zeek/testing/btest/Baseline/scripts.base.protocols.smb.smb1/smb_files.log

#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	smb_files
#open	2016-03-09-09-45-49
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	action	path	name	size	times.modified	times.accessed	times.created	times.changed
#types	time	string	addr	port	addr	port	string	enum	string	string	count	time	time	time	time
1403194573.483536	CXWv6p3arKYeMETxOg	192.168.1.78	55770	192.168.1.53	445	-	SMB::UNKNOWN_OPEN	-	<share_root>	0	1403193605.830790	1403193605.830790	1403193211.405449	1403193605.830790
1403194573.484701	CXWv6p3arKYeMETxOg	192.168.1.78	55770	192.168.1.53	445	-	SMB::UNKNOWN_OPEN	-	Test	0	1403193632.973276	1403193632.973276	1403193604.628965	1403193632.973276
1403194574.150293	CXWv6p3arKYeMETxOg	192.168.1.78	55770	192.168.1.53	445	-	SMB::UNKNOWN_OPEN	-	Test\\2009-12 Payroll.xlsx	25940	1403148950.000000	1403193623.046524	1403148950.000000	1403193632.973276
1403194574.232191	CXWv6p3arKYeMETxOg	192.168.1.78	55770	192.168.1.53	445	FyxE5A19VJyangfN54	SMB::UNKNOWN_OPEN	-	Test\\2009-12 Payroll.xlsx	25940	1403148950.000000	1403193623.046524	1403148950.000000	1403193632.973276
#close	2016-03-09-09-45-49