_transaction2.bif.zeek <...>/Zeek_SMB.smb1_com_transaction2.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek <...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_transaction_secondary.bif.zeek <...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek <...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_tree_disconnect.bif.zeek <...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_com_write_andx.bif.zeek <...>/Zeek_SMB.smb1_com_write_andx.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb1_events.bif.zeek <...>/Zeek_SMB.smb1_events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_close.bif.zeek <...>/Zeek_SMB.smb2_com_close.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_create.bif.zeek <...>/Zeek_SMB.smb2_com_create.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_negotiate.bif.zeek <...>/Zeek_SMB.smb2_com_negotiate.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_read.bif.zeek <...>/Zeek_SMB.smb2_com_read.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_session_setup.bif.zeek <...>/Zeek_SMB.smb2_com_session_setup.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_set_info.bif.zeek <...>/Zeek_SMB.smb2_com_set_info.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_transform_header.bif.zeek <...>/Zeek_SMB.smb2_com_transform_header.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_tree_connect.bif.zeek <...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_tree_disconnect.bif.zeek <...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_com_write.bif.zeek <...>/Zeek_SMB.smb2_com_write.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.smb2_events.bif.zeek <...>/Zeek_SMB.smb2_events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMB.types.bif.zeek <...>/Zeek_SMB.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMTP.consts.bif.zeek <...>/Zeek_SMTP.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMTP.events.bif.zeek <...>/Zeek_SMTP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SMTP.functions.bif.zeek <...>/Zeek_SMTP.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SNMP.events.bif.zeek <...>/Zeek_SNMP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SNMP.types.bif.zeek <...>/Zeek_SNMP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SOCKS.events.bif.zeek <...>/Zeek_SOCKS.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SQLiteReader.sqlite.bif.zeek <...>/Zeek_SQLiteReader.sqlite.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SQLiteWriter.sqlite.bif.zeek <...>/Zeek_SQLiteWriter.sqlite.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSH.events.bif.zeek <...>/Zeek_SSH.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSH.types.bif.zeek <...>/Zeek_SSH.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSL.consts.bif.zeek <...>/Zeek_SSL.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSL.events.bif.zeek <...>/Zeek_SSL.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSL.functions.bif.zeek <...>/Zeek_SSL.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_SSL.types.bif.zeek <...>/Zeek_SSL.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_StreamEvent.events.bif.zeek <...>/Zeek_StreamEvent.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Teredo.events.bif.zeek <...>/Zeek_Teredo.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Teredo.functions.bif.zeek <...>/Zeek_Teredo.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_UDP.events.bif.zeek <...>/Zeek_UDP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_VXLAN.events.bif.zeek <...>/Zeek_VXLAN.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_WebSocket.consts.bif.zeek <...>/Zeek_WebSocket.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_WebSocket.events.bif.zeek <...>/Zeek_WebSocket.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_WebSocket.functions.bif.zeek <...>/Zeek_WebSocket.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_WebSocket.types.bif.zeek <...>/Zeek_WebSocket.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_X509.events.bif.zeek <...>/Zeek_X509.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_X509.functions.bif.zeek <...>/Zeek_X509.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek 0.000000 | HookLoadFileExtended ./addrs <...>/addrs.zeek 0.000000 | HookLoadFileExtended ./analyzer.bif.zeek <...>/analyzer.bif.zeek 0.000000 | HookLoadFileExtended ./api <...>/api.zeek 0.000000 | HookLoadFileExtended ./archive <...>/archive.sig 0.000000 | HookLoadFileExtended ./audio <...>/audio.sig 0.000000 | HookLoadFileExtended ./backpressure <...>/backpressure.zeek 0.000000 | HookLoadFileExtended ./bloom-filter.bif.zeek <...>/bloom-filter.bif.zeek 0.000000 | HookLoadFileExtended ./cardinality-counter.bif.zeek <...>/cardinality-counter.bif.zeek 0.000000 | HookLoadFileExtended ./cluster.bif.zeek <...>/cluster.bif.zeek 0.000000 | HookLoadFileExtended ./comm.bif.zeek <...>/comm.bif.zeek 0.000000 | HookLoadFileExtended ./communityid.bif.zeek <...>/communityid.bif.zeek 0.000000 | HookLoadFileExtended ./const.bif.zeek <...>/const.bif.zeek 0.000000 | HookLoadFileExtended ./contents <...>/contents.zeek 0.000000 | HookLoadFileExtended ./control <...>/control.zeek 0.000000 | HookLoadFileExtended ./data.bif.zeek <...>/data.bif.zeek 0.000000 | HookLoadFileExtended ./dpd <...>/dpd.zeek 0.000000 | HookLoadFileExtended ./dpd.sig <...>/dpd.sig 0.000000 | HookLoadFileExtended ./entities <...>/entities.zeek 0.000000 | HookLoadFileExtended ./event.bif.zeek <...>/event.bif.zeek 0.000000 | HookLoadFileExtended ./executable <...>/executable.sig 0.000000 | HookLoadFileExtended ./file_analysis.bif.zeek <...>/file_analysis.bif.zeek 0.000000 | HookLoadFileExtended ./files <...>/files.zeek 0.000000 | HookLoadFileExtended ./font <...>/font.sig 0.000000 | HookLoadFileExtended ./general <...>/general.sig 0.000000 | HookLoadFileExtended ./hooks.bif.zeek <...>/hooks.bif.zeek 0.000000 | HookLoadFileExtended ./image <...>/image.sig 0.000000 | HookLoadFileExtended ./inactivity <...>/inactivity.zeek 0.000000 | HookLoadFileExtended ./input <...>/input.zeek 0.000000 | HookLoadFileExtended ./input.bif.zeek <...>/input.bif.zeek 0.000000 | HookLoadFileExtended ./java <...>/java.sig 0.000000 | HookLoadFileExtended ./libmagic <...>/libmagic.sig 0.000000 | HookLoadFileExtended ./log <...>/log.zeek 0.000000 | HookLoadFileExtended ./logging <...>/logging.zeek 0.000000 | HookLoadFileExtended ./logging.bif.zeek <...>/logging.bif.zeek 0.000000 | HookLoadFileExtended ./magic <...>/magic 0.000000 | HookLoadFileExtended ./main <...>/main.zeek 0.000000 | HookLoadFileExtended ./main.zeek <...>/main.zeek 0.000000 | HookLoadFileExtended ./messaging.bif.zeek <...>/messaging.bif.zeek 0.000000 | HookLoadFileExtended ./mmdb.bif.zeek <...>/mmdb.bif.zeek 0.000000 | HookLoadFileExtended ./office <...>/office.sig 0.000000 | HookLoadFileExtended ./option.bif.zeek <...>/option.bif.zeek 0.000000 | HookLoadFileExtended ./packet_analysis.bif.zeek <...>/packet_analysis.bif.zeek 0.000000 | HookLoadFileExtended ./patterns <...>/patterns.zeek 0.000000 | HookLoadFileExtended ./pcap.bif.zeek <...>/pcap.bif.zeek 0.000000 | HookLoadFileExtended ./polling <...>/polling.zeek 0.000000 | HookLoadFileExtended ./pools <...>/pools.zeek 0.000000 | HookLoadFileExtended ./postprocessors <...>/postprocessors 0.000000 | HookLoadFileExtended ./programming <...>/programming.sig 0.000000 | HookLoadFileExtended ./pubsub <...>/pubsub.zeek 0.000000 | HookLoadFileExtended ./python <...>/python.sig 0.000000 | HookLoadFileExtended ./removal-hooks <...>/removal-hooks.zeek 0.000000 | HookLoadFileExtended ./reporter.bif.zeek <...>/reporter.bif.zeek 0.000000 | HookLoadFileExtended ./scp <...>/scp.zeek 0.000000 | HookLoadFileExtended ./sftp <...>/sftp.zeek 0.000000 | HookLoadFileExtended ./spicy.bif.zeek <...>/spicy.bif.zeek 0.000000 | HookLoadFileExtended ./stats.bif.zeek <...>/stats.bif.zeek 0.000000 | HookLoadFileExtended ./storage-async.bif.zeek <...>/storage-async.bif.zeek 0.000000 | HookLoadFileExtended ./storage-events.bif.zeek <...>/storage-events.bif.zeek 0.000000 | HookLoadFileExtended ./storage-sync.bif.zeek <...>/storage-sync.bif.zeek 0.000000 | HookLoadFileExtended ./storage.bif.zeek <...>/storage.bif.zeek 0.000000 | HookLoadFileExtended ./store <...>/store.zeek 0.000000 | HookLoadFileExtended ./store.bif.zeek <...>/store.bif.zeek 0.000000 | HookLoadFileExtended ./strings.bif.zeek <...>/strings.bif.zeek 0.000000 | HookLoadFileExtended ./supervisor.bif.zeek <...>/supervisor.bif.zeek 0.000000 | HookLoadFileExtended ./telemetry <...>/telemetry.zeek 0.000000 | HookLoadFileExtended ./telemetry_consts.bif.zeek <...>/telemetry_consts.bif.zeek 0.000000 | HookLoadFileExtended ./telemetry_functions.bif.zeek <...>/telemetry_functions.bif.zeek 0.000000 | HookLoadFileExtended ./telemetry_types.bif.zeek <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFileExtended ./thresholds <...>/thresholds.zeek 0.000000 | HookLoadFileExtended ./top-k.bif.zeek <...>/top-k.bif.zeek 0.000000 | HookLoadFileExtended ./types <...>/types.zeek 0.000000 | HookLoadFileExtended ./types.bif.zeek <...>/types.bif.zeek 0.000000 | HookLoadFileExtended ./utils <...>/utils.zeek 0.000000 | HookLoadFileExtended ./video <...>/video.sig 0.000000 | HookLoadFileExtended ./weird <...>/weird.zeek 0.000000 | HookLoadFileExtended ./zeek.bif.zeek <...>/zeek.bif.zeek 0.000000 | HookLoadFileExtended ./zeekygen.bif.zeek <...>/zeekygen.bif.zeek 0.000000 | HookLoadFileExtended .<...>/ascii <...>/ascii.zeek 0.000000 | HookLoadFileExtended .<...>/benchmark <...>/benchmark.zeek 0.000000 | HookLoadFileExtended .<...>/binary <...>/binary.zeek 0.000000 | HookLoadFileExtended .<...>/config <...>/config.zeek 0.000000 | HookLoadFileExtended .<...>/none <...>/none.zeek 0.000000 | HookLoadFileExtended .<...>/raw <...>/raw.zeek 0.000000 | HookLoadFileExtended .<...>/sqlite <...>/sqlite.zeek 0.000000 | HookLoadFileExtended <...>/__load__.zeek <...>/__load__.zeek 0.000000 | HookLoadFileExtended <...>/__preload__.zeek <...>/__preload__.zeek 0.000000 | HookLoadFileExtended <...>/hooks.zeek <...>/hooks.zeek 0.000000 | HookLoadFileExtended base/bif <...>/bif 0.000000 | HookLoadFileExtended base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek 0.000000 | HookLoadFileExtended base/packet-protocols <...>/packet-protocols 0.000000 | HookLoadFileExtended base<...>/CPP-load.bif <...>/CPP-load.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_Cluster_WebSocket.events.bif.zeek <...>/Zeek_Cluster_WebSocket.events.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_GTPv1.events.bif <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_GTPv1.functions.bif <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_KRB.types.bif <...>/Zeek_KRB.types.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_SNMP.types.bif <...>/Zeek_SNMP.types.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_Teredo.events.bif.zeek <...>/Zeek_Teredo.events.bif.zeek 0.000000 | HookLoadFileExtended base<...>/Zeek_Teredo.functions.bif <...>/Zeek_Teredo.functions.bif.zeek 0.000000 | HookLoadFileExtended base<...>/addrs <...>/addrs.zeek 0.000000 | HookLoadFileExtended base<...>/analyzer <...>/analyzer 0.000000 | HookLoadFileExtended base<...>/analyzer.bif <...>/analyzer.bif.zeek 0.000000 | HookLoadFileExtended base<...>/api <...>/api.zeek 0.000000 | HookLoadFileExtended base<...>/ayiya <...>/ayiya 0.000000 | HookLoadFileExtended base<...>/broker <...>/broker 0.000000 | HookLoadFileExtended base<...>/cluster <...>/cluster 0.000000 | HookLoadFileExtended base<...>/cluster.bif <...>/cluster.bif.zeek 0.000000 | HookLoadFileExtended base<...>/comm.bif <...>/comm.bif.zeek 0.000000 | HookLoadFileExtended base<...>/communityid.bif <...>/communityid.bif.zeek 0.000000 | HookLoadFileExtended base<...>/config <...>/config 0.000000 | HookLoadFileExtended base<...>/conn <...>/conn 0.000000 | HookLoadFileExtended base<...>/conn-ids <...>/conn-ids.zeek 0.000000 | HookLoadFileExtended base<...>/const.bif <...>/const.bif.zeek 0.000000 | HookLoadFileExtended base<...>/control <...>/control 0.000000 | HookLoadFileExtended base<...>/data.bif <...>/data.bif.zeek 0.000000 | HookLoadFileExtended base<...>/ethernet <...>/ethernet 0.000000 | HookLoadFileExtended base<...>/event.bif <...>/event.bif.zeek 0.000000 | HookLoadFileExtended base<...>/fddi <...>/fddi 0.000000 | HookLoadFileExtended base<...>/file_analysis.bif <...>/file_analysis.bif.zeek 0.000000 | HookLoadFileExtended base<...>/files <...>/files 0.000000 | HookLoadFileExtended base<...>/files <...>/files.zeek 0.000000 | HookLoadFileExtended base<...>/geneve <...>/geneve 0.000000 | HookLoadFileExtended base<...>/gre <...>/gre 0.000000 | HookLoadFileExtended base<...>/gtpv1 <...>/gtpv1 0.000000 | HookLoadFileExtended base<...>/hash_hrw <...>/hash_hrw.zeek 0.000000 | HookLoadFileExtended base<...>/http <...>/http 0.000000 | HookLoadFileExtended base<...>/icmp <...>/icmp 0.000000 | HookLoadFileExtended base<...>/ieee802_11 <...>/ieee802_11 0.000000 | HookLoadFileExtended base<...>/ieee802_11_radio <...>/ieee802_11_radio 0.000000 | HookLoadFileExtended base<...>/init-bare <...>/init-bare.zeek 0.000000 | HookLoadFileExtended base<...>/init-framework <...>/init-framework.zeek 0.000000 | HookLoadFileExtended base<...>/input <...>/input 0.000000 | HookLoadFileExtended base<...>/input.bif <...>/input.bif.zeek 0.000000 | HookLoadFileExtended base<...>/ip <...>/ip 0.000000 | HookLoadFileExtended base<...>/iptunnel <...>/iptunnel 0.000000 | HookLoadFileExtended base<...>/linux_sll <...>/linux_sll 0.000000 | HookLoadFileExtended base<...>/linux_sll2 <...>/linux_sll2 0.000000 | HookLoadFileExtended base<...>/llc <...>/llc 0.000000 | HookLoadFileExtended base<...>/logging <...>/logging 0.000000 | HookLoadFileExtended base<...>/logging.bif <...>/logging.bif.zeek 0.000000 | HookLoadFileExtended base<...>/main <...>/main.zeek 0.000000 | HookLoadFileExtended base<...>/main.zeek <...>/main.zeek 0.000000 | HookLoadFileExtended base<...>/messaging.bif <...>/messaging.bif.zeek 0.000000 | HookLoadFileExtended base<...>/mmdb.bif <...>/mmdb.bif.zeek 0.000000 | HookLoadFileExtended base<...>/mpls <...>/mpls 0.000000 | HookLoadFileExtended base<...>/nflog <...>/nflog 0.000000 | HookLoadFileExtended base<...>/novell_802_3 <...>/novell_802_3 0.000000 | HookLoadFileExtended base<...>/null <...>/null 0.000000 | HookLoadFileExtended base<...>/numbers <...>/numbers.zeek 0.000000 | HookLoadFileExtended base<...>/option.bif <...>/option.bif.zeek 0.000000 | HookLoadFileExtended base<...>/options <...>/options.zeek 0.000000 | HookLoadFileExtended base<...>/packet_analysis.bif <...>/packet_analysis.bif.zeek 0.000000 | HookLoadFileExtended base<...>/pbb <...>/pbb 0.000000 | HookLoadFileExtended base<...>/plugins <...>/plugins 0.000000 | HookLoadFileExtended base<...>/ppp <...>/ppp 0.000000 | HookLoadFileExtended base<...>/ppp_serial <...>/ppp_serial 0.000000 | HookLoadFileExtended base<...>/pppoe <...>/pppoe 0.000000 | HookLoadFileExtended base<...>/removal-hooks <...>/removal-hooks.zeek 0.000000 | HookLoadFileExtended base<...>/reporter.bif <...>/reporter.bif.zeek 0.000000 | HookLoadFileExtended base<...>/root <...>/root 0.000000 | HookLoadFileExtended base<...>/site <...>/site.zeek 0.000000 | HookLoadFileExtended base<...>/skip <...>/skip 0.000000 | HookLoadFileExtended base<...>/snap <...>/snap 0.000000 | HookLoadFileExtended base<...>/stats.bif <...>/stats.bif.zeek 0.000000 | HookLoadFileExtended base<...>/store.bif <...>/store.bif.zeek 0.000000 | HookLoadFileExtended base<...>/strings <...>/strings.zeek 0.000000 | HookLoadFileExtended base<...>/strings.bif <...>/strings.bif.zeek 0.000000 | HookLoadFileExtended base<...>/supervisor <...>/supervisor 0.000000 | HookLoadFileExtended base<...>/supervisor.bif <...>/supervisor.bif.zeek 0.000000 | HookLoadFileExtended base<...>/tcp <...>/tcp 0.000000 | HookLoadFileExtended base<...>/telemetry_functions.bif <...>/telemetry_functions.bif.zeek 0.000000 | HookLoadFileExtended base<...>/telemetry_types.bif <...>/telemetry_types.bif.zeek 0.000000 | HookLoadFileExtended base<...>/teredo <...>/teredo 0.000000 | HookLoadFileExtended base<...>/tunnels <...>/tunnels 0.000000 | HookLoadFileExtended base<...>/types.bif <...>/types.bif.zeek 0.000000 | HookLoadFileExtended base<...>/udp <...>/udp 0.000000 | HookLoadFileExtended base<...>/utils <...>/utils.zeek 0.000000 | HookLoadFileExtended base<...>/vlan <...>/vlan 0.000000 | HookLoadFileExtended base<...>/vntag <...>/vntag 0.000000 | HookLoadFileExtended base<...>/vxlan <...>/vxlan 0.000000 | HookLoadFileExtended base<...>/weird <...>/weird.zeek 0.000000 | HookLoadFileExtended base<...>/zeek.bif <...>/zeek.bif.zeek 0.000000 | HookLoadFileExtended builtin-plugins/__load__.zeek <...>/__load__.zeek 0.000000 | HookLoadFileExtended builtin-plugins/__preload__.zeek <...>/__preload__.zeek 0.000000 | HookLoadFileExtended s1.sig ./s1.sig 0.000000 | HookLoadFileExtended s2 ./s2.sig 0.000000 | HookQueueEvent zeek_init() XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Site::is_local_addr, , (141.142.228.5)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Site::is_local_addr, , (192.150.187.43)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost ObjDtor() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Site::is_local_addr, , (141.142.228.5)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Site::is_local_addr, , (192.150.187.43)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre ObjDtor() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) XXXXXXXXXX.XXXXXX MetaHookPre SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookObjDtor XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() XXXXXXXXXX.XXXXXX | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], F) XXXXXXXXXX.XXXXXX | HookCallFunction Site::is_local_addr(141.142.228.5) XXXXXXXXXX.XXXXXX | HookCallFunction Site::is_local_addr(192.150.187.43) XXXXXXXXXX.XXXXXX | HookCallFunction get_port_transport_proto(80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=]) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() XXXXXXXXXX.XXXXXX | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=, extract_orig=F, extract_resp=F, thresholds=, http=, http_state=]) XXXXXXXXXX.XXXXXX | HookSetupAnalyzerTree XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80 XXXXXXXXXX.XXXXXX | RequestObjDtor Broker::log_flush() XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=])) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=]) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=]) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0]], HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(analyzer_confirmation_info, , (Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, ..., ...) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0))) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Accept, ACCEPT, */*)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Host, HOST, bro.org)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Connection, CONNECTION, Keep-Alive)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(is_protocol_analyzer, , (Analyzer::ANALYZER_HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(network_time, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(analyzer_confirmation_info(Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Accept, ACCEPT, */*)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Connection, CONNECTION, Keep-Alive)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Host, HOST, bro.org)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0))) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1)) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0]], HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(analyzer_confirmation_info, , (Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, ..., ...) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0))) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Accept, ACCEPT, */*)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Host, HOST, bro.org)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(is_protocol_analyzer, , (Analyzer::ANALYZER_HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(network_time, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(analyzer_confirmation_info(Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Accept, ACCEPT, */*)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Host, HOST, bro.org)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0))) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1)) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::register_removal_hook([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0]], HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction analyzer_confirmation_info(Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3]) XXXXXXXXXX.XXXXXX | HookCallFunction cat(...) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0)) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Accept, ACCEPT, */*) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Host, HOST, bro.org) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) XXXXXXXXXX.XXXXXX | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]) XXXXXXXXXX.XXXXXX | HookCallFunction is_protocol_analyzer(Analyzer::ANALYZER_HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction network_time() XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent analyzer_confirmation_info(Analyzer::ANALYZER_HTTP, [c=[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], f=, aid=3]) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Accept, ACCEPT, */*) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, Host, HOST, bro.org) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], T, User-Agent, USER-AGENT, Wget/1.14 (darwin12.2.0)) XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) XXXXXXXXXX.XXXXXX | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks=, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=, http_state=], GET, <...>/CHANGES.bro-aux.txt, <...>/CHANGES.bro-aux.txt, 1.1) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], 524288)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Site::is_local_addr, , (192.150.187.43)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, ..., ...) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0")) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora))) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0")) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora))) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK)) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], 524288)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Site::is_local_addr, , (192.150.187.43)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, ..., ...) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0")) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora))) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0")) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora))) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK)) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Files::__enable_reassembly(FMnxxt3xjVcWNS2141) XXXXXXXXXX.XXXXXX | HookCallFunction Files::__set_reassembly_buffer(FMnxxt3xjVcWNS2141, 524288) XXXXXXXXXX.XXXXXX | HookCallFunction Files::enable_reassembly([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_reassembly_buffer_size([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], 524288) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction Site::is_local_addr(192.150.187.43) XXXXXXXXXX.XXXXXX | HookCallFunction cat(...) XXXXXXXXXX.XXXXXX | HookCallFunction file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=]) XXXXXXXXXX.XXXXXX | HookCallFunction file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0") XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora)) XXXXXXXXXX.XXXXXX | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, http=]) XXXXXXXXXX.XXXXXX | HookQueueEvent file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=], [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Accept-Ranges, ACCEPT-RANGES, bytes) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Length, CONTENT-LENGTH, 4705) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Content-Type, CONTENT-TYPE, text/plain; charset=UTF-8) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, ETag, ETAG, "1261-4c870358a6fc0") XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], F, Server, SERVER, Apache/2.4.3 (Fedora)) XXXXXXXXXX.XXXXXX | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1]], 1.1, 200, OK) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, ..., ...) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), fuid (string), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string)}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), fuid (string), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string)}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, ..., ...) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), fuid (string), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string)}) XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), fuid (string), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string)}, ) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Files::log_policy([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], Files::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) XXXXXXXXXX.XXXXXX | HookCallFunction cat(...) XXXXXXXXXX.XXXXXX | HookCallFunction file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T]) XXXXXXXXXX.XXXXXX | HookCallFunction file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]]) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookLogInit files 1/1 {ts (time), fuid (string), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string)} XXXXXXXXXX.XXXXXX | HookLogInit http 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])} XXXXXXXXXX.XXXXXX | HookLogWrite files [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, source=HTTP, depth=0, analyzers=, mime_type=text/plain, filename=, duration=0.000263, local_orig=F, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=] XXXXXXXXXX.XXXXXX | HookLogWrite http [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags=, username=, password=, proxied=, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=FMnxxt3xjVcWNS2141, resp_filenames=, resp_mime_types=text/plain] XXXXXXXXXX.XXXXXX | HookQueueEvent file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=F, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]], [mime_type=text/plain, mime_types=[[strength=-20, mime=text/plain]], inferred=T]) XXXXXXXXXX.XXXXXX | HookQueueEvent file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]] = [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=1448, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 167.951584 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=\x0a0.26 | 2012-08-24 15:10:04 -0700\x0a\x0a * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)\x0a\x0a * Fixing GPG signing script. (Robin Sommer)\x0a\x0a0.25 | 2012-08-01 13:55:46 -0500\x0a\x0a * Fix configure script to exit with non-zero status on error (Jon Siwek)\x0a\x0a0.24 | 2012-07-05 12:50:43 -0700\x0a\x0a * Raise minimum required CMake version to 2.6.3 (Jon Siwek)\x0a\x0a * Adding script to delete old fully-merged branches. (Robin Sommer)\x0a\x0a0.23-2 | 2012-01-25 13:24:01 -0800\x0a\x0a * Fix a bro-cut error message. (Daniel Thayer)\x0a\x0a0.23 | 2012-01-11 12:16:11 -0800\x0a\x0a * Tweaks to release scripts, plus a new one for signing files.\x0a (Robin Sommer)\x0a\x0a0.22 | 2012-01-10 16:45:19 -0800\x0a\x0a * Tweaks for OpenBSD support. (Jon Siwek)\x0a\x0a * bro-cut extensions and fixes. (Robin Sommer)\x0a \x0a - If no field names are given on the command line, we now pass through\x0a all fields. Adresses #657.\x0a\x0a - Removing some GNUism from awk script. Addresses #653.\x0a\x0a - Added option for time output in UTC. Addresses #668.\x0a\x0a - Added output field separator option -F. Addresses #649.\x0a\x0a - Fixing option -c: only some header lines were passed through\x0a rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability. (Jon Siwek)\x0a\x0a0.21-9 | 2011-11-07 05:44:14 -0800\x0a\x0a * Fixing compiler warnings. Addresses #388. (Jon Siwek)\x0a\x0a0.21-2 | 2011-11-02 18:12:13 -0700\x0a\x0a * Fix for misnaming temp file in update-changes script. (Robin Sommer)\x0a\x0a0.21-1 | 2011-11-02 18:10:39 -0700\x0a\x0a * Little fix for make-release script, which could pick out the wrong\x0a tag. (Robin Sommer)\x0a\x0a0.21 | 2011-10-27 17:40:45 -0700\x0a\x0a * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)\x0a\x0a * Bugfix in update-changes script. (Robin Sommer)\x0a\x0a * update-changes now ignores commits it did itself. (Robin Sommer)\x0a\x0a * Fix a bug in the update-changes script. (Robin Sommer)\x0a\x0a * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)\x0a\x0a * Options to adjust time format for bro-cut. (Robin Sommer)\x0a\x0a The default with -d is now ISO format. The new option "-D "\x0a specifies a custom strftime()-style format string. Alternatively,\x0a the environment variable BRO_CUT_TIMEFMT can set the format as\x0a well.\x0a\x0a * bro-cut now understands the field separator header. (Robin Sommer)\x0a\x0a * Renaming options -h/-H -> -c/-C, and doing some general cleanup.\x0a\x0a0.2 | 2011-10-25 19:53:57 -0700\x0a\x0a * Adding support for replacing version string in a setup.py. (Robin\x0a Sommer)\x0a\x0a * Change generated root cert DN indices format for RFC2253\x0a compliance. (Jon Siwek)\x0a\x0a * New tool devel-tools/check-release to run before making releases.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes gets a new option -a to amend to\x0a previous commit if possible. Default is now not to (used to be the\x0a opposite). (Robin Sommer)\x0a\x0a * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)\x0a\x0a * Change distclean to only remove build dir. (Jon Siwek)\x0a\x0a * Make dist now cleans the copied source (Jon Siwek)\x0a\x0a * Small tweak to make-release for forced git-clean. (Jon Siwek)\x0a\x0a * Fix to not let updates scripts loose their executable permissions.\x0a (Robin Sommer)\x0a\x0a * devel-tools/update-changes now looks for a 'release' tag to\x0a idenfify the stable version, and 'beta' for the beta versions.\x0a (Robin Sommer).\x0a\x0a * Distribution cleanup. (Robin Sommer)\x0a\x0a * New script devel-tools/make-release to create source tar balls.\x0a (Robin Sommer)\x0a\x0a * Removing bdcat. With the new log format, this isn't very useful\x0a anymore. (Robin Sommer)\x0a\x0a * Adding script that shows all pending git fastpath commits. (Robin\x0a Sommer)\x0a\x0a * Script to measure CPU time by loading an increasing set of\x0a scripts. (Robin Sommer)\x0a\x0a * extract-conn script now deals wit *.gz files. (Robin Sommer)\x0a\x0a * Tiny update to output a valid CA list file for SSL cert\x0a validation. (Seth Hall)\x0a\x0a * Adding "install-aux" target. Addresses #622. (Jon Siwek)\x0a\x0a * Distribution cleanup. (Jon Siwek and Robin Sommer)\x0a\x0a * FindPCAP now links against thread library when necessary (e.g.\x0a PF_RING's libpcap) (Jon Siwek)\x0a\x0a * Install binaries with an RPATH (Jon Siwek)\x0a\x0a * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)\x0a\x0a * Rewrite of the update-changes script. (Robin Sommer)\x0a\x0a0.1-1 | 2011-06-14 21:12:41 -0700\x0a\x0a * Add a script for generating Mozilla's CA list for the SSL analyzer.\x0a (Seth Hall)\x0a\x0a0.1 | 2011-04-01 16:28:22 -0700\x0a\x0a * Converting build process to CMake. (Jon Siwek)\x0a\x0a * Removing cf<...>/ca-* from distribution. The README has a note where\x0a to find them now. (Robin Sommer)\x0a\x0a * General cleanup. (Robin Sommer)\x0a\x0a * Initial import of bro/aux from SVN r7088. (Jon Siwek)\x0a, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, uid=, id=, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=F, is_orig=F, seen_bytes=4042, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=], http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]]) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=4, num_pkts=3, num_bytes_ip=304, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=4, num_pkts=5, num_bytes_ip=4612, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=140.0 msecs 430.927277 usecs, service={HTTP}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={[1] = [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1]], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, ..., ...) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(join_string_set, , ({HTTP}, ,)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(to_lower, , (HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 22, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string]), ip_proto (count)}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 22, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string]), ip_proto (count)}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(net_done(XXXXXXXXXX.XXXXXX)) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, ..., ...) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(join_string_set, , ({HTTP}, ,)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(to_lower, , (HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 22, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string]), ip_proto (count)}) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 22, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string]), ip_proto (count)}, ) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(net_done(XXXXXXXXXX.XXXXXX)) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() XXXXXXXXXX.XXXXXX | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<4692973652431675528>: function(path:string) : void, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::finalize_http([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6], Conn::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6]) XXXXXXXXXX.XXXXXX | HookCallFunction cat(...) XXXXXXXXXX.XXXXXX | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]]) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856/tcp, 192.150.187.43, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookCallFunction get_port_transport_proto(80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]]) XXXXXXXXXX.XXXXXX | HookCallFunction join_string_set({HTTP}, ,) XXXXXXXXXX.XXXXXX | HookCallFunction net_done(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction to_lower(HTTP) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string]), ip_proto (count)} XXXXXXXXXX.XXXXXX | HookLogWrite conn [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=F, local_resp=F, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=, ip_proto=6] XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() XXXXXXXXXX.XXXXXX | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]]) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=211.0 msecs 483.955383 usecs, service={HTTP}, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, removal_hooks={HTTP::finalize_http: Conn::RemovalHook{ if (HTTP::c?$http_state) { for ([HTTP::r], HTTP::info in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, to_any_coerce HTTP::info)}}}}, failed_analyzers={}, conn=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], proto=tcp, service=, duration=, orig_bytes=, resp_bytes=, conn_state=, local_orig=F, local_resp=F, missed_bytes=0, history=, orig_pkts=, orig_ip_bytes=, resp_pkts=, resp_ip_bytes=, tunnel_parents=, ip_proto=6], extract_orig=F, extract_resp=F, thresholds=, http=[ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, ctx=[]], trans_depth=1, method=GET, host=bro.org, uri=<...>/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1]], T) XXXXXXXXXX.XXXXXX | HookQueueEvent net_done(XXXXXXXXXX.XXXXXX)