diff options
Diffstat (limited to '')
-rw-r--r-- | test/logfile_bro_conn.log.0 | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/test/logfile_bro_conn.log.0 b/test/logfile_bro_conn.log.0 new file mode 100644 index 0000000..305e368 --- /dev/null +++ b/test/logfile_bro_conn.log.0 @@ -0,0 +1,101 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2017-04-16-21-36-10 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1320279554.496300 Cg9xqq3JAcZusspA86 192.168.2.76 52025 208.85.42.28 80 tcp - 2.125850 0 1092421 SF - - 0 ^dAfFa 400 20800 756 1131733 (empty) +1320279567.181431 CdysLK1XpcrXOpVDuh 192.168.2.76 52034 174.129.249.33 80 tcp http 0.082899 389 1495 SF - - 0 ShADdfFa 5 613 4 1667 (empty) +1320279567.452735 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 tcp http 2.561940 905 731 SF - - 0 ShADadfF 9 1289 8 1063 (empty) +1320279567.181050 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 tcp http 3.345539 1856 1445 SF - - 0 ShADadfF 15 2480 13 1969 (empty) +1320279572.537165 Cg66JO6sKx3fvUkQa 192.168.2.76 52014 132.235.215.117 80 tcp - 0.005881 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279578.886650 CIJIDL1ULo4HpT24Gl 192.168.2.76 52052 63.241.108.124 80 tcp http 0.498720 1566 2543 SF - - 0 ShADadfF 6 1830 5 2747 (empty) +1320279577.453637 CEh6Ka2HInkNSH01L2 192.168.2.76 52044 216.34.181.48 80 tcp http 5.077548 596 576 SF - - 0 ShADadfF 6 920 5 848 (empty) +1320279581.284239 CSvRlm1gGNFXUOrtRj 192.168.2.76 52059 207.171.163.23 80 tcp - 5.056486 0 0 SF - - 0 ShAFf 4 184 2 92 (empty) +1320279577.507914 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 tcp http 11.654832 2603 181933 SF - - 0 ShADadfF 80 6775 134 188913 (empty) +1320279590.558878 CKeb0i4BZy3XEHQGvb 192.168.2.76 52077 74.125.225.78 80 tcp - 5.048744 0 0 SF - - 0 ShAFf 4 220 2 112 (empty) +1320279601.552309 CK957ERTz8lBycly4 192.168.2.76 52085 199.59.148.201 80 tcp http 0.237418 883 1071 SF - - 0 ShADadfF 6 1207 5 1339 (empty) +1320279600.826685 CaPClb1Bf0RrRGtyWi 192.168.2.76 52083 192.150.187.43 80 tcp http 5.233472 442 31353 SF - - 0 ShADadfF 20 1494 26 32713 (empty) +1320279600.826441 CmWpSw3VtjiAceBCwf 192.168.2.76 52081 192.150.187.43 80 tcp http 5.233763 446 24258 SF - - 0 ShADadfF 14 1186 21 25358 (empty) +1320279600.826004 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 tcp http 5.404390 886 16577 SF - - 0 ShADadfF 14 1626 17 17469 (empty) +1320279600.825492 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 tcp http 5.496459 1309 17849 SF - - 0 ShADadfF 16 2153 18 18793 (empty) +1320279600.826607 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 tcp http 5.515177 1746 14412 SF - - 0 ShADadfF 14 2486 16 15252 (empty) +1320279600.581672 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 tcp http 5.825503 1599 80801 SF - - 0 ShADadfF 37 3535 63 84085 (empty) +1320279607.998777 CKskol4qPFKjkV6273 192.168.2.76 52022 74.125.225.68 80 tcp - 0.021505 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279607.998577 CtBtCj3jZ4UVo657Dc 192.168.2.76 52023 209.85.145.101 80 tcp - 0.031533 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279611.527848 CurHpb1TGZOktTRNP1 192.168.2.76 52092 199.59.148.201 80 tcp http 0.349795 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty) +1320279612.495344 CuUKOQ1R3CqKBgeTdf 192.168.2.76 52093 199.59.148.201 80 tcp http 0.279806 907 1070 SF - - 0 ShADadfF 6 1231 5 1338 (empty) +1320279613.968096 C3xkHgJnzZszVSTpi 192.168.2.76 52094 199.59.148.201 80 tcp http 0.486591 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty) +1320279611.171273 CINVx040XRWPWdQIOd 192.168.2.76 52091 192.150.187.43 80 tcp - 5.081864 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279601.552622 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 tcp http 15.200059 4078 9556 SF - - 0 ShADadfF 12 4714 13 10240 (empty) +1320279610.744212 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 tcp http 6.499438 1669 37688 SF - - 0 ShADadFf 26 3033 31 39308 (empty) +1320279616.742259 CMrjgF2XLmRh9C9TR4 192.168.2.76 52095 208.85.41.42 80 tcp http 0.604819 546 59445 SF - - 0 ShADadfF 29 2066 45 61793 (empty) +1320279630.486420 CD69521bDXIAb4IkW 192.168.2.76 52097 199.59.148.201 80 tcp http 0.166288 903 1070 SF - - 0 ShADadfF 6 1227 5 1338 (empty) +1320279630.021607 C2vQ8sVgyADHjtEda 192.168.2.76 52096 192.150.187.43 80 tcp http 5.199366 421 15397 SF - - 0 ShADadfF 13 1109 15 16185 (empty) +1320279637.215536 CmxyBl2c8XAMTuHEk4 192.168.2.76 52100 199.59.148.201 80 tcp http 0.264911 905 1068 SF - - 0 ShADadFf 7 1281 5 1336 (empty) +1320279577.687091 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 tcp http 61.298320 1465 22567 SF - - 0 ShADadfF 19 2465 21 23667 (empty) +1320279639.698701 CBX0254QJoklXNbvv2 192.168.2.76 52110 199.59.148.201 80 tcp http 0.283987 901 1067 SF - - 0 ShADadfF 6 1225 5 1335 (empty) +1320279638.450681 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 tcp http 5.709781 758 19809 SF - - 0 ShADadFf 16 1602 20 20857 (empty) +1320279638.954157 C4pHul1H3OeWYz7o7i 192.168.2.76 52102 192.150.187.43 80 tcp http 5.228420 371 498 SF - - 0 ShADadFf 7 747 5 766 (empty) +1320279638.957224 C7Lcvr4vsTf6eYpBva 192.168.2.76 52104 192.150.187.43 80 tcp http 5.231185 340 1443 SF - - 0 ShADadFf 7 716 5 1711 (empty) +1320279638.955996 CV8faD4L1sLL5kDwN9 192.168.2.76 52103 192.150.187.43 80 tcp http 5.243925 338 24829 SF - - 0 ShADadFf 18 1286 22 25981 (empty) +1320279639.349306 CvfUrT2DgYXXoZw9Ah 192.168.2.76 52109 192.150.187.43 80 tcp http 4.862785 400 7004 SF - - 0 ShADadFf 9 880 8 7428 (empty) +1320279639.147746 C6MrHk2C7rLuJqhjsg 192.168.2.76 52107 192.150.187.43 80 tcp http 5.066841 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty) +1320279639.205080 Ccc26E2f7mpxWWj5L2 192.168.2.76 52108 192.150.187.43 80 tcp - 5.009511 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279639.052091 CyiluB4nGodFLEMnX5 192.168.2.76 52105 192.150.187.43 80 tcp - 5.162501 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279639.147610 CxyAKs10ppnHFP6O8i 192.168.2.76 52106 192.150.187.43 80 tcp http 5.066984 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty) +1320279636.698841 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 tcp http 7.515757 1219 28929 SF - - 0 ShADadFf 23 2427 24 30185 (empty) +1320279630.486859 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 tcp http 15.198762 2050 4776 SF - - 0 ShADadfF 8 2478 9 5252 (empty) +1320279673.118128 CRNn9f1zKNlzHSM5pa 192.168.2.76 52112 199.59.148.201 80 tcp http 0.351267 902 1068 SF - - 0 ShADadfF 6 1226 5 1336 (empty) +1320279672.273571 C6Ym6jvMgikT0xTTc 192.168.2.76 52111 192.150.187.43 80 tcp http 5.564817 419 48038 SF - - 0 ShADadfF 23 1627 38 50022 (empty) +1320279579.393218 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 tcp http 0.045584 2503 21124 S1 - - 0 ShADad 13 3191 18 22068 (empty) +1320279567.515293 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 tcp http 23.090143 6335 4537 S1 - - 0 ShADad 18 7283 11 5117 (empty) +1320279581.817559 CGv2Tp4Ngt8MmKmVRd 192.168.2.76 52062 132.235.215.119 80 tcp http 0.007172 600 248 S1 - - 0 ShADad 4 820 3 412 (empty) +1320279571.543053 CsBgiE1WmGP4Yo749h 192.168.2.76 52039 69.171.228.39 80 tcp http 0.308956 417 10451 S1 - - 0 ShADd 9 897 9 10931 (empty) +1320279587.101825 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 tcp http 0.614423 2544 2981 S1 - - 0 ShADad 6 2868 6 3301 (empty) +1320279577.686971 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 tcp http 6.945222 2240 31147 S1 - - 0 ShADad 21 3344 26 32507 (empty) +1320279589.315281 CBHHuR1xFnm5C5CQBc 192.168.2.76 52074 74.125.225.76 80 tcp http 0.059880 373 1158 S1 - - 0 ShADad 4 593 3 1322 (empty) +1320279590.557604 C0K9DaoPFkfnzwlZa 192.168.2.76 52076 74.125.225.78 80 tcp http 0.048630 717 342 S1 - - 0 ShADad 4 937 3 506 (empty) +1320279581.472457 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 tcp http 0.704763 4835 51573 S1 - - 0 ShADad 30 6407 46 53973 (empty) +1320279585.726876 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 tcp http 1.386549 1233 8739 S1 - - 0 ShADad 10 1765 10 9267 (empty) +1320279566.795729 CdrfXZ1NOFPEawF218 192.168.2.76 52028 72.21.211.173 80 tcp http 115.121914 380 2260 SF - - 0 ShADdFf 6 644 4 2432 (empty) +1320279584.599525 Cs5yEZ3ELZTeuTOsP4 192.168.2.76 52064 204.246.169.252 80 tcp http 0.391939 370 64350 S1 - - 0 ShADad 28 1838 47 66802 (empty) +1320279601.555241 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 tcp http 71.619232 4280 704 S1 - - 0 ShADad 10 4812 6 1024 (empty) +1320279580.303255 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 tcp http 0.118609 844 1440 S1 - - 0 ShADad 6 1168 4 1656 (empty) +1320279600.900056 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 tcp http 72.274459 8979 8637 S1 - - 0 ShADad 23 10187 16 9477 (empty) +1320279571.880419 CtANmVrHYMtkWqPE5 192.168.2.76 52041 132.235.215.117 80 tcp http 0.013122 374 1813 S1 - - 0 ShADad 4 594 4 2029 (empty) +1320279577.686764 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 tcp http 6.975476 1916 71870 S1 - - 0 ShADad 37 3852 55 74738 (empty) +1320279581.287819 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 tcp http 0.686395 1601 40796 S1 - - 0 ShADad 21 2705 33 42520 (empty) +1320279586.006470 CbUCgw1DrIGcXzONB7 192.168.2.76 52071 204.246.169.217 80 tcp http 0.092010 381 1322 S1 - - 0 ShADad 4 601 3 1486 (empty) +1320279566.795779 CJwUi9bdB9c1lLW44 192.168.2.76 52029 72.21.211.173 80 tcp http 115.121339 380 2658 SF - - 0 ShADdFf 6 644 4 2830 (empty) +1320279571.880174 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 tcp http 0.673383 1507 12558 S1 - - 0 ShADad 13 2195 14 13302 (empty) +1320279581.284163 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 tcp http 0.335801 736 1674 S1 - - 0 ShADad 6 1000 5 1886 (empty) +1320279577.686914 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 tcp http 6.967534 2207 28633 S1 - - 0 ShADad 22 3363 24 29889 (empty) +1320279586.001630 CWJhMU2cTLEnseTmCb 192.168.2.76 52067 204.246.169.217 80 tcp http 0.136158 381 5225 S1 - - 0 ShADad 5 653 6 5545 (empty) +1320279567.684168 CdZUPH2DKOE7zzCLE3 192.168.2.76 52038 132.235.215.119 80 tcp http 115.202498 449 9019 SF - - 0 ShADadFf 9 929 10 9547 (empty) +1320279579.442948 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 tcp http 0.274905 1028 1071 S1 - - 0 ShADd 6 1292 3 1195 (empty) +1320279579.803083 CaP2LpLGvsmX7yJO 192.168.2.76 52056 74.125.225.91 80 tcp http 0.046347 400 360 S1 - - 0 ShADad 4 620 3 524 (empty) +1320279586.002799 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 tcp http 0.120253 762 3509 S1 - - 0 ShADad 6 1086 6 3829 (empty) +1320279567.667107 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 tcp http 32.451792 6668 13531 S1 - - 0 ShADad 29 8188 29 15047 (empty) +1320279566.795888 CT0JIh479jXIGt0Po1 192.168.2.76 52031 72.21.211.173 80 tcp http 115.121506 380 1981 SF - - 0 ShADdFf 6 644 4 2153 (empty) +1320279566.447996 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 tcp http 116.438679 2063 18235 SF - - 0 ShADadFf 15 2855 18 19179 (empty) +1320279577.686850 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 tcp http 6.973070 1921 280972 S1 - - 0 ShADadt 144 11093 199 291328 (empty) +1320279566.795830 CJxSUgkInyKSHiju1 192.168.2.76 52030 72.21.211.173 80 tcp http 115.121810 380 2686 SF - - 0 ShADdFf 6 644 4 2858 (empty) +1320279601.554581 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 tcp http 35.738404 4220 704 S1 - - 0 ShADad 10 4752 7 1076 (empty) +1320279566.795628 CoX7zA3OJKGUOSCBY2 192.168.2.76 52027 72.21.211.173 80 tcp http 115.121837 380 2948 SF - - 0 ShADdFf 6 644 5 3160 (empty) +1320279577.687031 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 tcp http 6.947920 2582 34114 S1 - - 0 ShADad 26 3946 30 35682 (empty) +1320279584.610492 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 tcp http 4.847647 1218 131460 S1 - - 0 ShADad 55 4090 94 136356 (empty) +1320279588.157960 CYYyja3FFNEnftw3K6 192.168.2.76 52073 74.125.225.72 80 tcp http 0.346895 378 174833 S1 - - 0 ShADadt 77 4718 127 181445 (empty) +1320279571.880844 C4uDKU5tpeRU9Su19 192.168.2.76 52043 132.235.215.117 80 tcp http 0.027676 389 803 S1 - - 0 ShADad 4 609 3 967 (empty) +1320279571.880785 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 tcp http 0.698402 813 45320 S1 - - 0 ShADad 22 1969 34 47096 (empty) +1320279586.004044 C2KnU34GcVV6amo8va 192.168.2.76 52069 204.246.169.217 80 tcp http 0.094285 381 1903 S1 - - 0 ShADad 4 601 4 2119 (empty) +1320279582.210392 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 tcp http 7.278092 1971 508090 S1 - - 0 ShADadt 225 15495 355 526558 (empty) +1320279590.556280 CD1jfU3p9abEm77mzf 192.168.2.76 52075 74.125.225.78 80 tcp http 0.047887 714 342 S1 - - 0 ShADad 4 934 3 506 (empty) +1320279586.005337 C5vx4911iSMAJuShFd 192.168.2.76 52070 204.246.169.217 80 tcp http 0.093133 381 2493 S1 - - 0 ShADad 4 601 4 2709 (empty) +1320279673.118549 CJLgi92kpp2gLgGTE5 192.168.2.76 52113 199.59.148.20 80 tcp http 10.247819 1023 2388 SF - - 0 ShADadfF 6 1347 6 2708 (empty) +1320279579.731320 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 tcp http 0.522914 1493 54251 S1 - - 0 ShADad 30 3065 46 56651 (empty) +1320279601.553361 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 tcp http 71.658218 3168 19975 S1 - - 0 ShADadt 23 4388 29 21491 (empty) +1320279566.796068 C6Q4Vm14ZJIlZhsXqk 192.168.2.76 52032 72.21.211.173 80 tcp http 115.119217 380 2628 SF - - 0 ShADadFf 6 644 5 2840 (empty) +#close 2017-04-16-21-36-10 |