mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
43 lines
1.4 KiB
Text
43 lines
1.4 KiB
Text
# Extent Types ...
|
|
<ExtentType name="DataSeries: ExtentIndex">
|
|
<field type="int64" name="offset" />
|
|
<field type="variable32" name="extenttype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="DataSeries: XmlType">
|
|
<field type="variable32" name="xmltype" />
|
|
</ExtentType>
|
|
|
|
<ExtentType name="ssh" version="1.0" namespace="bro-ids.org">
|
|
<field type="double" name="t" pack_relative="t" pack_scale="1000" pack_scale_warn="no"/>
|
|
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.orig_p" />
|
|
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
|
|
<field type="int64" name="id.resp_p" />
|
|
<field type="variable32" name="status" pack_unique="yes"/>
|
|
<field type="variable32" name="country" pack_unique="yes"/>
|
|
</ExtentType>
|
|
<!-- t : time -->
|
|
<!-- id.orig_h : addr -->
|
|
<!-- id.orig_p : port -->
|
|
<!-- id.resp_h : addr -->
|
|
<!-- id.resp_p : port -->
|
|
<!-- status : string -->
|
|
<!-- country : string -->
|
|
|
|
extent offset ExtentType
|
|
40 DataSeries: XmlType
|
|
416 ssh
|
|
624 DataSeries: ExtentIndex
|
|
# Extent, type='ssh'
|
|
t id.orig_h id.orig_p id.resp_h id.resp_p status country
|
|
X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success unknown
|
|
X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure US
|
|
X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure UK
|
|
X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success BR
|
|
X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure MX
|
|
# Extent, type='DataSeries: ExtentIndex'
|
|
offset extenttype
|
|
40 DataSeries: XmlType
|
|
416 ssh
|
|
624 DataSeries: ExtentIndex
|