|
app_layer.expectations
|
|
app_layer.[flow,tx].(failed_)$APPLAYER(_udp|_tcp)
|
|
capture.bypassed
|
|
capture.dag_drops
|
|
capture.dag_packets
|
|
capture.errors
|
|
capture.kernel_drops
|
|
capture.kernel_ifdrops
|
|
capture.kernel_packets
|
|
decoder.avg_pkt_size
|
|
decoder.bytes
|
|
decoder.dce.pkt_too_small
|
|
decoder.erspan
|
|
decoder.erspan.header_too_small
|
|
decoder.erspan.too_many_vlan_layers
|
|
decoder.erspan.unsupported_version
|
|
decoder.ethernet
|
|
decoder.ethernet.pkt_too_small
|
|
decoder.gre
|
|
decoder.gre.pkt_too_small
|
|
decoder.gre.version0_flags
|
|
decoder.gre.version0_hdr_too_big
|
|
decoder.gre.version0_malformed_sre_hdr
|
|
decoder.gre.version0_recur
|
|
decoder.gre.version1_chksum
|
|
decoder.gre.version1_flags
|
|
decoder.gre.version1_hdr_too_big
|
|
decoder.gre.version1_malformed_sre_hdr
|
|
decoder.gre.version1_no_key
|
|
decoder.gre.version1_recur
|
|
decoder.gre.version1_route
|
|
decoder.gre.version1_ssr
|
|
decoder.gre.version1_wrong_protocol
|
|
decoder.gre.wrong_version
|
|
decoder.icmpv4
|
|
decoder.icmpv4.ipv4_trunc_pkt
|
|
decoder.icmpv4.ipv4_unknown_ver
|
|
decoder.icmpv4.pkt_too_small
|
|
decoder.icmpv4.unknown_code
|
|
decoder.icmpv4.unknown_type
|
|
decoder.icmpv6
|
|
decoder.icmpv6.experimentation_type
|
|
decoder.icmpv6.ipv6_trunc_pkt
|
|
decoder.icmpv6.ipv6_unknown_version
|
|
decoder.icmpv6.mld_message_with_invalid_hl
|
|
decoder.icmpv6.pkt_too_small
|
|
decoder.icmpv6.unassigned_type
|
|
decoder.icmpv6.unknown_code
|
|
decoder.icmpv6.unknown_type
|
|
decoder.ieee8021ah
|
|
decoder.ieee8021ah.header_too_small
|
|
decoder.invalid
|
|
decoder.ipraw.invalid_ip_version
|
|
decoder.ipv4
|
|
decoder.ipv4.frag_ignored
|
|
decoder.ipv4.frag_overlap
|
|
decoder.ipv4.frag_pkt_too_large
|
|
decoder.ipv4.hlen_too_small
|
|
decoder.ipv4.icmpv6
|
|
decoder.ipv4_in_ipv6
|
|
decoder.ipv4.iplen_smaller_than_hlen
|
|
decoder.ipv4.opt_duplicate
|
|
decoder.ipv4.opt_eol_required
|
|
decoder.ipv4.opt_invalid
|
|
decoder.ipv4.opt_invalid_len
|
|
decoder.ipv4.opt_malformed
|
|
decoder.ipv4.opt_pad_required
|
|
decoder.ipv4.opt_unknown
|
|
decoder.ipv4.pkt_too_small
|
|
decoder.ipv4.trunc_pkt
|
|
decoder.ipv4.wrong_ip_version
|
|
decoder.ipv6
|
|
decoder.ipv6.data_after_none_header
|
|
decoder.ipv6.dstopts_only_padding
|
|
decoder.ipv6.dstopts_unknown_opt
|
|
decoder.ipv6.exthdr_ah_res_not_null
|
|
decoder.ipv6.exthdr_dupl_ah
|
|
decoder.ipv6.exthdr_dupl_dh
|
|
decoder.ipv6.exthdr_dupl_eh
|
|
decoder.ipv6.exthdr_dupl_fh
|
|
decoder.ipv6.exthdr_dupl_hh
|
|
decoder.ipv6.exthdr_dupl_rh
|
|
decoder.ipv6.exthdr_invalid_optlen
|
|
decoder.ipv6.exthdr_useless_fh
|
|
decoder.ipv6.fh_non_zero_reserved_field
|
|
decoder.ipv6.frag_ignored
|
|
decoder.ipv6.frag_overlap
|
|
decoder.ipv6.frag_pkt_too_large
|
|
decoder.ipv6.hopopts_only_padding
|
|
decoder.ipv6.hopopts_unknown_opt
|
|
decoder.ipv6.icmpv4
|
|
decoder.ipv6_in_ipv6
|
|
decoder.ipv6.ipv4_in_ipv6_too_small
|
|
decoder.ipv6.ipv4_in_ipv6_wrong_version
|
|
decoder.ipv6.ipv6_in_ipv6_too_small
|
|
decoder.ipv6.ipv6_in_ipv6_wrong_version
|
|
decoder.ipv6.pkt_too_small
|
|
decoder.ipv6.rh_type_0
|
|
decoder.ipv6.trunc_exthdr
|
|
decoder.ipv6.trunc_pkt
|
|
decoder.ipv6.unknown_next_header
|
|
decoder.ipv6.wrong_ip_version
|
|
decoder.ipv6.zero_len_padn
|
|
decoder.ltnull.pkt_too_small
|
|
decoder.ltnull.unsupported_type
|
|
decoder.max_pkt_size
|
|
decoder.mpls
|
|
decoder.mpls.bad_label_implicit_null
|
|
decoder.mpls.bad_label_reserved
|
|
decoder.mpls.bad_label_router_alert
|
|
decoder.mpls.header_too_small
|
|
decoder.mpls.pkt_too_small
|
|
decoder.mpls.unknown_payload_type
|
|
decoder.null
|
|
decoder.pkts
|
|
decoder.ppp
|
|
decoder.ppp.ip4_pkt_too_small
|
|
decoder.ppp.ip6_pkt_too_small
|
|
decoder.pppoe
|
|
decoder.pppoe.malformed_tags
|
|
decoder.pppoe.pkt_too_small
|
|
decoder.pppoe.wrong_code
|
|
decoder.ppp.pkt_too_small
|
|
decoder.ppp.unsup_proto
|
|
decoder.ppp.vju_pkt_too_small
|
|
decoder.ppp.wrong_type
|
|
decoder.raw
|
|
decoder.sctp
|
|
decoder.sctp.pkt_too_small
|
|
decoder.sll
|
|
decoder.sll.pkt_too_small
|
|
decoder.tcp
|
|
decoder.tcp.hlen_too_small
|
|
decoder.tcp.invalid_optlen
|
|
decoder.tcp.opt_duplicate
|
|
decoder.tcp.opt_invalid_len
|
|
decoder.tcp.pkt_too_small
|
|
decoder.teredo
|
|
decoder.udp
|
|
decoder.udp.hlen_invalid
|
|
decoder.udp.hlen_too_small
|
|
decoder.udp.pkt_too_small
|
|
decoder.vlan
|
|
decoder.vlan.header_too_small
|
|
decoder.vlan_qinq
|
|
decoder.vlan.too_many_layers
|
|
decoder.vlan.unknown_type
|
|
defrag.ipv4.fragments
|
|
defrag.ipv4.reassembled
|
|
defrag.ipv4.timeouts
|
|
defrag.ipv6.fragments
|
|
defrag.ipv6.reassembled
|
|
defrag.ipv6.timeouts
|
|
defrag.max_frag_hits
|
|
detect.alert
|
|
detect.fnonmpm_list
|
|
detect.match_list
|
|
detect.mpm_list
|
|
detect.nonmpm_list
|
|
file_store.fs_errors
|
|
file_store.open_files
|
|
file_store.open_files_max_hit
|
|
flow_bypassed.bytes
|
|
flow_bypassed.closed
|
|
flow_bypassed.pkts
|
|
flow.emerg_mode_entered
|
|
flow.emerg_mode_over
|
|
flow.icmpv4
|
|
flow.icmpv6
|
|
flow.memcap
|
|
flow.memuse
|
|
flow_mgr.bypassed_pruned
|
|
flow_mgr.closed_pruned
|
|
flow_mgr.est_pruned
|
|
flow_mgr.flows_checked
|
|
flow_mgr.flows_notimeout
|
|
flow_mgr.flows_removed
|
|
flow_mgr.flows_timeout
|
|
flow_mgr.flows_timeout_inuse
|
|
flow_mgr.new_pruned
|
|
flow_mgr.rows_busy
|
|
flow_mgr.rows_checked
|
|
flow_mgr.rows_empty
|
|
flow_mgr.rows_maxlen
|
|
flow_mgr.rows_skipped
|
|
flow.spare
|
|
flow.tcp
|
|
flow.tcp_reuse
|
|
flow.udp
|
|
ftp.memcap
|
|
ftp.memuse
|
|
hosts.active
|
|
hosts.pruned
|
|
hosts.spare
|
|
http.memcap
|
|
http.memuse
|
|
ips.accepted
|
|
ips.blocked
|
|
ips.rejected
|
|
ips.replaced
|
|
stream.3whs_ack_data_inject
|
|
stream.3whs_ack_in_wrong_dir
|
|
stream.3whs_async_wrong_seq
|
|
stream.3whs_right_seq_wrong_ack_evasion
|
|
stream.3whs_synack_flood
|
|
stream.3whs_synack_in_wrong_direction
|
|
stream.3whs_synack_resend_with_diff_ack
|
|
stream.3whs_synack_resend_with_diff_seq
|
|
stream.3whs_synack_toserver_on_syn_recv
|
|
stream.3whs_synack_with_wrong_ack
|
|
stream.3whs_syn_resend_diff_seq_on_syn_recv
|
|
stream.3whs_syn_toclient_on_syn_recv
|
|
stream.3whs_wrong_seq_wrong_ack
|
|
stream.4whs_invalid_ack
|
|
stream.4whs_synack_with_wrong_ack
|
|
stream.4whs_synack_with_wrong_syn
|
|
stream.4whs_wrong_seq
|
|
stream.closewait_ack_out_of_window
|
|
stream.closewait_fin_out_of_window
|
|
stream.closewait_invalid_ack
|
|
stream.closewait_pkt_before_last_ack
|
|
stream.closing_ack_wrong_seq
|
|
stream.closing_invalid_ack
|
|
stream.est_invalid_ack
|
|
stream.est_packet_out_of_window
|
|
stream.est_pkt_before_last_ack
|
|
stream.est_synack_resend
|
|
stream.est_synack_resend_with_diff_ack
|
|
stream.est_synack_resend_with_diff_seq
|
|
stream.est_synack_toserver
|
|
stream.est_syn_resend
|
|
stream.est_syn_resend_diff_seq
|
|
stream.est_syn_toclient
|
|
stream.fin1_ack_wrong_seq
|
|
stream.fin1_fin_wrong_seq
|
|
stream.fin1_invalid_ack
|
|
stream.fin2_ack_wrong_seq
|
|
stream.fin2_fin_wrong_seq
|
|
stream.fin2_invalid_ack
|
|
stream.fin_but_no_session
|
|
stream.fin_invalid_ack
|
|
stream.fin_out_of_window
|
|
stream.lastack_ack_wrong_seq
|
|
stream.lastack_invalid_ack
|
|
stream.pkt_bad_window_update
|
|
stream.pkt_broken_ack
|
|
stream.pkt_invalid_ack
|
|
stream.pkt_invalid_timestamp
|
|
stream.pkt_retransmission
|
|
stream.reassembly_no_segment
|
|
stream.reassembly_overlap_different_data
|
|
stream.reassembly_segment_before_base_seq
|
|
stream.reassembly_seq_gap
|
|
stream.rst_but_no_session
|
|
stream.rst_invalid_ack
|
|
stream.shutdown_syn_resend
|
|
stream.suspected_rst_inject
|
|
stream.timewait_ack_wrong_seq
|
|
stream.timewait_invalid_ack
|
|
stream.wrong_thread
|
|
tcp.insert_data_normal_fail
|
|
tcp.insert_data_overlap_fail
|
|
tcp.insert_list_fail
|
|
tcp.invalid_checksum
|
|
tcp.memuse
|
|
tcp.midstream_pickups
|
|
tcp.no_flow
|
|
tcp.overlap
|
|
tcp.overlap_diff_data
|
|
tcp.pkt_on_wrong_thread
|
|
tcp.pseudo
|
|
tcp.pseudo_failed
|
|
tcp.reassembly_gap
|
|
tcp.reassembly_memuse
|
|
tcp.rst
|
|
tcp.segment_memcap_drop
|
|
tcp.sessions
|
|
tcp.ssn_memcap_drop
|
|
tcp.stream_depth_reached
|
|
tcp.syn
|
|
tcp.synack
|