Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt
Robin Sommer fabe891d4f Fixing pack_scale and time-as-int. 
Also removing now unneccessary canonifier script, and updating test
baselines.
2012-05-14 22:04:57 -07:00

43 lines
1.5 KiB
Text
Raw Blame History

# Extent Types ...
<ExtentType name="DataSeries: ExtentIndex">
<field type="int64" name="offset" />
<field type="variable32" name="extenttype" />
</ExtentType>
<ExtentType name="DataSeries: XmlType">
<field type="variable32" name="xmltype" />
</ExtentType>
<ExtentType name="ssh" version="1.0" namespace="bro-ids.org">
<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
<field type="variable32" name="id.orig_h" pack_unique="yes"/>
<field type="int64" name="id.orig_p" />
<field type="variable32" name="id.resp_h" pack_unique="yes"/>
<field type="int64" name="id.resp_p" />
<field type="variable32" name="status" pack_unique="yes"/>
<field type="variable32" name="country" pack_unique="yes"/>
</ExtentType>
<!-- t : time -->
<!-- id.orig_h : addr -->
<!-- id.orig_p : port -->
<!-- id.resp_h : addr -->
<!-- id.resp_p : port -->
<!-- status : string -->
<!-- country : string -->
extent offset ExtentType
40 DataSeries: XmlType
436 ssh
644 DataSeries: ExtentIndex
# Extent, type='ssh'
t id.orig_h id.orig_p id.resp_h id.resp_p status country
1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success unknown
1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure US
1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure UK
1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success BR
1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure MX
# Extent, type='DataSeries: ExtentIndex'
offset extenttype
40 DataSeries: XmlType
436 ssh
644 DataSeries: ExtentIndex
Reference in a new issue View git blame Copy permalink