6.2 KiB
6.2 KiB
| 1 | common_recv_time | common_log_id | common_stream_trace_id | common_direction | common_stream_dir | common_start_time | common_end_time | common_con_duration_ms | common_establish_latency_ms | common_processing_time | common_ingestion_time | common_entrance_id | common_device_id | common_egress_link_id | common_ingress_link_id | common_isp | common_data_center | common_sled_ip | common_device_group | common_app_behavior | common_action | common_sub_action | common_policy_id | common_user_tags | common_user_region | common_client_ip | common_internal_ip | common_client_port | common_client_location | common_client_asn | common_subscriber_id | common_imei | common_imsi | common_phone_number | common_server_ip | common_external_ip | common_server_port | common_server_location | common_server_asn | common_app_id | common_userdefine_app_name | common_app_identify_info | common_app_label | common_app_surrogate_id | common_l7_protocol | common_protocol_label | common_service_category | common_service | common_l4_protocol | common_sessions | common_c2s_pkt_num | common_s2c_pkt_num | common_c2s_pkt_diff | common_s2c_pkt_diff | common_c2s_byte_num | common_s2c_byte_num | common_c2s_byte_diff | common_s2c_byte_diff | common_c2s_ipfrag_num | common_s2c_ipfrag_num | common_c2s_tcp_lostlen | common_s2c_tcp_lostlen | common_c2s_tcp_unorder_num | common_s2c_tcp_unorder_num | common_c2s_pkt_retrans | common_s2c_pkt_retrans | common_c2s_byte_retrans | common_s2c_byte_retrans | common_first_ttl | common_tcp_client_isn | common_tcp_server_isn | common_mirrored_pkts | common_mirrored_bytes | common_address_type | common_schema_type | common_device_tag | common_encapsulation | common_tunnels | common_address_list | common_has_dup_traffic | common_stream_error | common_link_info_c2s | common_link_info_s2c | common_packet_capture_file | http_url | http_host | http_domain | http_request_line | http_response_line | http_request_header | http_response_header | http_request_content | http_response_content | http_request_body | http_response_body | http_request_body_key | http_response_body_key | http_proxy_flag | http_sequence | http_snapshot | http_cookie | http_referer | http_user_agent | http_request_content_length | http_request_content_type | http_response_content_length | http_response_content_type | http_content_length | http_content_type | http_set_cookie | http_version | http_response_latency_ms | http_session_duration_ms | http_action_file_size | mail_protocol_type | mail_account | mail_to_cmd | mail_from_cmd | mail_from | mail_to | mail_cc | mail_bcc | mail_subject | mail_subject_charset | mail_content | mail_content_charset | mail_attachment_name | mail_attachment_name_charset | mail_attachment_content | mail_eml_file | mail_snapshot | dns_message_id | dns_qr | dns_opcode | dns_aa | dns_tc | dns_rd | dns_ra | dns_rcode | dns_qdcount | dns_ancount | dns_nscount | dns_arcount | dns_qname | dns_qtype | dns_qclass | dns_cname | dns_sub | dns_rr | dns_response_latency_ms | ssl_version | ssl_sni | ssl_san | ssl_cn | ssl_pinningst | ssl_intercept_state | ssl_passthrough_reason | ssl_server_side_latency | ssl_client_side_latency | ssl_server_side_version | ssl_client_side_version | ssl_cert_verify | ssl_error | ssl_con_latency_ms | ssl_ja3_fingerprint | ssl_ja3_hash | ssl_cert_issuer | ssl_cert_subject | quic_version | quic_sni | quic_user_agent | ftp_account | ftp_url | ftp_content | ftp_link_type | bgp_type | bgp_as_num | bgp_route | voip_calling_account | voip_called_account | voip_calling_number | voip_called_number | streaming_media_url | streaming_media_protocol | app_extra_info | rdp_cookie | rdp_security_protocol | rdp_client_channels | rdp_keyboard_layout | rdp_client_version | rdp_client_name | rdp_client_product_id | rdp_desktop_width | rdp_desktop_height | rdp_requested_color_depth | rdp_certificate_type | rdp_certificate_count | rdp_certificate_permanent | rdp_encryption_level | rdp_encryption_method | sip_call_id | sip_originator_description | sip_responder_description | sip_user_agent | sip_server | sip_originator_sdp_connect_ip | sip_originator_sdp_media_port | sip_originator_sdp_media_type | sip_originator_sdp_content | sip_responder_sdp_connect_ip | sip_responder_sdp_media_port | sip_responder_sdp_media_type | sip_responder_sdp_content | sip_duration_s | sip_bye | rtp_payload_type_c2s | rtp_payload_type_s2c | rtp_pcap_path | rtp_originator_dir | ssh_version | ssh_auth_success | ssh_client_version | ssh_server_version | ssh_cipher_alg | ssh_kex_alg | ssh_host_key_alg | ssh_host_key | ssh_mac_alg | ssh_compression_alg | ssh_hassh | stratum_cryptocurrency | stratum_mining_pools | stratum_mining_program |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 1679158918 | 1239433944962025547 | 297327820609719791 | 69 | 1 | 1679158881 | 1679158918 | 36158 | 167 | 1679159220 | 1679159218 | 0 | 21426007 | \N | \N | 10.225.11.4 | BOL-IGW | 0 | 0 | 196.188.33.109 | 196.188.33.109 | 43894 | Ethiopia.Other.Other | 24757 | 149.154.167.92 | 149.154.167.92 | 443 | United Kingdom.Other.Other | 62041 | {"THIRD":[{"app_name":"telegram","app_id":2240,"surrogate_id":0,"packet_sequence":3}]} | [{"app_name":"telegram","packet_sequence":3}] | telegram | UNCATEGORIZED | ETHERNET.IPv4.TCP | [] | 0 | IPv4_TCP | 1 | 3 | 0 | 3 | 0 | -8054763456257064272 | 32751 | -8054763456257064272 | 32751 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 61 | 3986015080 | 0 | 0 | 0 | 4 | BASE | {"tags":[{"tag":"device_group","value":"BOL-IGW"}]} | 0 | 0 | {"functional_ip":"10.225.11.4","thread_count":48,"relative_location":"internal","hash_dist":3,"hash_algo":0,"linkinfo":[{"type":"ethernet","src":"90:00:00:91:40:46","dst":"0a:0a:0a:0a:00:10"},{"type":"tuple4v4","sip":"10.252.22.1","dip":"10.10.0.16","sport":54789,"dport":4789},{"type":"vxlan","vlanid":0,"dir":0,"linkid":28,"linktype":0},{"type":"ethernet","src":"d4:c1:c8:98:c7:60","dst":"d4:c1:c8:8f:ac:f0"}]} | 0 | 0 | 0 | 0 | 0 | 0 | \N | \N | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | \N | \N | \N | \N | \N | 0 | 0 | 0 | 0 | 0 | 0 | 0 | \N | \N | 0 |