mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
99db264775
- Fix for time-as-int on 32-bit systems.
- Skipping ds2txt's index output for test diffing, as it seems
non-portable.
290 lines
10 KiB
Text
290 lines
10 KiB
Text
test.2011-03-07-03-00-05.ds test 11-03-07_03.00.05 11-03-07_04.00.05 0 dataseries
|
|
test.2011-03-07-04-00-05.ds test 11-03-07_04.00.05 11-03-07_05.00.05 0 dataseries
|
|
test.2011-03-07-05-00-05.ds test 11-03-07_05.00.05 11-03-07_06.00.05 0 dataseries
|
|
test.2011-03-07-06-00-05.ds test 11-03-07_06.00.05 11-03-07_07.00.05 0 dataseries
|
|
test.2011-03-07-07-00-05.ds test 11-03-07_07.00.05 11-03-07_08.00.05 0 dataseries
|
|
test.2011-03-07-08-00-05.ds test 11-03-07_08.00.05 11-03-07_09.00.05 0 dataseries
|
|
test.2011-03-07-09-00-05.ds test 11-03-07_09.00.05 11-03-07_10.00.05 0 dataseries
|
|
test.2011-03-07-10-00-05.ds test 11-03-07_10.00.05 11-03-07_11.00.05 0 dataseries
|
|
test.2011-03-07-11-00-05.ds test 11-03-07_11.00.05 11-03-07_12.00.05 0 dataseries
|
|
test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataseries
|
|
> test.2011-03-07-03-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299466805.000000 10.0.0.1 20 10.0.0.2 1024
|
|
1299470395.000000 10.0.0.2 20 10.0.0.3 0
|
|
> test.2011-03-07-04-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299470405.000000 10.0.0.1 20 10.0.0.2 1025
|
|
1299473995.000000 10.0.0.2 20 10.0.0.3 1
|
|
> test.2011-03-07-05-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299474005.000000 10.0.0.1 20 10.0.0.2 1026
|
|
1299477595.000000 10.0.0.2 20 10.0.0.3 2
|
|
> test.2011-03-07-06-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299477605.000000 10.0.0.1 20 10.0.0.2 1027
|
|
1299481195.000000 10.0.0.2 20 10.0.0.3 3
|
|
> test.2011-03-07-07-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299481205.000000 10.0.0.1 20 10.0.0.2 1028
|
|
1299484795.000000 10.0.0.2 20 10.0.0.3 4
|
|
> test.2011-03-07-08-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299484805.000000 10.0.0.1 20 10.0.0.2 1029
|
|
1299488395.000000 10.0.0.2 20 10.0.0.3 5
|
|
> test.2011-03-07-09-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299488405.000000 10.0.0.1 20 10.0.0.2 1030
|
|
1299491995.000000 10.0.0.2 20 10.0.0.3 6
|
|
> test.2011-03-07-10-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299492005.000000 10.0.0.1 20 10.0.0.2 1031
|
|
1299495595.000000 10.0.0.2 20 10.0.0.3 7
|
|
> test.2011-03-07-11-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299495605.000000 10.0.0.1 20 10.0.0.2 1032
|
|
1299499195.000000 10.0.0.2 20 10.0.0.3 8
|
|
> test.2011-03-07-12-00-05.ds
|
|
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="test" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
|
|
# Extent, type='test'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p
|
|
1299499205.000000 10.0.0.1 20 10.0.0.2 1033
|
|
1299502795.000000 10.0.0.2 20 10.0.0.3 9
|