mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 11:08:20 +00:00
22bf3e1196
- The bit-length is adjustable via redef'ing bits_per_uid. - Prefix 'C' is used for connection UIDS (including IP tunnels) and 'F' for files.
70 lines
2.3 KiB
Text
70 lines
2.3 KiB
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-56
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1334074939.467194 CXWv6p3arKYeMETxOg 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
|
#close 2013-08-26-19-34-56
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1332785125.596793 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1332782508.592037 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1334075027.053380 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1334075027.053380 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1334075027.053380 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open 2013-08-26-19-34-57
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
|
#types time string addr port addr port string string bool string
|
|
1334075027.053380 - - - - - routing0_hdr - F bro
|
|
#close 2013-08-26-19-34-57
|