mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
037d582b0e
- It's derived from the magic database of libmagic 5.14, but with most everything not related to mime types removed. - The custom database is always used by default for mime detection, but the more verbose file type detection will fall back on the default libmagic installation's database. The result is: mime type strings are now guaranteed to be consistent across platforms, but the verbose file type descriptions are not. - The custom database gets installed in $prefix/share/bro/magic, and should even be extensible if files with new patterns are added inside the directory. - The search path for the mime magic database can be controlled via BROMAGIC environment variable. - Remove mime_desc field from ftp.log. - Stop using the mime/file type canonifier with unit tests. - libmagic >= 5.04 is now a requirement.
21 lines
2.4 KiB
Text
21 lines
2.4 KiB
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ftp
|
|
#open 2013-04-12-16-32-25
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type file_size reply_code reply_msg tags data_channel.passive data_channel.orig_h data_channel.resp_h data_channel.resp_p extraction_file
|
|
#types time string addr port addr port string string string string string count count string table[string] bool addr addr port string
|
|
1329843175.680248 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test PASV - - - 227 Entering Passive Mode (199,233,217,249,221,90) (empty) T 141.142.220.235 199.233.217.249 56666 -
|
|
1329843175.791528 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test LIST - - - 226 Transfer complete. (empty) - - - - -
|
|
1329843179.815947 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test PASV - - - 227 Entering Passive Mode (199,233,217,249,221,91) (empty) T 141.142.220.235 199.233.217.249 56667 -
|
|
1329843193.984222 arKYeMETxOg 141.142.220.235 37604 199.233.217.249 56666 <ftp-data> - - - - - - - (empty) - - - - ftp-item-Rqjkzoroau4-0.dat
|
|
1329843193.984222 k6kgXLOoSKl 141.142.220.235 59378 199.233.217.249 56667 <ftp-data> - - - - - - - (empty) - - - - ftp-item-BTsa70Ua9x7-1.dat
|
|
1329843179.926563 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain 77 226 Transfer complete. (empty) - - - - -
|
|
1329843194.040188 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test PORT 141,142,220,235,131,46 - - 200 PORT command successful. (empty) F 199.233.217.249 141.142.220.235 33582 -
|
|
1329843194.095782 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test LIST - - - 226 Transfer complete. (empty) - - - - -
|
|
1329843197.672179 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test PORT 141,142,220,235,147,203 - - 200 PORT command successful. (empty) F 199.233.217.249 141.142.220.235 37835 -
|
|
1329843199.968212 nQcgTWjvg4c 199.233.217.249 61920 141.142.220.235 33582 <ftp-data> - - - - - - - (empty) - - - - ftp-item-VLQvJybrm38-2.dat
|
|
1329843197.727769 UWkUyAuUGXf 141.142.220.235 50003 199.233.217.249 21 anonymous test RETR ftp://199.233.217.249/./robots.txt text/plain 77 226 Transfer complete. (empty) - - - - -
|
|
1329843200.079930 j4u32Pc5bif 199.233.217.249 61918 141.142.220.235 37835 <ftp-data> - - - - - - - (empty) - - - - ftp-item-zrfwSs9K1yk-3.dat
|
|
#close 2013-04-12-16-32-25
|