#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	ssh
#open	2012-07-20-01-49-21
#fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
#types	time	addr	port	addr	port	string	string
1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	US
1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	UK
1342748961.521536	1.2.3.4	1234	2.3.4.5	80	failure	BR
#close	2012-07-20-01-49-21