mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
7c2307e079
This changes the HTTP log format slightly but shouldn't mess up anything that anyone was doing because the old "filename" field was never actually filled out. Tests are updated as well.
10 lines
970 B
Text
10 lines
970 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path http
|
|
#open 2016-06-15-05-41-12
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
|
1443732977.728092 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 1 CONNECT secure.newegg.com secure.newegg.com:443 - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0 0 0 200 Connection Established - - (empty) - - PROXY-CONNECTION -> keep-alive - - - - - -
|
|
#close 2016-06-15-05-41-12
|