### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__subscribe, , (zeek/supervisor)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::subscribe, , (zeek/supervisor)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::local_node_type, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(FilteredTraceDetection::should_detect, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DHCP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DNP3::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DNS::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (DPD::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (FTP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Files::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (HTTP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (IRC::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Intel::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (KRB::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Modbus::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NTLM::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NTP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (PE::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RADIUS::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RDP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (RFB::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Reporter::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SIP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SMTP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SNMP::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SOCKS::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SSH::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (SSL::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Signatures::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Software::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Syslog::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Tunnel::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (Weird::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (X509::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_default_filter, , (mysql::LOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Config::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Files::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (PE::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Software::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (X509::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(NetControl::init, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Notice::want_pp, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::build, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::install, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<7536733776503179171>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<9675952594817657874>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<574840134555693824>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<13733502256260864982>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<4585460929100994748>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<17023013969905672643>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<9522725521284406764>{ SumStats::calc_std_dev(SumStats::rv)})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<17805868040516086417>{ SumStats::rv$sum += SumStats::val})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<6522648964580095152>{ topk_add(SumStats::rv$topk, SumStats::obs)})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<6740005615292835681>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<5367450243378829139>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(SumStats::register_observe_plugins, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(__init_primary_bifs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(__init_secondary_bifs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(current_time, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(getenv, , (CLUSTER_NODE)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(global_ids, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(network_time, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(reading_live_traffic, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(reading_traces, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(x509_set_certificate_cache, , ({})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_args, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_init, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, ..<...>/main.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, ..<...>/plugin.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_File.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/acld.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/add-geodata.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/addrs.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/analyzer.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/api.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ascii.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/average.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/benchmark.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/binary.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/bloom-filter.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/broker.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/cardinality-counter.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/comm.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/config.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const-dos-error.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const-nt-status.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/const.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/consts.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/contents.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/control.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ct-list.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/data.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/dcc-send.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/debug.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/drop.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/email_admin.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/entities.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/event.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/exec.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/file_analysis.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/files.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/gridftp.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/hll_unique.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/hooks.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/inactivity.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/info.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/input.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/input.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/last.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/log.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/logging.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/magic) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/main.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/max.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/messaging.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/min.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/mozilla-ca-list.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/netstats.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/non-cluster.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/none.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/openflow.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/option.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/packet_analysis.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/packetfilter.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/page.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/patterns.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pcap.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/plugin.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/plugins) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/polling.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pools.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/postprocessors) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/pp-alarms.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/raw.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/removal-hooks.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/reporter.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/ryu.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sample.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/scp.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sftp.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/shunt.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/site.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/smb1-main.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/smb2-main.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sqlite.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/stats.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/std-dev.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/store.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/store.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/strings.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/sum.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/supervisor.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/thresholds.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/top-k.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/topk.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/types.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/unique.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/utils-commands.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/utils.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/variance.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/weird.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/zeek.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, .<...>/zeekygen.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/__load__.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/__preload__.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, <...>/hooks.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/active-http.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/addrs.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/analyzer) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/analyzer.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/api.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/backtrace.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/bif) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/broker) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/cluster) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/comm.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/config) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/conn) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/conn-ids.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/const.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/control) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/data.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dce-rpc) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dhcp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dir.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/directions-and-hosts.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dnp3) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dns) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/dpd) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/email.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ethernet) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/event.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/exec.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/extract) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/fddi) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/file_analysis.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/files) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/files.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/find-checksum-offloading.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/find-filtered-trace.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ftp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/geoip-distance.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/gre) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/hash) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/hash_hrw.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/http) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ieee802_11) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ieee802_11_radio) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/imap) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/init-default.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/input) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/input.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/intel) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ip) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/iptunnel) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/irc) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/krb) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/linux_sll) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/logging) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/logging.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/modbus) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mpls) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mqtt) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/mysql) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/nflog) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/notice) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ntlm) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ntp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/null) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/numbers.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/openflow) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/option.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet-filter) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet-protocols) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/packet_analysis.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/paths.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/patterns.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pe) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/plugins) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pop3) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ppp_serial) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/pppoe) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/queue.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/radius) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/rdp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/removal-hooks.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/reporter) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/reporter.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/rfb) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/root) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/signatures) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/sip) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/site.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/skip) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/smb) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/smtp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/snmp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/socks) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/software) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ssh) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/ssl) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/stats.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/store.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/strings.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/strings.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/sumstats) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/supervisor) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/supervisor.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/syslog) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/thresholds.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/time.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/tunnels) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/types.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/urls.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/utils.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/version.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/vlan) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/weird.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/x509) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/xmpp) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(0, base<...>/zeek.bif.zeek) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/archive.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/audio.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/dpd.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/executable.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/font.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/general.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/image.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/java.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/libmagic.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/office.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/programming.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LoadFile(1, .<...>/video.sig) -> -1 XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(NetControl::init()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(zeek_init()) -> false XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_STEPPINGSTONE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_AYIYA, 5072/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 68/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNP3_TCP, 20000/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 137/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2152/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 1080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 3128/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 631/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8000/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 81/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_HTTP, 8888/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IMAP, 143/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6666/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6667/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6668/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_IRC, 6669/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB, 88/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_KRB_TCP, 88/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MODBUS, 502/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_NTP, 123/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDPEUDP, 3389/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SIP, 5060/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 139/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMB, 445/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 585/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 614/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 636/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 989/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 990/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 992/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 993/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 995/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_TEREDO, 3544/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_VXLAN, 4789/udp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_AYIYA, {5072/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IMAP, {143/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB, {88/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {1434<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_NTP, {123/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SIP, {5060/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMB, {139<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {563<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_VXLAN, {4789/udp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_XMPP, {5222<...>/tcp})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__subscribe, , (zeek/supervisor)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::subscribe, , (zeek/supervisor)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::is_enabled, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::is_enabled, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::local_node_type, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Cluster::register_pool, , ([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/pkix-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-ca-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_MD5, application/x-x509-user-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_PE, application/x-dosexec)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/pkix-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-ca-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA1, application/x-x509-user-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/pkix-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-ca-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_SHA256, application/x-x509-user-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/pkix-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-ca-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_type, , (Files::ANALYZER_X509, application/x-x509-user-cert)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_for_mime_types, , (Files::ANALYZER_PE, {application/x-dosexec})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(FilteredTraceDetection::should_detect, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DCE_RPC::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DHCP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DNP3::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DNS::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (DPD::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (FTP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Files::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (HTTP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (IRC::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Intel::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (KRB::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Modbus::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NTLM::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NTP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::DROP_LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (NetControl::SHUNT)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Notice::ALARM_LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (OpenFlow::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (PE::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RADIUS::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RDP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (RFB::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Reporter::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SIP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMB::FILES_LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMB::MAPPING_LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SMTP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SNMP::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SOCKS::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SSH::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (SSL::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Signatures::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Software::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Syslog::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Tunnel::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (Weird::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (X509::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_default_filter, , (mysql::LOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Broker::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Cluster::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Config::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Conn::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DCE_RPC::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DHCP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DNP3::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DNS::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (DPD::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (FTP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Files::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (HTTP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (IRC::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Intel::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (KRB::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Modbus::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NTLM::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NTP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::DROP_LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (NetControl::SHUNT, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::ALARM_LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Notice::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (OpenFlow::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (PE::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (PacketFilter::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RADIUS::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RDP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (RFB::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Reporter::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SIP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::FILES_LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMB::MAPPING_LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SMTP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SNMP::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SOCKS::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SSH::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (SSL::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Signatures::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Software::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Syslog::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Tunnel::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (Weird::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (X509::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::add_stream_filters, , (mysql::LOG, default)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(NetControl::check_plugins, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(NetControl::init, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Notice::want_pp, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Option::set_change_handler, , (udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketAnalyzer::register_packet_analyzer, , (PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::build, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::install, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::STD_DEV, SumStats::VARIANCE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::add_observe_plugin_dependency, , (SumStats::VARIANCE, SumStats::AVERAGE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::AVERAGE, lambda_<7536733776503179171>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::HLL_UNIQUE, lambda_<9675952594817657874>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::LAST, lambda_<574840134555693824>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MAX, lambda_<13733502256260864982>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::MIN, lambda_<4585460929100994748>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SAMPLE, lambda_<17023013969905672643>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::STD_DEV, lambda_<9522725521284406764>{ SumStats::calc_std_dev(SumStats::rv)})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::SUM, lambda_<17805868040516086417>{ SumStats::rv$sum += SumStats::val})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::TOPK, lambda_<6522648964580095152>{ topk_add(SumStats::rv$topk, SumStats::obs)})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::UNIQUE, lambda_<6740005615292835681>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugin, , (SumStats::VARIANCE, lambda_<5367450243378829139>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(SumStats::register_observe_plugins, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(__init_primary_bifs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(__init_secondary_bifs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(current_time, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(getenv, , (CLUSTER_NODE)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(global_ids, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(network_time, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(reading_live_traffic, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(reading_traces, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(x509_set_certificate_cache, , ({})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(x509_set_certificate_cache_hit_callback, , (X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_args, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_init, , ()) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, ..<...>/main.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, ..<...>/plugin.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ARP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_AsciiReader.ascii.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_AsciiWriter.ascii.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BinaryReader.binary.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_BitTorrent.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConfigReader.config.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ConnSize.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.consts.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DCE_RPC.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DHCP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DNP3.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_DNS.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FTP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FTP.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_File.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileEntropy.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileExtract.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_FileHash.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Finger.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_GSSAPI.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_GTPv1.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Gnutella.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_HTTP.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_ICMP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_IMAP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_IRC.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Ident.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_KRB.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_KRB.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Login.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Login.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MIME.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MQTT.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Modbus.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_MySQL.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NCP.consts.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NCP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTLM.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NTP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NetBIOS.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_NoneWriter.none.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_PE.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_POP3.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RADIUS.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RDP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RDP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RFB.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RPC.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_RawReader.raw.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SIP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.consts.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_close.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_echo.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb1_events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_close.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_create.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_read.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_com_write.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.smb2_events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMB.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SMTP.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SNMP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SOCKS.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteReader.sqlite.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSH.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSH.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.consts.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SSL.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_SteppingStone.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Syslog.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_TCP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Teredo.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_UDP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_Unified2.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_VXLAN.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.functions.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.ocsp_events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_X509.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/Zeek_XMPP.events.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/acld.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/add-geodata.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/addrs.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/analyzer.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/api.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ascii.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/average.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/benchmark.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/binary.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/bloom-filter.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/broker.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/cardinality-counter.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/comm.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/config.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const-dos-error.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const-nt-status.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/const.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/consts.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/contents.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/control.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ct-list.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/data.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/dcc-send.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/debug.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/drop.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/email_admin.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/entities.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/event.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/exec.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/file_analysis.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/files.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/gridftp.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/hll_unique.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/hooks.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/inactivity.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/info.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/input.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/input.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/last.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/log.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/logging.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/magic) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/main.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/max.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/messaging.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/min.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/mozilla-ca-list.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/netstats.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/non-cluster.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/none.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/openflow.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/option.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/packet_analysis.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/packetfilter.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/page.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/patterns.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pcap.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/plugin.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/plugins) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/polling.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pools.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/postprocessors) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/pp-alarms.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/raw.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/removal-hooks.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/reporter.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/ryu.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sample.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/scp.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sftp.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/shunt.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/site.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/smb1-main.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/smb2-main.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sqlite.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/stats.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/std-dev.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/store.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/store.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/strings.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/sum.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/supervisor.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/thresholds.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/top-k.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/topk.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/types.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/unique.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/utils-commands.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/utils.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/variance.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/weird.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/zeek.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, .<...>/zeekygen.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/__load__.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/__preload__.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, <...>/hooks.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/Zeek_KRB.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/Zeek_SNMP.types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/active-http.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/addrs.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/analyzer) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/analyzer.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/api.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/backtrace.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/bif) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/broker) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/cluster) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/comm.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/config) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/conn) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/conn-ids.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/const.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/control) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/data.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dce-rpc) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dhcp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dir.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/directions-and-hosts.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dnp3) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dns) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/dpd) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/email.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ethernet) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/event.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/exec.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/extract) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/fddi) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/file_analysis.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/files) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/files.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/find-checksum-offloading.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/find-filtered-trace.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ftp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/geoip-distance.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/gre) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/hash) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/hash_hrw.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/http) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ieee802_11) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ieee802_11_radio) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/imap) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/init-default.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/init-frameworks-and-bifs.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/input) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/input.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/intel) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ip) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/iptunnel) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/irc) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/krb) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/linux_sll) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/logging) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/logging.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/main.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/messaging.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/modbus) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mpls) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mqtt) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/mysql) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/netcontrol) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/nflog) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/notice) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ntlm) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ntp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/null) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/numbers.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/openflow) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/option.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet-filter) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet-protocols) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/packet_analysis.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/paths.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/patterns.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pe) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/plugins) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pop3) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ppp_serial) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/pppoe) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/queue.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/radius) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/rdp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/removal-hooks.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/reporter) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/reporter.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/rfb) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/root) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/signatures) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/sip) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/site.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/skip) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/smb) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/smtp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/snmp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/socks) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/software) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ssh) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/ssl) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/stats.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/store.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/strings.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/strings.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/sumstats) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/supervisor) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/supervisor.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/syslog) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/thresholds.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/time.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/tunnels) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/types.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/urls.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/utils.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/version.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/vlan) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/weird.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/x509) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/xmpp) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(0, base<...>/zeek.bif.zeek) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/archive.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/audio.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/dpd.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/executable.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/font.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/general.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/image.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/java.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/libmagic.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/office.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/programming.sig) XXXXXXXXXX.XXXXXX MetaHookPre LoadFile(1, .<...>/video.sig) XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(NetControl::init()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(zeek_init()) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 137/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB, 88/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_NTP, 123/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_STEPPINGSTONE) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_AYIYA, 5072/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 68/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNP3_TCP, 20000/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 137/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2152/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 3128/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 631/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8000/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 81/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 8888/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IMAP, 143/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6666/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6667/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6668/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_IRC, 6669/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB, 88/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_KRB_TCP, 88/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MODBUS, 502/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_NTP, 123/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDPEUDP, 3389/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SIP, 5060/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 139/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMB, 445/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 585/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 614/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 636/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 989/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 990/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 992/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 993/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 995/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_TEREDO, 3544/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_VXLAN, 4789/udp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, {1434<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_NTP, {123/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, {1812/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, {3389/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp}) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_XMPP, {5222<...>/tcp}) XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__subscribe(zeek/supervisor) XXXXXXXXXX.XXXXXX | HookCallFunction Broker::subscribe(zeek/supervisor) XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::is_enabled() XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::local_node_type() XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/logger, node_type=Cluster::LOGGER, max_nodes=, exclusive=F]) XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/proxy, node_type=Cluster::PROXY, max_nodes=, exclusive=F]) XXXXXXXXXX.XXXXXX | HookCallFunction Cluster::register_pool([topic=zeek<...>/worker, node_type=Cluster::WORKER, max_nodes=, exclusive=F]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)FileExtract::f$info$extracted_cutoff = Fmkdir(FileExtract::prefix)}) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/pkix-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-ca-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_MD5, application/x-x509-user-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_PE, application/x-dosexec) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/pkix-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-ca-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA1, application/x-x509-user-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/pkix-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-ca-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_SHA256, application/x-x509-user-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/pkix-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-ca-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_type(Files::ANALYZER_X509, application/x-x509-user-cert) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_for_mime_types(Files::ANALYZER_PE, {application/x-dosexec}) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_DTLS, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid, FTP::c{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::c?$ftp) return (FTP::describe(FTP::c$ftp))}return ()}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid, HTTP::c{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::c?$http) return (HTTP::build_url_http(HTTP::c$http))}return ()}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=lambda_<15770440363500096069>{ return ()}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_KRB_TCP, [get_file_handle=KRB::get_file_handle{ return ()}, describe=KRB::describe_file{ KRB::cid, KRB::c{ if (KRB::f$source != KRB_TCP && KRB::f$source != KRB) return ()if (!KRB::f?$info || !KRB::f$info?$x509 || !KRB::f$info$x509?$certificate) return ()for ([KRB::cid] in KRB::f$conns) { if (KRB::c?$krb) { return (cat(KRB::c$id$resp_h, :, KRB::c$id$resp_p))}}return (cat(Serial: , KRB::f$info$x509$certificate$serial, Subject: , KRB::f$info$x509$certificate$subject, Issuer: , KRB::f$info$x509$certificate$issuer))}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMB, [get_file_handle=SMB::get_file_handle{ if (!(SMB::c$smb_state?$current_file && (SMB::c$smb_state$current_file?$name || SMB::c$smb_state$current_file?$path))) { return ()}SMB::current_file = SMB::c$smb_state$current_fileSMB::path_name = SMB::current_file?$path ? SMB::current_file$path : SMB::file_name = SMB::current_file?$name ? SMB::current_file$name : SMB::last_mod = cat(SMB::current_file?$times ? SMB::current_file$times$modified : double_to_time(0.0))return (hexdump(cat(Analyzer::ANALYZER_SMB, SMB::c$id$orig_h, SMB::c$id$resp_h, SMB::path_name, SMB::file_name, SMB::last_mod)))}, describe=SMB::describe_file{ SMB::cid, SMB::c{ if (SMB::f$source != SMB) return ()for ([SMB::cid] in SMB::f$conns) { if (SMB::c?$smb_state && SMB::c$smb_state?$current_file && SMB::c$smb_state$current_file?$name) return (SMB::c$smb_state$current_file$name)}return ()}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid, SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid, SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) XXXXXXXXXX.XXXXXX | HookCallFunction FilteredTraceDetection::should_detect() XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=broker, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=config, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dce_rpc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=kerberos, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntlm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ntp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_drop, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=netcontrol_shunt, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=openflow, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=pe, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rdp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=rfb, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=sip, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smb_mapping, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Broker::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Cluster::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Config::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Conn::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DCE_RPC::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DHCP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DNP3::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DNS::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(DPD::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(FTP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Files::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(HTTP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(IRC::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Intel::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(KRB::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Modbus::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NTLM::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NTP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::DROP_LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(NetControl::SHUNT) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Notice::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(OpenFlow::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(PE::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(PacketFilter::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RADIUS::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RDP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(RFB::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Reporter::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SIP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMB::FILES_LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMB::MAPPING_LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SMTP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SNMP::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SOCKS::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SSH::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(SSL::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Signatures::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Software::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Syslog::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Tunnel::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(Weird::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(X509::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_default_filter(mysql::LOG) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DCE_RPC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NTLM::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::DROP_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(RFB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SIP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMB::FILES_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMB::MAPPING_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Broker::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Cluster::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Config::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Conn::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DCE_RPC::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DHCP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DNP3::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DNS::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(DPD::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(FTP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Files::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(HTTP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(IRC::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Intel::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(KRB::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Modbus::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NTLM::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NTP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::DROP_LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(NetControl::SHUNT, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Notice::ALARM_LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Notice::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(OpenFlow::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(PE::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(PacketFilter::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RADIUS::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RDP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(RFB::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Reporter::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SIP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMB::FILES_LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMB::MAPPING_LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SMTP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SNMP::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SOCKS::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SSH::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(SSL::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Signatures::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Software::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Syslog::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Tunnel::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(Weird::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(X509::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::add_stream_filters(mysql::LOG, default) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=, path=broker, policy=Broker::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=, path=cluster, policy=Cluster::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn, policy=Conn::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=, path=dce_rpc, policy=DCE_RPC::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp, policy=DHCP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3, policy=DNP3::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns, policy=DNS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=, path=dpd, policy=DPD::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp, policy=FTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files, policy=Files::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http, policy=HTTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc, policy=IRC::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel, policy=Intel::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos, policy=KRB::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus, policy=Modbus::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=, path=ntlm, policy=NTLM::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NTP::LOG, [columns=NTP::Info, ev=NTP::log_ntp, path=ntp, policy=NTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::DROP_LOG, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop, policy=NetControl::log_policy_drop]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol, policy=NetControl::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt, policy=NetControl::log_policy_shunt]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=, path=notice_alarm, policy=Notice::log_policy_alarm]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice, policy=Notice::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow, policy=OpenFlow::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe, policy=PE::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=, path=packet_filter, policy=PacketFilter::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius, policy=RADIUS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp, policy=RDP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb, policy=RFB::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=, path=reporter, policy=Reporter::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip, policy=SIP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=, path=smb_files, policy=SMB::log_policy_files]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=, path=smb_mapping, policy=SMB::log_policy_mapping]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp, policy=SMTP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp, policy=SNMP::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks, policy=SOCKS::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh, policy=SSH::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl, policy=SSL::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures, policy=Signatures::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software, policy=Software::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=, path=syslog, policy=Syslog::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=, path=tunnel, policy=Tunnel::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) XXXXXXXXXX.XXXXXX | HookCallFunction NetControl::check_plugins() XXXXXXXXXX.XXXXXX | HookCallFunction NetControl::init() XXXXXXXXXX.XXXXXX | HookCallFunction Notice::want_pp() XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ActiveHTTP::default_method, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Broker::peer_counts_as_iosource, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::analyzer_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::default_extract, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::extraction_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DCE_RPC::ignored_operations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DHCP::max_txid_watch_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DNS::max_pending_msgs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DNS::max_pending_query_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Dir::polling_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::cmd_reply_code, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::guest_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FTP::logged_commands, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(FileExtract::default_limit, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::max_time, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::size_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(GridFTP::skip_data, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::http_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::max_files_orig, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::max_files_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(HTTP::proxy_headers, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Input::default_mode, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Input::default_reader, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(KRB::ignored_errors, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Log::default_rotation_dir, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(MQTT::max_payload_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(NetControl::default_priority, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::alarmed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::default_suppression_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::emailed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::ignored_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::lookup_location_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_from, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_page_dest, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::mail_subject_prefix, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::not_suppressed_types, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::reply_to, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Notice::sendmail, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(RDP::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(RDP::rdp_check_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SIP::sip_methods, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SMB::logged_file_actions, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SMTP::mail_path_capture, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SOCKS::default_capture_password, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSH::compression_algorithms, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSH::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSL::ct_logs, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::weird_option_change_interval{ if (Weird::sampling_duration == Config::ID) { Reporter::set_weird_sampling_duration(Config::new_value)}return (Config::new_value)}, 5) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_global_list, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_rate, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_threshold, Config::weird_option_change_count{ if (Weird::sampling_threshold == Config::ID) { Reporter::set_weird_sampling_threshold(Config::new_value)}elseif (Weird::sampling_rate == Config::ID) { Reporter::set_weird_sampling_rate(Config::new_value)}return (Config::new_value)}, 5) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::sampling_whitelist, Config::weird_option_change_sampling_whitelist{ if (Weird::sampling_whitelist == Config::ID) { Reporter::set_weird_sampling_whitelist(Config::new_value)}return (Config::new_value)}, 5) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(Weird::weird_do_not_ignore_repeats, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::caching_required_encounters, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::caching_required_encounters_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::certificate_cache_max_entries, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(X509::certificate_cache_minimum_eviction_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(default_file_bof_buffer_size, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(default_file_timeout_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(ignore_checksums_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(udp_content_delivery_ports_use_resp, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction Option::set_change_handler(udp_content_ports, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2048, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 2054, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 32821, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 33024, PacketAnalyzer::ANALYZER_VLAN) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34525, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34887, PacketAnalyzer::ANALYZER_MPLS) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34916, PacketAnalyzer::ANALYZER_PPPOE) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 34984, PacketAnalyzer::ANALYZER_VLAN) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 37120, PacketAnalyzer::ANALYZER_VLAN) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2048, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 2054, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 32821, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11, 34525, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, 105, PacketAnalyzer::ANALYZER_IEEE802_11) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 4, PacketAnalyzer::ANALYZER_IPTUNNEL) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 41, PacketAnalyzer::ANALYZER_IPTUNNEL) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_IP, 47, PacketAnalyzer::ANALYZER_GRE) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2048, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 2054, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 32821, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 34525, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 10, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NFLOG, 2, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 2, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 24, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 28, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_NULL, 30, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 33, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPOE, 87, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 33, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 641, PacketAnalyzer::ANALYZER_MPLS) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 87, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 0, PacketAnalyzer::ANALYZER_NULL) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 1, PacketAnalyzer::ANALYZER_ETHERNET) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 10, PacketAnalyzer::ANALYZER_FDDI) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 105, PacketAnalyzer::ANALYZER_IEEE802_11) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 113, PacketAnalyzer::ANALYZER_LINUXSLL) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 127, PacketAnalyzer::ANALYZER_IEEE802_11_RADIO) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 239, PacketAnalyzer::ANALYZER_NFLOG) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, 50, PacketAnalyzer::ANALYZER_PPPSERIAL) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2048, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 2054, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 32821, PacketAnalyzer::ANALYZER_ARP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 33024, PacketAnalyzer::ANALYZER_VLAN) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34525, PacketAnalyzer::ANALYZER_IP) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34887, PacketAnalyzer::ANALYZER_MPLS) XXXXXXXXXX.XXXXXX | HookCallFunction PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_VLAN, 34916, PacketAnalyzer::ANALYZER_PPPOE) XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::build() XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::install() XXXXXXXXXX.XXXXXX | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter) XXXXXXXXXX.XXXXXX | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::STD_DEV, SumStats::VARIANCE) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::VARIANCE, SumStats::AVERAGE) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::AVERAGE, lambda_<7536733776503179171>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::HLL_UNIQUE, lambda_<9675952594817657874>{ if (!SumStats::rv?$card) { SumStats::rv$card = hll_cardinality_init(SumStats::r$hll_error_margin, SumStats::r$hll_confidence)SumStats::rv$hll_error_margin = SumStats::r$hll_error_marginSumStats::rv$hll_confidence = SumStats::r$hll_confidence}hll_cardinality_add(SumStats::rv$card, SumStats::obs)SumStats::rv$hll_unique = double_to_count(hll_cardinality_estimate(SumStats::rv$card))}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::LAST, lambda_<574840134555693824>{ if (0 < SumStats::r$num_last_elements) { if (!SumStats::rv?$last_elements) SumStats::rv$last_elements = Queue::init((coerce [$max_len=SumStats::r$num_last_elements] to Queue::Settings))Queue::put(SumStats::rv$last_elements, SumStats::obs)}}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::MAX, lambda_<13733502256260864982>{ if (!SumStats::rv?$max) SumStats::rv$max = SumStats::valelseif (SumStats::rv$max < SumStats::val) SumStats::rv$max = SumStats::val}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::MIN, lambda_<4585460929100994748>{ if (!SumStats::rv?$min) SumStats::rv$min = SumStats::valelseif (SumStats::val < SumStats::rv$min) SumStats::rv$min = SumStats::val}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::SAMPLE, lambda_<17023013969905672643>{ SumStats::sample_add_sample(SumStats::obs, SumStats::rv)}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::STD_DEV, lambda_<9522725521284406764>{ SumStats::calc_std_dev(SumStats::rv)}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::SUM, lambda_<17805868040516086417>{ SumStats::rv$sum += SumStats::val}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::TOPK, lambda_<6522648964580095152>{ topk_add(SumStats::rv$topk, SumStats::obs)}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, lambda_<6740005615292835681>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, lambda_<5367450243378829139>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}) XXXXXXXXXX.XXXXXX | HookCallFunction SumStats::register_observe_plugins() XXXXXXXXXX.XXXXXX | HookCallFunction __init_primary_bifs() XXXXXXXXXX.XXXXXX | HookCallFunction __init_secondary_bifs() XXXXXXXXXX.XXXXXX | HookCallFunction current_time() XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() XXXXXXXXXX.XXXXXX | HookCallFunction getenv(CLUSTER_NODE) XXXXXXXXXX.XXXXXX | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS) XXXXXXXXXX.XXXXXX | HookCallFunction global_ids() XXXXXXXXXX.XXXXXX | HookCallFunction network_time() XXXXXXXXXX.XXXXXX | HookCallFunction reading_live_traffic() XXXXXXXXXX.XXXXXX | HookCallFunction reading_traces() XXXXXXXXXX.XXXXXX | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) XXXXXXXXXX.XXXXXX | HookCallFunction string_to_pattern((^\.?|\.)()$, F) XXXXXXXXXX.XXXXXX | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) XXXXXXXXXX.XXXXXX | HookCallFunction x509_set_certificate_cache({}) XXXXXXXXXX.XXXXXX | HookCallFunction x509_set_certificate_cache_hit_callback(X509::x509_certificate_cache_replay{ X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}}) XXXXXXXXXX.XXXXXX | HookCallFunction zeek_args() XXXXXXXXXX.XXXXXX | HookCallFunction zeek_init() XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookLoadFile ..<...>/main.zeek XXXXXXXXXX.XXXXXX | HookLoadFile ..<...>/plugin.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ARP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_AsciiReader.ascii.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_AsciiWriter.ascii.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BenchmarkReader.benchmark.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BinaryReader.binary.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_BitTorrent.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConfigReader.config.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConnSize.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ConnSize.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.consts.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DCE_RPC.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DHCP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DHCP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DNP3.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_DNS.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FTP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FTP.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_File.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileEntropy.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileExtract.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileExtract.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_FileHash.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Finger.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_GSSAPI.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_GTPv1.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Gnutella.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_HTTP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_HTTP.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_ICMP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_IMAP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_IRC.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Ident.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_KRB.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_KRB.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Login.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Login.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MIME.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MQTT.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MQTT.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Modbus.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_MySQL.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NCP.consts.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NCP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTLM.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTLM.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NTP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NetBIOS.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NetBIOS.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_NoneWriter.none.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_PE.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_POP3.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RADIUS.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RDP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RDP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RFB.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RPC.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_RawReader.raw.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SIP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.consts.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_check_directory.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_close.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_create_directory.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_echo.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_logoff_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_negotiate.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_cancel.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_nt_create_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_query_information.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_read_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_session_setup_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction2_secondary.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_transaction_secondary.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_connect_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_tree_disconnect.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_com_write_andx.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb1_events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_close.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_create.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_negotiate.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_read.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_session_setup.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_set_info.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_transform_header.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_connect.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_tree_disconnect.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_com_write.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.smb2_events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMB.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMTP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SMTP.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SNMP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SNMP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SOCKS.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SQLiteReader.sqlite.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SQLiteWriter.sqlite.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSH.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSH.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.consts.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SSL.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_SteppingStone.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Syslog.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_TCP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Teredo.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_UDP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Unified2.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_Unified2.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_VXLAN.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.functions.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.ocsp_events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_X509.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/Zeek_XMPP.events.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/acld.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/add-geodata.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/addrs.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/analyzer.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/api.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/archive.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ascii.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/audio.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/average.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/benchmark.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/binary.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/bloom-filter.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/broker.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/cardinality-counter.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/comm.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/config.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const-dos-error.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const-nt-status.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/const.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/consts.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/contents.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/control.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ct-list.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/data.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/dcc-send.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/debug.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/dpd.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/drop.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/email_admin.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/entities.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/event.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/exec.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/executable.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/file_analysis.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/files.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/font.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/general.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/gridftp.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/hll_unique.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/hooks.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/image.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/inactivity.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/info.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/input.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/input.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/java.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/last.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/libmagic.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/log.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/logging.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/magic XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/main.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/max.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/messaging.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/min.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/mozilla-ca-list.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/netstats.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/non-cluster.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/none.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/office.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/openflow.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/option.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/packet_analysis.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/packetfilter.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/page.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/patterns.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pcap.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/plugin.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/plugins XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/polling.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pools.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/postprocessors XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/pp-alarms.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/programming.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/raw.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/removal-hooks.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/reporter.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/ryu.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sample.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/scp.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sftp.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/shunt.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/site.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/smb1-main.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/smb2-main.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sqlite.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/stats.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/std-dev.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/store.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/store.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/strings.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/sum.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/supervisor.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/thresholds.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/top-k.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/topk.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/types.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/unique.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/utils-commands.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/utils.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/variance.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/video.sig XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/weird.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/zeek.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile .<...>/zeekygen.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile <...>/__load__.zeek XXXXXXXXXX.XXXXXX | HookLoadFile <...>/__preload__.zeek XXXXXXXXXX.XXXXXX | HookLoadFile <...>/hooks.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/Zeek_KRB.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/Zeek_SNMP.types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/active-http.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/addrs.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/analyzer XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/analyzer.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/api.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/backtrace.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/bif XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/broker XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/cluster XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/comm.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/config XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/conn XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/conn-ids.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/const.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/control XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/data.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dce-rpc XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dhcp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dir.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/directions-and-hosts.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dnp3 XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dns XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/dpd XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/email.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ethernet XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/event.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/exec.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/extract XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/fddi XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/file_analysis.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/files XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/files.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/find-checksum-offloading.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/find-filtered-trace.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ftp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/geoip-distance.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/gre XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/hash XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/hash_hrw.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/http XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ieee802_11 XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ieee802_11_radio XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/imap XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/init-default.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/init-frameworks-and-bifs.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/input XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/input.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/intel XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ip XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/iptunnel XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/irc XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/krb XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/linux_sll XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/logging XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/logging.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/main.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/messaging.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/modbus XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mpls XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mqtt XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/mysql XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/netcontrol XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/nflog XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/notice XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ntlm XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ntp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/null XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/numbers.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/openflow XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/option.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet-filter XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet-protocols XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/packet_analysis.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/paths.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/patterns.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pe XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/plugins XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pop3 XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ppp_serial XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/pppoe XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/queue.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/radius XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/rdp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/removal-hooks.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/reporter XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/reporter.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/rfb XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/root XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/signatures XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/sip XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/site.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/skip XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/smb XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/smtp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/snmp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/socks XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/software XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ssh XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/ssl XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/stats.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/store.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/strings.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/strings.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/sumstats XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/supervisor XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/supervisor.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/syslog XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/thresholds.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/time.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/tunnels XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/types.bif.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/urls.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/utils.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/version.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/vlan XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/weird.zeek XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/x509 XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/xmpp XXXXXXXXXX.XXXXXX | HookLoadFile base<...>/zeek.bif.zeek XXXXXXXXXX.XXXXXX | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} XXXXXXXXXX.XXXXXX | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T] XXXXXXXXXX.XXXXXX | HookQueueEvent NetControl::init() XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() XXXXXXXXXX.XXXXXX | HookQueueEvent zeek_init() XXXXXXXXXX.XXXXXX MetaHookPost BroObjDtor() -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_net_stats, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre BroObjDtor() XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(ChecksumOffloading::check, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_net_stats, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(ChecksumOffloading::check()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre SetupAnalyzerTree(XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookBroObjDtor XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() XXXXXXXXXX.XXXXXX | HookCallFunction ChecksumOffloading::check() XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() XXXXXXXXXX.XXXXXX | HookCallFunction get_net_stats() XXXXXXXXXX.XXXXXX | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() XXXXXXXXXX.XXXXXX | HookQueueEvent ChecksumOffloading::check() XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() XXXXXXXXXX.XXXXXX | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=0 secs, service={}, history=, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookSetupAnalyzerTree XXXXXXXXXX.XXXXXX(XXXXXXXXXX.XXXXXX) TCP 141.142.228.5:59856 -> 192.150.187.43:80 XXXXXXXXXX.XXXXXX | RequestObjDtor Broker::log_flush() XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=69.0 msecs 740.056992 usecs, service={}, history=Sh, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(network_time, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(split_string1, , (bro.org, <...>/)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::register_removal_hook, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}})) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (-%s, HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(network_time, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(split_string1, , (bro.org, <...>/)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::register_removal_hook([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=0, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={HTTP}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks={HTTP::finalize_http{ HTTP::r, HTTP::info{ if (HTTP::c?$http_state) { for ([HTTP::r] in HTTP::c$http_state$pending) { if (0 == HTTP::r) next Log::write(HTTP::LOG, HTTP::info)}}}}}, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(-%s, HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) XXXXXXXXXX.XXXXXX | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) XXXXXXXXXX.XXXXXX | HookCallFunction network_time() XXXXXXXXXX.XXXXXX | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction split_string1(bro.org, <...>/) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, Host, HOST, bro.org) XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) XXXXXXXXXX.XXXXXX | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) XXXXXXXXXX.XXXXXX | HookQueueEvent protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=XXXXXXXXXX.XXXXXX, duration=70.0 msecs 183.038712 usecs, service={}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=, vlan=, inner_vlan=, dpd=, dpd_state=, removal_hooks=, conn=, extract_orig=F, extract_resp=F, thresholds=, dce_rpc=, dce_rpc_state=, dce_rpc_backing=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__enable_reassembly, , (FMnxxt3xjVcWNS2141)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::__set_reassembly_buffer, , (FMnxxt3xjVcWNS2141, 524288)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_new, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_over_new_connection, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0")) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Files::__enable_reassembly(FMnxxt3xjVcWNS2141) XXXXXXXXXX.XXXXXX | HookCallFunction Files::__set_reassembly_buffer(FMnxxt3xjVcWNS2141, 524288) XXXXXXXXXX.XXXXXX | HookCallFunction Files::enable_reassembly([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_reassembly_buffer_size([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], ftp=, http=, irc=, pe=], 524288) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) XXXXXXXXXX.XXXXXX | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) XXXXXXXXXX.XXXXXX | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookQueueEvent file_new([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=XXXXXXXXXX.XXXXXX, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, pe=]) XXXXXXXXXX.XXXXXX | HookQueueEvent file_over_new_connection([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Accept-Ranges, ACCEPT-RANGES, bytes) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Connection, CONNECTION, Keep-Alive) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Content-Length, CONTENT-LENGTH, 4705) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Date, DATE, Thu, 07 Mar 2013 21:43:07 GMT) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETag, ETAG, "1261-4c870358a6fc0") XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Keep-Alive, KEEP-ALIVE, timeout=5, max=100) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, Last-Modified, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) XXXXXXXXXX.XXXXXX | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) XXXXXXXXXX.XXXXXX | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=, resp_filenames=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Files::set_info, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_sniff, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(file_state_remove, , ([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}) XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, files(XXXXXXXXXX.XXXXXX,0.0,0.0), 25, {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)}, ) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, http(XXXXXXXXXX.XXXXXX,0.0,0.0), 30, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])}, ) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Files::log_policy([ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=], Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), origin=, request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_filenames=, orig_mime_types=, resp_fuids=[FMnxxt3xjVcWNS2141], resp_filenames=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction Files::set_info([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::code_in_range(200, 100, 199) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Files::LOG, [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CHhAvVGS1DHFjwGM9}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.975693 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=, extracted_cutoff=, extracted_size=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(HTTP::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) XXXXXXXXXX.XXXXXX | HookCallFunction file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXF11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookLogInit files 1/1 {ts (time), fuid (string), tx_hosts (set[addr]), rx_hosts (set[addr]), conn_uids (set[string]), source (string), depth (count), analyzers (set[string]), mime_type (string), filename (string), duration (interval), local_orig (bool), is_orig (bool), seen_bytes (count), total_bytes (count), missing_bytes (count), overflow_bytes (count), timedout (bool), parent_fuid (string), md5 (string), sha1 (string), sha256 (string), extracted (string), extracted_cutoff (bool), extracted_size (count)} XXXXXXXXXX.XXXXXX | HookLogInit http 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), trans_depth (count), method (string), host (string), uri (string), referrer (string), version (string), user_agent (string), origin (string), request_body_len (count), response_body_len (count), status_code (count), status_msg (string), info_code (count), info_msg (string), tags (set[enum]), username (string), password (string), proxied (set[string]), orig_fuids (vector[string]), orig_filenames (vector[string]), orig_mime_types (vector[string]), resp_fuids (vector[string]), resp_filenames (vector[string]), resp_mime_types (vector[string])} XXXXXXXXXX.XXXXXX | HookLogWrite files [ts=XXXXXXXXXX.XXXXXX, fuid=FMnxxt3xjVcWNS2141, tx_hosts=192.150.187.43, rx_hosts=141.142.228.5, conn_uids=CHhAvVGS1DHFjwGM9, source=HTTP, depth=0, analyzers=, mime_type=text/plain, filename=, duration=0.000263, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, extracted=, extracted_cutoff=, extracted_size=] XXXXXXXXXX.XXXXXX | HookLogWrite http [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, trans_depth=1, method=GET, host=bro.org, uri=<...>/plain] XXXXXXXXXX.XXXXXX | HookQueueEvent file_sniff([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain]], inferred=T]) XXXXXXXXXX.XXXXXX | HookQueueEvent file_state_remove([id=FMnxxt3xjVcWNS2141, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, pe=]) XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) XXXXXXXXXX.XXXXXX | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=XXXXXXXXXX.XXXXXX, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::__flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::flush_logs, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Broker::log_flush, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(filter_change_tracking, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_net_stats, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(is_tcp_port, , (59856/tcp)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(sub_bytes, , (HTTP, 0, 1)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(to_lower, , (HTTP)) -> XXXXXXXXXX.XXXXXX MetaHookPost CallFunction(zeek_done, , ()) -> XXXXXXXXXX.XXXXXX MetaHookPost DrainEvents() -> XXXXXXXXXX.XXXXXX MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) -> XXXXXXXXXX.XXXXXX MetaHookPost LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) -> true XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(Broker::log_flush()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(filter_change_tracking()) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false XXXXXXXXXX.XXXXXX MetaHookPost QueueEvent(zeek_done()) -> false XXXXXXXXXX.XXXXXX MetaHookPost UpdateNetworkTime(XXXXXXXXXX.XXXXXX) -> XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::__flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::flush_logs, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Broker::log_flush, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(ChecksumOffloading::check, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::finalize_http, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(filter_change_tracking, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_net_stats, , ()) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(is_tcp_port, , (59856/tcp)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(net_done, , (XXXXXXXXXX.XXXXXX)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(sub_bytes, , (HTTP, 0, 1)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(to_lower, , (HTTP)) XXXXXXXXXX.XXXXXX MetaHookPre CallFunction(zeek_done, , ()) XXXXXXXXXX.XXXXXX MetaHookPre DrainEvents() XXXXXXXXXX.XXXXXX MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}) XXXXXXXXXX.XXXXXX MetaHookPre LogWrite(Log::WRITER_ASCII, default, conn(XXXXXXXXXX.XXXXXX,0.0,0.0), 21, {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}, ) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(Broker::log_flush()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(ChecksumOffloading::check()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=])) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(filter_change_tracking()) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) XXXXXXXXXX.XXXXXX MetaHookPre QueueEvent(zeek_done()) XXXXXXXXXX.XXXXXX MetaHookPre UpdateNetworkTime(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookUpdateNetworkTime XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX | HookCallFunction Broker::__flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::flush_logs() XXXXXXXXXX.XXXXXX | HookCallFunction Broker::log_flush() XXXXXXXXXX.XXXXXX | HookCallFunction ChecksumOffloading::check() XXXXXXXXXX.XXXXXX | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::log_policy([ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=], Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) XXXXXXXXXX.XXXXXX | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::finalize_http([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction Log::__write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) XXXXXXXXXX.XXXXXX | HookCallFunction Log::write(Conn::LOG, [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=211.0 msecs 483.955383 usecs, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=]) XXXXXXXXXX.XXXXXX | HookCallFunction cat(Analyzer::ANALYZER_HTTP, XXXXXXXXXX.XXXXXX, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookCallFunction filter_change_tracking() XXXXXXXXXX.XXXXXX | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookCallFunction get_net_stats() XXXXXXXXXX.XXXXXX | HookCallFunction get_port_transport_proto(80/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) XXXXXXXXXX.XXXXXX | HookCallFunction is_tcp_port(59856/tcp) XXXXXXXXXX.XXXXXX | HookCallFunction net_done(XXXXXXXXXX.XXXXXX) XXXXXXXXXX.XXXXXX | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTPXXXXXXXXXX.XXXXXXT11141.142.228.5:59856 > 192.150.187.43:80) XXXXXXXXXX.XXXXXX | HookCallFunction sub_bytes(HTTP, 0, 1) XXXXXXXXXX.XXXXXX | HookCallFunction to_lower(HTTP) XXXXXXXXXX.XXXXXX | HookCallFunction zeek_done() XXXXXXXXXX.XXXXXX | HookDrainEvents XXXXXXXXXX.XXXXXX | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} XXXXXXXXXX.XXXXXX | HookLogWrite conn [ts=XXXXXXXXXX.XXXXXX, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=] XXXXXXXXXX.XXXXXX | HookQueueEvent Broker::log_flush() XXXXXXXXXX.XXXXXX | HookQueueEvent ChecksumOffloading::check() XXXXXXXXXX.XXXXXX | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=]) XXXXXXXXXX.XXXXXX | HookQueueEvent filter_change_tracking() XXXXXXXXXX.XXXXXX | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=, krb=, modbus=, mysql=, ntlm=, ntp=, radius=, rdp=, rfb=, sip=, sip_state=, snmp=, smb_state=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) XXXXXXXXXX.XXXXXX | HookQueueEvent zeek_done()