⚲
Project
General
Profile
Sign in
Register
Home
Projects
Help
Search
:
Suricata
All Projects
Suricata
Overview
Activity
Roadmap
Issues
Wiki
Files
Download (4.14 KB)
Bug #2094
» eve.json
resulting eve.json after the test run -
Chris Knott
, 04/12/2017 09:05 AM
{
"timestamp"
:
"2017-04-12T15:18:10.497708+0200"
,
"flow_id"
:
2113556242939039
,
"pcap_cnt"
:
8
,
"event_type"
:
"alert"
,
"src_ip"
:
"172.27.27.41"
,
"src_port"
:
51847
,
"dest_ip"
:
"194.232.104.157"
,
"dest_port"
:
80
,
"proto"
:
"TCP"
,
"alert"
:{
"action"
:
"allowed"
,
"gid"
:
1
,
"signature_id"
:
6677000
,
"rev"
:
1
,
"signature"
:
"Test"
,
"category"
:
""
,
"severity"
:
3
},
"http"
:{
"hostname"
:
"pipe.orf.at"
,
"url"
:
"
\/
zib100
\/
zib100.json?origin=orf.at"
,
"http_user_agent"
:
"Mozilla
\/
5.0 (Windows NT 10.0; Win64; x64) AppleWebKit
\/
537.36 (KHTML, like Gecko) Chrome
\/
57.0.2987.133 Safari
\/
537.36"
,
"http_content_type"
:
"application
\/
json"
,
"http_refer"
:
"http:
\/\/
orf.at
\/
"
,
"http_method"
:
"GET"
,
"protocol"
:
"HTTP
\/
1.1"
,
"status"
:
200
,
"length"
:
306
},
"vars"
:{
"flowvars"
:{
"TestVar"
:
"
\/
zib100
\/
zib100.json?origin=orf.at HTTP
\/
1.1"
}},
"packet"
:
"CJbXrEsWTMxquPkRCABFAAAoY4BAAIAGAACsGxspwuhoncqHAFBDhFIslZlVtVAQAQLy5AAA"
,
"packet_info"
:{
"linktype"
:
1
}}
{
"timestamp"
:
"2017-04-12T15:18:10.497708+0200"
,
"flow_id"
:
2113556242939039
,
"pcap_cnt"
:
8
,
"event_type"
:
"http"
,
"src_ip"
:
"172.27.27.41"
,
"src_port"
:
51847
,
"dest_ip"
:
"194.232.104.157"
,
"dest_port"
:
80
,
"proto"
:
"TCP"
,
"tx_id"
:
0
,
"http"
:{
"hostname"
:
"pipe.orf.at"
,
"url"
:
"
\/
zib100
\/
zib100.json?origin=orf.at"
,
"http_user_agent"
:
"Mozilla
\/
5.0 (Windows NT 10.0; Win64; x64) AppleWebKit
\/
537.36 (KHTML, like Gecko) Chrome
\/
57.0.2987.133 Safari
\/
537.36"
,
"http_content_type"
:
"application
\/
json"
}}
{
"timestamp"
:
"2017-04-12T15:18:10.525937+0200"
,
"flow_id"
:
2113556242939039
,
"pcap_cnt"
:
10
,
"event_type"
:
"fileinfo"
,
"src_ip"
:
"194.232.104.157"
,
"src_port"
:
80
,
"dest_ip"
:
"172.27.27.41"
,
"dest_port"
:
51847
,
"proto"
:
"TCP"
,
"http"
:{
"hostname"
:
"pipe.orf.at"
,
"url"
:
"
\/
zib100
\/
zib100.json?origin=orf.at"
,
"http_user_agent"
:
"Mozilla
\/
5.0 (Windows NT 10.0; Win64; x64) AppleWebKit
\/
537.36 (KHTML, like Gecko) Chrome
\/
57.0.2987.133 Safari
\/
537.36"
,
"http_content_type"
:
"application
\/
json"
,
"http_refer"
:
"http:
\/\/
orf.at
\/
"
,
"http_method"
:
"GET"
,
"protocol"
:
"HTTP
\/
1.1"
,
"status"
:
200
,
"length"
:
306
},
"app_proto"
:
"http"
,
"fileinfo"
:{
"filename"
:
"
\/
zib100
\/
zib100.json"
,
"state"
:
"CLOSED"
,
"stored"
:
false
,
"size"
:
306
,
"tx_id"
:
0
}}
{
"timestamp"
:
"2017-04-12T15:18:10.525937+0200"
,
"flow_id"
:
2113556242939039
,
"event_type"
:
"flow"
,
"src_ip"
:
"172.27.27.41"
,
"src_port"
:
51847
,
"dest_ip"
:
"194.232.104.157"
,
"dest_port"
:
80
,
"proto"
:
"TCP"
,
"app_proto"
:
"http"
,
"flow"
:{
"pkts_toserver"
:
5
,
"pkts_toclient"
:
5
,
"bytes_toserver"
:
657
,
"bytes_toclient"
:
938
,
"start"
:
"2017-04-12T15:18:10.441503+0200"
,
"end"
:
"2017-04-12T15:18:10.525937+0200"
,
"age"
:
0
,
"state"
:
"closed"
,
"reason"
:
"shutdown"
,
"alerted"
:
true
},
"tcp"
:{
"tcp_flags"
:
"1b"
,
"tcp_flags_ts"
:
"1b"
,
"tcp_flags_tc"
:
"1b"
,
"syn"
:
true
,
"fin"
:
true
,
"psh"
:
true
,
"ack"
:
true
,
"state"
:
"closed"
}}
{
"timestamp"
:
"2017-04-12T15:54:03.063515+0200"
,
"event_type"
:
"stats"
,
"stats"
:{
"uptime"
:
0
,
"decoder"
:{
"pkts"
:
10
,
"bytes"
:
1595
,
"invalid"
:
0
,
"ipv4"
:
10
,
"ipv6"
:
0
,
"ethernet"
:
10
,
"raw"
:
0
,
"null"
:
0
,
"sll"
:
0
,
"tcp"
:
10
,
"udp"
:
0
,
"sctp"
:
0
,
"icmpv4"
:
0
,
"icmpv6"
:
0
,
"ppp"
:
0
,
"pppoe"
:
0
,
"gre"
:
0
,
"vlan"
:
0
,
"vlan_qinq"
:
0
,
"teredo"
:
0
,
"ipv4_in_ipv6"
:
0
,
"ipv6_in_ipv6"
:
0
,
"mpls"
:
0
,
"avg_pkt_size"
:
159
,
"max_pkt_size"
:
692
,
"erspan"
:
0
,
"ipraw"
:{
"invalid_ip_version"
:
0
},
"ltnull"
:{
"pkt_too_small"
:
0
,
"unsupported_type"
:
0
},
"dce"
:{
"pkt_too_small"
:
0
}},
"flow"
:{
"memcap"
:
0
,
"spare"
:
10000
,
"emerg_mode_entered"
:
0
,
"emerg_mode_over"
:
0
,
"tcp_reuse"
:
0
,
"memuse"
:
6994584
},
"defrag"
:{
"ipv4"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"ipv6"
:{
"fragments"
:
0
,
"reassembled"
:
0
,
"timeouts"
:
0
},
"max_frag_hits"
:
0
},
"tcp"
:{
"sessions"
:
1
,
"ssn_memcap_drop"
:
0
,
"pseudo"
:
1
,
"pseudo_failed"
:
0
,
"invalid_checksum"
:
0
,
"no_flow"
:
0
,
"syn"
:
1
,
"synack"
:
1
,
"rst"
:
0
,
"segment_memcap_drop"
:
0
,
"stream_depth_reached"
:
0
,
"reassembly_gap"
:
0
,
"memuse"
:
6553600
,
"reassembly_memuse"
:
12332832
},
"detect"
:{
"alert"
:
1
},
"app_layer"
:{
"flow"
:{
"http"
:
1
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"imap"
:
0
,
"msn"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"failed_tcp"
:
0
,
"dcerpc_udp"
:
0
,
"dns_udp"
:
0
,
"failed_udp"
:
0
},
"tx"
:{
"http"
:
1
,
"ftp"
:
0
,
"smtp"
:
0
,
"tls"
:
0
,
"ssh"
:
0
,
"smb"
:
0
,
"dcerpc_tcp"
:
0
,
"dns_tcp"
:
0
,
"dns_udp"
:
0
}},
"flow_mgr"
:{
"closed_pruned"
:
0
,
"new_pruned"
:
0
,
"est_pruned"
:
0
,
"bypassed_pruned"
:
0
,
"flows_checked"
:
1
,
"flows_notimeout"
:
1
,
"flows_timeout"
:
0
,
"flows_timeout_inuse"
:
0
,
"flows_removed"
:
0
,
"rows_checked"
:
65536
,
"rows_skipped"
:
65535
,
"rows_empty"
:
0
,
"rows_busy"
:
0
,
"rows_maxlen"
:
1
},
"dns"
:{
"memuse"
:
0
,
"memcap_state"
:
0
,
"memcap_global"
:
0
},
"http"
:{
"memuse"
:
0
,
"memcap"
:
0
}}}
« Previous
1
2
3
4
5
Next »
(4-4/5)
Loading...