mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 12:38:20 +00:00

These are no longer loaded by default due to the performance impact they cause simply by being loaded (they have event handlers for commonly generated events) and they aren't generally useful enough to justify it.
10 lines
811 B
Text
10 lines
811 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path notice
|
|
#open 2019-06-05-19-31-25
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
|
|
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval string string string double double
|
|
1348168976.557131 ClEkJM2Vm5giqnMf4h 192.168.57.103 35391 192.168.57.101 55968 - - - tcp GridFTP::Data_Channel GridFTP data channel over threshold 2 bytes - 192.168.57.103 192.168.57.101 55968 - - Notice::ACTION_LOG 3600.000000 - - - - -
|
|
#close 2019-06-05-19-31-25
|