geedge-jira/attachment/63193/session_record.csv

1	recv_time	log_id	decoded_as	session_id	start_timestamp_ms	end_timestamp_ms	duration_ms	tcp_handshake_latency_ms	processing_time	ingestion_time	insert_time	device_id	out_link_id	in_link_id	data_center	device_group	sled_ip	address_type	direction	vsys_id	t_vsys_id	flags	flags_identify_info	security_rule_list	security_action	monitor_rule_list	sc_rule_list	statistics_rule_list	sc_rsp_raw	sc_rsp_decrypted	shaping_rule_list	proxy_rule_list	proxy_action	proxy_pinning_status	proxy_intercept_status	proxy_passthrough_reason	proxy_server_side_latency_ms	proxy_client_side_latency_ms	proxy_client_side_version	proxy_server_side_version	proxy_cert_verify	proxy_intercept_error	monitor_mirrored_pkts	monitor_mirrored_bytes	client_ip	client_port	client_os_desc	client_geolocation	client_asn	subscriber_id	imei	imsi	apn	phone_number	server_ip	server_port	server_os_desc	server_geolocation	server_asn	server_fqdn	server_domain	app_transition	app	app_content	ip_protocol	decoded_path	fqdn_category_list	sent_pkts	received_pkts	sent_bytes	received_bytes	tcp_c2s_ip_fragments	tcp_s2c_ip_fragments	tcp_c2s_lost_bytes	tcp_s2c_lost_bytes	tcp_c2s_o3_pkts	tcp_s2c_o3_pkts	tcp_c2s_rtx_pkts	tcp_s2c_rtx_pkts	tcp_c2s_rtx_bytes	tcp_s2c_rtx_bytes	tcp_rtt_ms	tcp_client_isn	tcp_server_isn	packet_capture_file	in_src_mac	out_src_mac	in_dest_mac	out_dest_mac	encapsulation	dup_traffic_flag	tunnel_endpoint_a_desc	tunnel_endpoint_b_desc	http_url	http_host	http_request_line	http_response_line	http_request_content_length	http_request_content_type	http_response_content_length	http_response_content_type	http_request_body	http_response_body	http_sequence	http_cookie	http_referer	http_user_agent	http_set_cookie	http_version	http_status_code	http_response_latency_ms	http_action_file_size	http_session_duration_ms	mail_protocol_type	mail_account	mail_from_cmd	mail_to_cmd	mail_from	mail_password	mail_to	mail_cc	mail_bcc	mail_subject	mail_subject_charset	mail_attachment_name	mail_attachment_name_charset	mail_eml_file	mail_starttls_flag	dns_message_id	dns_qr	dns_opcode	dns_aa	dns_tc	dns_rd	dns_ra	dns_rcode	dns_qdcount	dns_ancount	dns_nscount	dns_arcount	dns_qname	dns_qtype	dns_qclass	dns_cname	dns_sub	dns_rr	dns_response_latency_ms	ssl_version	ssl_sni	ssl_san	ssl_cn	ssl_handshake_latency_ms	ssl_ja3_hash	ssl_ja3s_hash	ssl_cert_issuer	ssl_cert_subject	ssl_esni_flag	ssl_ech_flag	dtls_cookie	dtls_version	dtls_sni	dtls_san	dtls_cn	dtls_handshake_latency_ms	dtls_ja3_fingerprint	dtls_ja3_hash	dtls_cert_issuer	dtls_cert_subject	quic_version	quic_sni	quic_user_agent	ftp_account	ftp_url	ftp_link_type	sip_call_id	sip_originator_description	sip_responder_description	sip_user_agent	sip_server	sip_originator_sdp_connect_ip	sip_originator_sdp_media_port	sip_originator_sdp_media_type	sip_originator_sdp_content	sip_responder_sdp_connect_ip	sip_responder_sdp_media_port	sip_responder_sdp_media_type	sip_responder_sdp_content	sip_duration_s	sip_bye	rtp_payload_type_c2s	rtp_payload_type_s2c	rtp_pcap_path	rtp_originator_dir	ssh_version	ssh_auth_success	ssh_client_version	ssh_server_version	ssh_cipher_alg	ssh_mac_alg	ssh_compression_alg	ssh_kex_alg	ssh_host_key_alg	ssh_host_key	ssh_hassh	stratum_cryptocurrency	stratum_mining_pools	stratum_mining_program	stratum_mining_subscribe	rdp_cookie	rdp_security_protocol	rdp_client_channels	rdp_keyboard_layout	rdp_client_version	rdp_client_name	rdp_client_product_id	rdp_desktop_width	rdp_desktop_height	rdp_requested_color_depth	rdp_certificate_type	rdp_certificate_count	rdp_certificate_permanent	rdp_encryption_level	rdp_encryption_method
2	2024-09-20T13:56:58+08:00	562663088076619776	BASE	290793884625329815	2024-09-20T13:53:41.035+08:00	2024-09-20T13:55:57.894+08:00	136859		2024-09-20T13:56:54+08:00	2024-09-20T13:56:58+08:00	2024-09-20T13:57:08+08:00	21426003	65535	65535			192.168.40.84	4	Inbound	1	1	57616	[1,101,12,1,218]																						209.14.68.75	59002	unknown	Brazil.Sao Paulo.Barueri..	268581						192.168.54.220	43034	unknown					QuarkVPN_Patch01.QuarkVPN_Patch04	QuarkVPN_Patch04		udp	ETHERNET.IPv4.UDP		1972	1605	2690961	208178	0	0													58:b3:8f:fa:3b:11	48:73:97:96:38:27	48:73:97:96:38:27	58:b3:8f:fa:3b:11	[{"tunnels_schema_type":"MULTIPATH_ETHERNET","c2s_source_mac":"58:b3:8f:fa:3b:11","c2s_destination_mac":"48:73:97:96:38:27","s2c_source_mac":"48:73:97:96:38:27","s2c_destination_mac":"58:b3:8f:fa:3b:11"}]	0
3	2024-09-20T13:53:45+08:00	562659857103585280	BASE	290565186204415259	2024-09-20T13:52:30.992+08:00	2024-09-20T13:52:45.469+08:00	14477		2024-09-20T13:53:42+08:00	2024-09-20T13:53:45+08:00	2024-09-20T13:54:08+08:00	21426003	65535	65535			192.168.40.84	4	Inbound	1	1	24848	[1,101,5,1]																						50.7.59.4	59001	unknown	Hong Kong.Unknown.Kai Yi Wan..	30058						192.168.54.220	49256	unknown					QuarkVPN_Patch01.QuarkVPN_Patch04	QuarkVPN_Patch04		udp	ETHERNET.IPv4.UDP		1974	964	2762150	128166	0	0													58:b3:8f:fa:3b:11	48:73:97:96:38:27	48:73:97:96:38:27	58:b3:8f:fa:3b:11	[{"tunnels_schema_type":"MULTIPATH_ETHERNET","c2s_source_mac":"58:b3:8f:fa:3b:11","c2s_destination_mac":"48:73:97:96:38:27","s2c_source_mac":"48:73:97:96:38:27","s2c_destination_mac":"58:b3:8f:fa:3b:11"}]	0
4	2024-09-20T13:44:34+08:00	562650614501736448	BASE	290723515858551837	2024-09-20T13:42:12.244+08:00	2024-09-20T13:43:34.490+08:00	82246		2024-09-20T13:44:31+08:00	2024-09-20T13:44:34+08:00	2024-09-20T13:44:37+08:00	21426003	65535	65535			192.168.40.84	4	Inbound	1	1	24784	[1,382,209,4,1]																						50.7.59.4	59001	unknown	Hong Kong.Unknown.Kai Yi Wan..	30058						192.168.54.220	50149	unknown					QuarkVPN_Patch01.QuarkVPN_Patch04	QuarkVPN_Patch04		udp	ETHERNET.IPv4.UDP		1611	1352	2125736	194484	0	0													58:b3:8f:fa:3b:11	48:73:97:96:38:27	48:73:97:96:38:27	58:b3:8f:fa:3b:11	[{"tunnels_schema_type":"MULTIPATH_ETHERNET","c2s_source_mac":"58:b3:8f:fa:3b:11","c2s_destination_mac":"48:73:97:96:38:27","s2c_source_mac":"48:73:97:96:38:27","s2c_destination_mac":"58:b3:8f:fa:3b:11"}]	0