Created
October 24, 2021 15:08
-
-
Save mccanne/94865d557ca3de8abfd3eb09e8ac74da to your computer and use it in GitHub Desktop.
Sample ZSON output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % zq -Z "sample" zed-sample-data/zng/*.gz | |
| { | |
| sample: { | |
| _path: "conn", | |
| ts: 2018-03-24T17:15:21.255387Z, | |
| uid: "C8Tful1TvM3Zf5x8fl" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 39681 (port=(uint16)), | |
| resp_h: 10.47.3.155, | |
| resp_p: 3389 (port) | |
| }, | |
| proto: "tcp" (=zenum), | |
| service: null (bstring), | |
| duration: 4.266ms, | |
| orig_bytes: 97 (uint64), | |
| resp_bytes: 19 (uint64), | |
| conn_state: "RSTR" (bstring), | |
| local_orig: null (bool), | |
| local_resp: null (bool), | |
| missed_bytes: 0 (uint64), | |
| history: "ShADTdtr" (bstring), | |
| orig_pkts: 10 (uint64), | |
| orig_ip_bytes: 730 (uint64), | |
| resp_pkts: 6 (uint64), | |
| resp_ip_bytes: 342 (uint64), | |
| tunnel_parents: null (|[bstring]|) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "files", | |
| ts: 2018-03-24T17:15:20.61093Z, | |
| fuid: "FnHkIl1kylqZ3O9xhg" (bstring), | |
| tx_hosts: |[ | |
| 10.47.3.200 | |
| ]|, | |
| rx_hosts: |[ | |
| 10.164.94.120 | |
| ]|, | |
| conn_uids: |[ | |
| "CpQfkTi8xytq87HW2" (bstring) | |
| ]|, | |
| source: "HTTP" (bstring), | |
| depth: 0 (uint64), | |
| analyzers: |[ | |
| "MD5" (bstring), | |
| "SHA1" (bstring) | |
| ]|, | |
| mime_type: "text/html" (bstring), | |
| filename: null (bstring), | |
| duration: 0s, | |
| local_orig: null (bool), | |
| is_orig: false, | |
| seen_bytes: 56 (uint64), | |
| total_bytes: 56 (uint64), | |
| missing_bytes: 0 (uint64), | |
| overflow_bytes: 0 (uint64), | |
| timedout: false, | |
| parent_fuid: null (bstring), | |
| md5: "1af14d7af05c8f819e29eb1852fe94ff" (bstring), | |
| sha1: "dcc188320985cb95a175ca127f4ac8f3f5140149" (bstring), | |
| sha256: null (bstring), | |
| extracted: null (bstring), | |
| extracted_cutoff: null (bool), | |
| extracted_size: null (uint64) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "pe", | |
| ts: 2018-03-24T17:15:54.475076Z, | |
| id: "FC6cOXTjuh6OdYwu5" (bstring), | |
| machine: "I386" (bstring), | |
| compile_ts: 2010-07-12T21:46:18Z, | |
| os: "Windows 95 or NT 4.0" (bstring), | |
| subsystem: "WINDOWS_GUI" (bstring), | |
| is_exe: true, | |
| is_64bit: false, | |
| uses_aslr: false, | |
| uses_dep: false, | |
| uses_code_integrity: false, | |
| uses_seh: true, | |
| has_import_table: true, | |
| has_export_table: false, | |
| has_cert_table: false, | |
| has_debug_data: false, | |
| section_names: [ | |
| ".text" (bstring), | |
| ".data" (bstring), | |
| ".rdata" (bstring), | |
| ".bss" (bstring), | |
| ".idata" (bstring) | |
| ] | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "rdp", | |
| ts: 2018-03-24T17:15:21.258458Z, | |
| uid: "C8Tful1TvM3Zf5x8fl" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 39681 (port=(uint16)), | |
| resp_h: 10.47.3.155, | |
| resp_p: 3389 (port) | |
| }, | |
| cookie: null (bstring), | |
| result: "encrypted" (bstring), | |
| security_protocol: "HYBRID" (bstring), | |
| client_channels: null ([bstring]), | |
| keyboard_layout: null (bstring), | |
| client_build: null (bstring), | |
| client_name: null (bstring), | |
| client_dig_product_id: null (bstring), | |
| desktop_width: null (uint64), | |
| desktop_height: null (uint64), | |
| requested_color_depth: null (bstring), | |
| cert_type: null (bstring), | |
| cert_count: 0 (uint64), | |
| cert_permanent: null (bool), | |
| encryption_level: null (bstring), | |
| encryption_method: null (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "snmp", | |
| ts: 2018-03-24T17:15:47.618446Z, | |
| uid: "Cn0nyq1LeKYDkWVHmd" (bstring), | |
| id: { | |
| orig_h: 10.47.1.152, | |
| orig_p: 61459 (port=(uint16)), | |
| resp_h: 10.0.0.85, | |
| resp_p: 161 (port) | |
| }, | |
| duration: 1.358ms, | |
| version: "1" (bstring), | |
| community: "internal" (bstring), | |
| get_requests: 2 (uint64), | |
| get_bulk_requests: 0 (uint64), | |
| get_responses: 2 (uint64), | |
| set_requests: 0 (uint64), | |
| display_string: null (bstring), | |
| up_since: null (time) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "capture_loss", | |
| ts: 2018-03-24T17:30:20.600852Z, | |
| ts_delta: 15m127us, | |
| peer: "zeek" (bstring), | |
| gaps: 1400 (uint64), | |
| acks: 1414346 (uint64), | |
| percent_lost: 0.098986 | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "dce_rpc", | |
| ts: 2018-03-24T17:15:25.396014Z, | |
| uid: "CgxsNA1p2d0BurXd7c" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 36643 (port=(uint16)), | |
| resp_h: 10.47.3.151, | |
| resp_p: 1030 (port) | |
| }, | |
| rtt: 431us, | |
| named_pipe: "1030" (bstring), | |
| endpoint: "samr" (bstring), | |
| operation: "SamrConnect2" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "dns", | |
| ts: 2018-03-24T17:15:20.865716Z, | |
| uid: "C2zK5f13SbCtKcyiW5" (bstring), | |
| id: { | |
| orig_h: 10.47.1.100, | |
| orig_p: 41772 (port=(uint16)), | |
| resp_h: 10.0.0.100, | |
| resp_p: 53 (port) | |
| }, | |
| proto: "udp" (=zenum), | |
| trans_id: 36329 (uint64), | |
| rtt: 870us, | |
| query: "ise.wrccdc.org" (bstring), | |
| qclass: 1 (uint64), | |
| qclass_name: "C_INTERNET" (bstring), | |
| qtype: 1 (uint64), | |
| qtype_name: "A" (bstring), | |
| rcode: 0 (uint64), | |
| rcode_name: "NOERROR" (bstring), | |
| AA: false, | |
| TC: false, | |
| RD: true, | |
| RA: true, | |
| Z: 0 (uint64), | |
| answers: [ | |
| "ise.wrccdc.cpp.edu" (bstring), | |
| "134.71.3.16" (bstring) | |
| ], | |
| TTLs: [ | |
| 37m10s, | |
| 11h37m10s | |
| ], | |
| rejected: false | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "dpd", | |
| ts: 2018-03-24T17:15:21.155638Z, | |
| uid: "CYGOnV3BIdoiWKveXg" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 36171 (port=(uint16)), | |
| resp_h: 10.47.8.218, | |
| resp_p: 80 (port) | |
| }, | |
| proto: "tcp" (=zenum), | |
| analyzer: "HTTP" (bstring), | |
| failure_reason: "not a http request line" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "http", | |
| ts: 2018-03-24T17:15:20.609736Z, | |
| uid: "CpQfkTi8xytq87HW2" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 36729 (port=(uint16)), | |
| resp_h: 10.47.3.200, | |
| resp_p: 80 (port) | |
| }, | |
| trans_depth: 1 (uint64), | |
| method: "GET" (bstring), | |
| host: "10.47.3.200" (bstring), | |
| uri: "/chassis/config/GeneralChassisConfig.html" (bstring), | |
| referrer: null (bstring), | |
| version: "1.1" (bstring), | |
| user_agent: "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" (bstring), | |
| origin: null (bstring), | |
| request_body_len: 0 (uint64), | |
| response_body_len: 56 (uint64), | |
| status_code: 301 (uint64), | |
| status_msg: "Moved Permanently" (bstring), | |
| info_code: null (uint64), | |
| info_msg: null (bstring), | |
| tags: |[]| (|[zenum=(string)]|), | |
| username: null (bstring), | |
| password: null (bstring), | |
| proxied: null (|[bstring]|), | |
| orig_fuids: null ([bstring]), | |
| orig_filenames: null ([bstring]), | |
| orig_mime_types: null ([bstring]), | |
| resp_fuids: [ | |
| "FnHkIl1kylqZ3O9xhg" (bstring) | |
| ], | |
| resp_filenames: null ([bstring]), | |
| resp_mime_types: [ | |
| "text/html" (bstring) | |
| ] | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "notice", | |
| ts: 2018-03-24T17:15:20.629574Z, | |
| uid: "C9zBQP1nnfBHxUTEY1" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 39611 (port=(uint16)), | |
| resp_h: 10.47.3.200, | |
| resp_p: 443 (port) | |
| }, | |
| fuid: "FYNFkU3KccxXgIuUg5" (bstring), | |
| file_mime_type: null (bstring), | |
| file_desc: null (bstring), | |
| proto: "tcp" (=zenum), | |
| note: "SSL::Invalid_Server_Cert" (zenum), | |
| msg: "SSL certificate validation failed with (unable to get local issuer certificate)" (bstring), | |
| sub: "unstructuredName=1315656901\\,564d7761726520496e632e,CN=localhost.localdomain,emailAddress=ssl-certificates@vmware.com,OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US" (bstring), | |
| src: 10.164.94.120, | |
| dst: 10.47.3.200, | |
| p: 443 (port), | |
| n: null (uint64), | |
| peer_descr: null (bstring), | |
| actions: |[ | |
| "Notice::ACTION_LOG" (zenum) | |
| ]|, | |
| suppress_for: 1h, | |
| remote_location: { | |
| country_code: null (bstring), | |
| region: null (bstring), | |
| city: null (bstring), | |
| latitude: null (float64), | |
| longitude: null (float64) | |
| } | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "rfb", | |
| ts: 2018-03-24T17:17:49.61413Z, | |
| uid: "Crk1O423kaUofTAgk6" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 33671 (port=(uint16)), | |
| resp_h: 10.47.3.142, | |
| resp_p: 5900 (port) | |
| }, | |
| client_major_version: "003" (bstring), | |
| client_minor_version: "008" (bstring), | |
| server_major_version: "003" (bstring), | |
| server_minor_version: "008" (bstring), | |
| authentication_method: "None" (bstring), | |
| auth: null (bool), | |
| share_flag: null (bool), | |
| desktop_name: null (bstring), | |
| width: null (uint64), | |
| height: null (uint64) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "smb_mapping", | |
| ts: 2018-03-24T17:15:21.382822Z, | |
| uid: "Cw1oXoNYq5x55u80d" (bstring), | |
| id: { | |
| orig_h: 10.128.0.233, | |
| orig_p: 52298 (port=(uint16)), | |
| resp_h: 10.47.21.25, | |
| resp_p: 445 (port) | |
| }, | |
| path: "\\\\10.47.21.25\\ADMIN$" (bstring), | |
| service: null (bstring), | |
| native_file_system: null (bstring), | |
| share_type: "DISK" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "smtp", | |
| ts: 2018-03-24T17:15:21.789543Z, | |
| uid: "ClFosj1Mnhyu5AogRe" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 38041 (port=(uint16)), | |
| resp_h: 10.47.8.208, | |
| resp_p: 25 (port) | |
| }, | |
| trans_depth: 1 (uint64), | |
| helo: "10.164.94.120" (bstring), | |
| mailfrom: null (bstring), | |
| rcptto: null (|[bstring]|), | |
| date: null (bstring), | |
| from: null (bstring), | |
| to: null (|[bstring]|), | |
| cc: null (|[bstring]|), | |
| reply_to: null (bstring), | |
| msg_id: null (bstring), | |
| in_reply_to: null (bstring), | |
| subject: null (bstring), | |
| x_originating_ip: null (ip), | |
| first_received: null (bstring), | |
| second_received: null (bstring), | |
| last_reply: "220 2.0.0 SMTP server ready" (bstring), | |
| path: [ | |
| 10.47.8.208, | |
| 10.164.94.120 | |
| ], | |
| user_agent: null (bstring), | |
| tls: true, | |
| fuids: [] ([bstring]), | |
| is_webmail: false | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "syslog", | |
| ts: 2018-03-24T17:15:47.733658Z, | |
| uid: "CWdgwHv7Hax2fhQQ2" (bstring), | |
| id: { | |
| orig_h: 10.47.22.82, | |
| orig_p: 62695 (port=(uint16)), | |
| resp_h: 10.47.2.153, | |
| resp_p: 514 (port) | |
| }, | |
| proto: "udp" (=zenum), | |
| facility: "LOCAL0" (bstring), | |
| severity: "INFO" (bstring), | |
| message: "1 2018-03-24T08:59:37-07:00 PC-helen.jerry.land EvntSLog - - - @cee: {\"source\": \"PC-helen.jerry.land\", \"msg\": \"The Multimedia Class Scheduler service entered the stopped state.\", \"nteventlogtype\": \"System\", \"sourceproc\": \"Service Control Manager\", \"id\": \"7036\", \"categoryid\": \"0\", \"category\": \"0\", \"keywordid\": \"0x8080000000000000\", \"user\": \"N\\\\A\", \"param1\": \"Multimedia Class Scheduler\", \"param2\": \"stopped\", \"catname\": \"\", \"keyword\": \"Classic\", \"level\": \"Information\"}" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "weird", | |
| ts: 2018-03-24T17:15:20.600843Z, | |
| uid: "C1zOivgBT6dBmknqk" (bstring), | |
| id: { | |
| orig_h: 10.47.1.152, | |
| orig_p: 49562 (port=(uint16)), | |
| resp_h: 23.217.103.245, | |
| resp_p: 80 (port) | |
| }, | |
| name: "TCP_ack_underflow_or_misorder" (bstring), | |
| addl: null (bstring), | |
| notice: false, | |
| peer: "zeek" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "ftp", | |
| ts: 2018-03-24T17:15:24.699488Z, | |
| uid: "ChkumY1k35TmZFL0V3" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 45905 (port=(uint16)), | |
| resp_h: 10.47.27.80, | |
| resp_p: 21 (port) | |
| }, | |
| user: "anonymous" (bstring), | |
| password: "nessus@nessus.org" (bstring), | |
| command: "PASV" (bstring), | |
| arg: null (bstring), | |
| mime_type: null (bstring), | |
| file_size: null (uint64), | |
| reply_code: 227 (uint64), | |
| reply_msg: "Entering Passive Mode (172,20,0,80,200,63)." (bstring), | |
| data_channel: { | |
| passive: true, | |
| orig_h: 10.164.94.120, | |
| resp_h: 172.20.0.80, | |
| resp_p: 51263 (port) | |
| }, | |
| fuid: null (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "kerberos", | |
| ts: 2018-03-24T17:18:05.713879Z, | |
| uid: "CPgDfK2YhmDdJb7Hl5" (bstring), | |
| id: { | |
| orig_h: 10.128.0.241, | |
| orig_p: 58444 (port=(uint16)), | |
| resp_h: 10.47.1.208, | |
| resp_p: 808 (port) | |
| }, | |
| request_type: "AS" (bstring), | |
| client: "/NM" (bstring), | |
| service: "krbtgt/NM" (bstring), | |
| success: null (bool), | |
| error_msg: null (bstring), | |
| from: null (time), | |
| till: 1970-01-01T00:00:00Z, | |
| cipher: null (bstring), | |
| forwardable: true, | |
| renewable: true, | |
| client_cert_subject: null (bstring), | |
| client_cert_fuid: null (bstring), | |
| server_cert_subject: null (bstring), | |
| server_cert_fuid: null (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "modbus", | |
| ts: 2018-03-24T17:15:33.9126Z, | |
| uid: "CcOKdD3Gm2meywFy82" (bstring), | |
| id: { | |
| orig_h: 10.128.0.242, | |
| orig_p: 56952 (port=(uint16)), | |
| resp_h: 10.47.8.54, | |
| resp_p: 502 (port) | |
| }, | |
| func: "unknown-100" (bstring), | |
| exception: null (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "ntlm", | |
| ts: 2018-03-24T17:15:21.608646Z, | |
| uid: "ChZRry3Z4kv3i25TJf" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 36315 (port=(uint16)), | |
| resp_h: 10.47.8.208, | |
| resp_p: 445 (port) | |
| }, | |
| username: null (bstring), | |
| hostname: null (bstring), | |
| domainname: null (bstring), | |
| server_nb_computer_name: "SNOZBERRY" (bstring), | |
| server_dns_computer_name: "Snozberry.factory.oompa.loompa" (bstring), | |
| server_tree_name: "factory.oompa.loompa" (bstring), | |
| success: true | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "ntp", | |
| ts: 2018-03-24T17:15:25.733635Z, | |
| uid: "CYsbY620656cf4K3Ig" (bstring), | |
| id: { | |
| orig_h: 10.47.3.50, | |
| orig_p: 52184 (port=(uint16)), | |
| resp_h: 41.231.53.4, | |
| resp_p: 123 (port) | |
| }, | |
| version: 4 (uint64), | |
| mode: 3 (uint64), | |
| stratum: 0 (uint64), | |
| poll: 1s, | |
| precision: 1s, | |
| root_delay: 0s, | |
| root_disp: 0s, | |
| ref_id: "\x00\x00\x00\x00" (bstring), | |
| ref_time: 1970-01-01T00:00:00Z, | |
| org_time: 1970-01-01T00:00:00Z, | |
| rec_time: 1970-01-01T00:00:00Z, | |
| xmt_time: 2018-03-24T17:15:13.139938Z, | |
| num_exts: 0 (uint64) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "ssh", | |
| ts: 2018-03-24T17:16:39.739898Z, | |
| uid: "Ce1G5IqVmvuz9a405" (bstring), | |
| id: { | |
| orig_h: 10.0.0.227, | |
| orig_p: 59849 (port=(uint16)), | |
| resp_h: 10.47.8.50, | |
| resp_p: 22 (port) | |
| }, | |
| version: 2 (uint64), | |
| auth_success: true, | |
| auth_attempts: 1 (uint64), | |
| direction: null (zenum=(string)), | |
| client: "SSH-2.0-OpenSSH_7.6" (bstring), | |
| server: "SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3" (bstring), | |
| cipher_alg: "chacha20-poly1305@openssh.com" (bstring), | |
| mac_alg: "umac-64-etm@openssh.com" (bstring), | |
| compression_alg: "none" (bstring), | |
| kex_alg: "curve25519-sha256" (bstring), | |
| host_key_alg: "ecdsa-sha2-nistp256" (bstring), | |
| host_key: "2d:37:6b:11:43:f8:96:08:fe:60:42:20:98:9f:75:af" (bstring), | |
| remote_location: { | |
| country_code: null (bstring), | |
| region: null (bstring), | |
| city: null (bstring), | |
| latitude: null (float64), | |
| longitude: null (float64) | |
| } | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "ssl", | |
| ts: 2018-03-24T17:15:20.615923Z, | |
| uid: "C9zBQP1nnfBHxUTEY1" (bstring), | |
| id: { | |
| orig_h: 10.164.94.120, | |
| orig_p: 39611 (port=(uint16)), | |
| resp_h: 10.47.3.200, | |
| resp_p: 443 (port) | |
| }, | |
| version: "TLSv10" (bstring), | |
| cipher: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" (bstring), | |
| curve: "secp256r1" (bstring), | |
| server_name: null (bstring), | |
| resumed: false, | |
| last_alert: null (bstring), | |
| next_protocol: null (bstring), | |
| established: true, | |
| cert_chain_fuids: [ | |
| "FYNFkU3KccxXgIuUg5" (bstring) | |
| ], | |
| client_cert_chain_fuids: [] ([bstring]), | |
| subject: "unstructuredName=1315656901\\,564d7761726520496e632e,CN=localhost.localdomain,emailAddress=ssl-certificates@vmware.com,OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US" (bstring), | |
| issuer: "O=VMware Installer" (bstring), | |
| client_subject: null (bstring), | |
| client_issuer: null (bstring), | |
| validation_status: "unable to get local issuer certificate" (bstring) | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "x509", | |
| ts: 2018-03-24T17:15:20.624556Z, | |
| id: "FYNFkU3KccxXgIuUg5" (bstring), | |
| certificate: { | |
| version: 3 (uint64), | |
| serial: "CC57FE54011E" (bstring), | |
| subject: "unstructuredName=1315656901\\,564d7761726520496e632e,CN=localhost.localdomain,emailAddress=ssl-certificates@vmware.com,OU=VMware ESX Server Default Certificate,O=VMware\\, Inc,L=Palo Alto,ST=California,C=US" (bstring), | |
| issuer: "O=VMware Installer" (bstring), | |
| not_valid_before: 2011-09-10T19:15:02Z, | |
| not_valid_after: 2023-03-11T20:15:02Z, | |
| key_alg: "rsaEncryption" (bstring), | |
| sig_alg: "sha256WithRSAEncryption" (bstring), | |
| key_type: "rsa" (bstring), | |
| key_length: 2048 (uint64), | |
| exponent: "65537" (bstring), | |
| curve: null (bstring) | |
| }, | |
| san: { | |
| dns: [ | |
| "localhost.localdomain" (bstring) | |
| ], | |
| uri: null ([bstring]), | |
| email: null ([bstring]), | |
| ip: null ([ip]) | |
| }, | |
| basic_constraints: { | |
| ca: false, | |
| path_len: null (uint64) | |
| } | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "smb_files", | |
| ts: 2018-03-24T17:15:54.600639Z, | |
| uid: "CWyKrz4YlSyPGoE8Bf" (bstring), | |
| id: { | |
| orig_h: 10.128.0.214, | |
| orig_p: 41717 (port=(uint16)), | |
| resp_h: 10.47.8.142, | |
| resp_p: 445 (port) | |
| }, | |
| fuid: null (bstring), | |
| action: "SMB::FILE_OPEN" (=zenum), | |
| path: null (bstring), | |
| name: "\\svcctl" (bstring), | |
| size: 0 (uint64), | |
| prev_name: null (bstring), | |
| times: { | |
| modified: null (time), | |
| accessed: null (time), | |
| created: null (time), | |
| changed: null (time) | |
| } | |
| } | |
| } | |
| { | |
| sample: { | |
| _path: "stats", | |
| ts: 2018-03-24T17:15:20.600725Z, | |
| peer: "zeek" (bstring), | |
| mem: 74 (uint64), | |
| pkts_proc: 26 (uint64), | |
| bytes_recv: 29375 (uint64), | |
| pkts_dropped: null (uint64), | |
| pkts_link: null (uint64), | |
| pkt_lag: null (duration), | |
| events_proc: 404 (uint64), | |
| events_queued: 11 (uint64), | |
| active_tcp_conns: 1 (uint64), | |
| active_udp_conns: 0 (uint64), | |
| active_icmp_conns: 0 (uint64), | |
| tcp_conns: 1 (uint64), | |
| udp_conns: 0 (uint64), | |
| icmp_conns: 0 (uint64), | |
| timers: 36 (uint64), | |
| active_timers: 32 (uint64), | |
| files: 0 (uint64), | |
| active_files: 0 (uint64), | |
| dns_requests: 0 (uint64), | |
| active_dns_requests: 0 (uint64), | |
| reassem_tcp_size: 1528 (uint64), | |
| reassem_file_size: 0 (uint64), | |
| reassem_frag_size: 0 (uint64), | |
| reassem_unknown_size: 0 (uint64) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment