mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
c868a19a28
This feature can be enabled globally for all logs by setting LogAscii::gzip_level to a value greater than 0. This feature can be enabled on a per-log basis by setting gzip-level in $confic to a value greater than 0.
10 lines
552 B
Text
10 lines
552 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ssh-uncompressed
|
|
#open 2017-04-18-16-16-16
|
|
#fields b i e c p sn a d t iv s sc ss se vc ve f
|
|
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
|
|
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1215620010.543210 100.000000 hurz 2,4,1,3 BB,AA,CC (empty) 10,20,30 (empty) SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
|
|
#close 2017-04-18-16-16-16
|