1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
{
"$schema": "https://lnav.org/schemas/format-v1.schema.json",
"pcap_log": {
"json": true,
"title": "Packet Capture",
"description": "Internal format for pcap files",
"convert-to-local-time": true,
"converter": {
"header": {
"expr": {
"pcapng": ":header REGEXP '^0a0d0d0a.{8}(?:1a2b3c4d|4d3c2b1a).*'",
"pcap": ":header REGEXP '^(?:a1b2c3d4|d4c3b2a1|a1b23c4d|4d3cb2a1).*'"
},
"size": 24
},
"command": "pcap_log-converter.sh"
},
"line-format": [
{
"field": "time"
},
" ",
{
"field": "source",
"auto-width": true,
"align": "right"
},
" → ",
{
"field": "destination",
"auto-width": true,
"align": "left"
},
" ",
{
"field": "protocol",
"auto-width": true,
"align": "left"
},
" ",
{
"field": "length",
"auto-width": true,
"align": "right"
},
" ",
{
"field": "info"
}
],
"level": {
"warning": "^6291456$",
"error": "^8388608$"
},
"timestamp-field": "time",
"level-pointer": "/_ws_expert__ws_expert_severity$",
"body-field": "info",
"hide-extra": true,
"value": {
"source": {
"kind": "string",
"foreign-key": true,
"collate": "ipaddress",
"identifier": true
},
"destination": {
"kind": "string",
"foreign-key": true,
"collate": "ipaddress",
"identifier": true
},
"protocol": {
"kind": "string",
"identifier": true
},
"length": {
"kind": "integer"
},
"info": {
"kind": "string"
},
"layers": {
"kind": "json",
"hidden": true
}
}
}
}
|
