gfwleak/galaxy-deployment-updata-record
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

22.05

Browse Source
This commit is contained in:
zhanghongqing
2022-05-09 14:03:25 +08:00
parent 8c1dd54034
commit 0a0aad5c20
20 changed files with 18357 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
TSG发布版本更新记录/TSG-22.05/Galaxy_22.05更新文档.docx Normal file
View File

Binary file not shown.

313
TSG发布版本更新记录/TSG-22.05/qgw/config/active_defence_event.json Normal file
View File

@@ -0,0 +1,313 @@
{
"type": "record",
"name": "active_defence_event",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"partition_key": "common_recv_time",
"schema_query": {
"dimensions": [
"common_policy_id",
"ad_target_ip",
"ad_cc_target_url"
],
"metrics": [
"ad_target_ip",
"ad_sent_byte_num",
"ad_sent_pkt_num",
"ad_cc_initiate_connection_num",
"ad_cc_established_connection_num",
"ad_cc_rejected_connection_num"
],
"filters": [
"common_policy_id",
"ad_target_ip",
"ad_target_port",
"ad_protocol",
"common_address_type",
"ad_sent_byte_num",
"ad_sent_pkt_num",
"ad_cc_initiate_connection_num",
"ad_cc_established_connection_num",
"ad_cc_rejected_connection_num"
]
},
"schema_type": {
"REFLECTION": {
"columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"common_address_type",
"common_device_id",
"common_egress_link_id",
"common_ingress_link_id",
"common_entrance_id",
"common_user_region",
"ad_method",
"ad_protocol",
"ad_target_ip",
"ad_target_port",
"ad_target_ip_location",
"ad_target_ip_asn",
"ad_reflector_profile_id",
"ad_sent_pkt_num",
"ad_sent_byte_num",
"ad_generate_time"
],
"default_columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"ad_target_ip",
"ad_target_port",
"ad_reflector_profile_id",
"ad_sent_pkt_num",
"ad_sent_byte_num"
]
},
"FLOOD": {
"columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"common_address_type",
"common_device_id",
"common_egress_link_id",
"common_ingress_link_id",
"common_entrance_id",
"common_user_region",
"ad_method",
"ad_protocol",
"ad_target_ip",
"ad_target_port",
"ad_target_ip_location",
"ad_target_ip_asn",
"ad_claimed_src_ip_profile_id",
"ad_sent_pkt_num",
"ad_sent_byte_num",
"ad_generate_time"
],
"default_columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"ad_target_ip",
"ad_target_port",
"ad_claimed_src_ip_profile_id",
"ad_protocol"
]
},
"CC": {
"columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"common_address_type",
"common_device_id",
"common_egress_link_id",
"common_ingress_link_id",
"common_entrance_id",
"common_user_region",
"ad_method",
"ad_protocol",
"ad_cc_target_url",
"ad_claimed_src_ip_profile_id",
"ad_cc_initiate_connection_num",
"ad_cc_established_connection_num",
"ad_cc_rejected_connection_num",
"ad_generate_time"
],
"default_columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"ad_cc_target_url",
"ad_claimed_src_ip_profile_id",
"ad_protocol"
]
}
},
"default_columns": [
"common_recv_time",
"common_log_id",
"common_policy_id",
"ad_target_ip",
"ad_target_port",
"ad_cc_target_url"
]
},
"fields": [
{
"name": "common_recv_time",
"label": "Receive Time",
"doc": {
"constraints": {
"type": "timestamp"
},
"format": {
"functions": "current_timestamp"
}
},
"type": "long"
},
{
"name": "common_log_id",
"label": "Log ID",
"doc": {
"format": {
"functions": "snowflake_id"
}
},
"type": "long"
},
{
"name": "common_policy_id",
"label": "Policy ID",
"type": "long"
},
{
"name": "common_address_type",
"label": "Address Type",
"doc": {
"data": [
{
"code": "4",
"value": "ipv4"
},
{
"code": "6",
"value": "ipv6"
}
]
},
"type": "int"
},
{
"name": "common_entrance_id",
"label": "Entrance ID",
"doc": {
"visibility": "disabled"
},
"type": "int"
},
{
"name": "common_device_id",
"label": "Device ID",
"type": "string"
},
{
"name": "common_egress_link_id",
"label": "Egress Link ID",
"doc": {
"visibility": "hidden"
},
"type": "int"
},
{
"name": "common_ingress_link_id",
"label": "Ingress Link ID",
"doc": {
"visibility": "hidden"
},
"type": "int"
},
{
"name": "common_user_region",
"label": "User Region",
"doc": {
"visibility": "hidden"
},
"type": "string"
},
{
"name": "ad_target_ip",
"label": "Target IP",
"doc": {
"constraints": {
"type": "ip"
},
"format": {
"functions": "geo_ip_country,geo_asn",
"appendTo": "ad_target_ip_location,ad_target_ip_asn"
}
},
"type": "string"
},
{
"name": "ad_target_port",
"label": "Target Port",
"type": "int"
},
{
"name": "ad_cc_target_url",
"label": "Target URL",
"type": "string"
},
{
"name": "ad_target_ip_location",
"label": "Target Location",
"type": "string"
},
{
"name": "ad_target_ip_asn",
"label": "Target ASN",
"type": "string"
},
{
"name": "ad_protocol",
"label": "Protocol",
"type": "string"
},
{
"name": "ad_method",
"label": "Method",
"type": "string"
},
{
"name": "ad_claimed_src_ip_profile_id",
"label": "Claimed Profile ID",
"type": "int"
},
{
"name": "ad_reflector_profile_id",
"label": "Reflector Profile ID",
"type": "int"
},
{
"name": "ad_sent_pkt_num",
"label": "Packets Sent",
"type": "int"
},
{
"name": "ad_sent_byte_num",
"label": "Bytes Sent",
"type": "int"
},
{
"name": "ad_cc_initiate_connection_num",
"label": "Initiate Numbers",
"type": "int"
},
{
"name": "ad_cc_established_connection_num",
"label": "Established Numbers",
"type": "int"
},
{
"name": "ad_cc_rejected_connection_num",
"label": "Rejected Numbers",
"type": "int"
},
{
"name": "ad_generate_time",
"label": "Generate Time",
"doc": {
"constraints": {
"type": "timestamp"
}
},
"type": "int"
}
]
}

87
TSG发布版本更新记录/TSG-22.05/qgw/config/assessment_event.json Normal file
View File

@@ -0,0 +1,87 @@
{
"type": "record",
"name": "assessment_event",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"partition_key": "common_recv_time",
"functions": {
"$ref": "public_schema_info.json#/functions"
}
},
"fields": [
{
"name": "common_recv_time",
"label": "Receive Time",
"doc": {
"constraints": {
"type": "timestamp"
}
},
"type": "long"
},
{
"name": "common_log_id",
"label": "Log ID",
"doc": {
"format": {
"functions": "snowflake_id"
}
},
"type": "long"
},
{
"name": "lot_number",
"label": "Lot Number",
"type": "string"
},
{
"name": "file_name",
"label": "File Name",
"type": "string"
},
{
"name": "features",
"label": "Features",
"doc": {
"visibility": "hidden"
},
"type": "string"
},
{
"name": "assessment_type",
"label": "Assessment Type",
"type": "string"
},
{
"name": "size",
"label": "Size",
"type": "long"
},
{
"name": "file_checksum_sha",
"label": "SHA256",
"type": "string"
},
{
"name": "assessment_date",
"label": "Assessment Date",
"doc": {
"constraints": {
"type": "timestamp"
}
},
"type": "long"
},
{
"name": "assessment_file",
"label": "Assessment File",
"doc": {
"constraints": {
"type": "file"
}
},
"type": "string"
}
]
}

344
TSG发布版本更新记录/TSG-22.05/qgw/config/dos_event.json Normal file
View File

@@ -0,0 +1,344 @@
{
"type": "record",
"name": "dos_event",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "log_id",
"partition_key": "start_time",
"functions": {
"aggregation": [
{
"name": "COUNT",
"label": "COUNT",
"function": "count(expr)"
},
{
"name": "COUNT_DISTINCT",
"label": "COUNT_DISTINCT",
"function": "count(distinct expr)"
},
{
"name": "AVG",
"label": "AVG",
"function": "avg(expr)"
},
{
"name": "SUM",
"label": "SUM",
"function": "sum(expr)"
},
{
"name": "MAX",
"label": "MAX",
"function": "max(expr)"
},
{
"name": "MIN",
"label": "MIN",
"function": "min(expr)"
}
],
"operator": [
{
"name": "=",
"label": "=",
"function": "expr = value"
},
{
"name": "!=",
"label": "!=",
"function": "expr != value"
},
{
"name": ">",
"label": ">",
"function": "expr > value"
},
{
"name": "<",
"label": "<",
"function": "expr < value"
},
{
"name": ">=",
"label": ">=",
"function": "expr >= value"
},
{
"name": "<=",
"label": "<=",
"function": "expr <= value"
},
{
"name": "has",
"label": "HAS",
"function": "has(expr, value)"
},
{
"name": "in",
"label": "IN",
"function": "expr in (values)"
},
{
"name": "not in",
"label": "NOT IN",
"function": "expr not in (values)"
},
{
"name": "like",
"label": "LIKE",
"function": "expr like value"
},
{
"name": "not like",
"label": "NOT LIKE",
"function": "expr not like value"
},
{
"name": "notEmpty",
"label": "NOT EMPTY",
"function": "notEmpty(expr)"
},
{
"name": "empty",
"label": "EMPTY",
"function": "empty(expr)"
}
]
},
"schema_query": {
"references": {
"aggregation": [
{
"type": "int",
"functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
},
{
"type": "long",
"functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
},
{
"type": "float",
"functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
},
{
"type": "double",
"functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
},
{
"type": "string",
"functions": "COUNT,COUNT_DISTINCT"
},
{
"type": "date",
"functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
},
{
"type": "timestamp",
"functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
}
],
"operator": [
{
"type": "int",
"functions": "=,!=,>,<,>=,<=,in,not in"
},
{
"type": "long",
"functions": "=,!=,>,<,>=,<=,in,not in"
},
{
"type": "float",
"functions": "=,!=,>,<,>=,<="
},
{
"type": "double",
"functions": "=,!=,>,<,>=,<="
},
{
"type": "string",
"functions": "=,!=,in,not in,like,not like,notEmpty,empty"
},
{
"type": "date",
"functions": "=,!=,>,<,>=,<="
},
{
"type": "timestamp",
"functions": "=,!=,>,<,>=,<="
},
{
"type": "array",
"functions": "has"
}
]
}
},
"default_columns": [
"log_id",
"attack_type",
"source_ip_list",
"destination_ip",
"severity",
"start_time",
"end_time",
"packet_rate",
"bit_rate",
"session_rate"
],
"internal_columns": [
"start_time",
"log_id",
"end_time"
]
},
"fields": [
{
"name": "start_time",
"label": "Start Time",
"doc": {
"allow_query": "false",
"constraints": {
"type": "timestamp"
}
},
"type": "long"
},
{
"name": "end_time",
"label": "End Time",
"doc": {
"allow_query": "false",
"constraints": {
"type": "timestamp"
}
},
"type": "long"
},
{
"name": "log_id",
"label": "Log ID",
"doc": {
"format": {
"functions": "snowflake_id"
}
},
"type": "long"
},
{
"name": "attack_type",
"label": "Attack Type",
"doc": {
"constraints": {
"operator_functions": "=,!="
},
"data": [
{
"code": "TCP SYN Flood",
"value": "TCP SYN Flood"
},
{
"code": "UDP Flood",
"value": "UDP Flood"
},
{
"code": "ICMP Flood",
"value": "ICMP Flood"
},
{
"code": "DNS Flood",
"value": "DNS Flood"
}
]
},
"type": "string"
},
{
"name": "severity",
"label": "Severity",
"doc": {
"constraints": {
"operator_functions": "=,!="
},
"data": [
{
"code": "Critical",
"value": "Critical"
},
{
"code": "Severe",
"value": "Severe"
},
{
"code": "Major",
"value": "Major"
},
{
"code": "Warning",
"value": "Warning"
},
{
"code": "Minor",
"value": "Minor"
}
]
},
"type": "string"
},
{
"name": "conditions",
"label": "Conditions",
"type": "string"
},
{
"name": "destination_ip",
"label": "Destination IP",
"type": "string"
},
{
"name": "destination_country",
"label": "Destination Country",
"type": "string"
},
{
"name": "source_ip_list",
"label": "Source IPs",
"type": "string"
},
{
"name": "source_country_list",
"label": "Source Countries",
"type": "string"
},
{
"name": "session_rate",
"label": "Sessions/s",
"doc": {
"constraints": {
"type": "sessions/sec"
}
},
"type": "long"
},
{
"name": "packet_rate",
"label": "Packets/s",
"doc": {
"constraints": {
"type": "packets/sec"
}
},
"type": "long"
},
{
"name": "bit_rate",
"label": "Bits/s",
"doc": {
"constraints": {
"type": "bits/sec"
}
},
"type": "long"
}
]
}

15
TSG发布版本更新记录/TSG-22.05/qgw/config/es-filter.json Normal file
View File

@@ -0,0 +1,15 @@
{
"version": "1.0",
"name": "es-Raw",
"namespace": "tsg",
"filters": [
{
"name":"@start",
"value": "cast(now() as long)/1000 -3600"
},
{
"name":"@end",
"value": "cast(now() as long)/1000"
}
]
}

1
TSG发布版本更新记录/TSG-22.05/qgw/config/es-queries-template.sql Normal file
View File

@@ -0,0 +1 @@
--Q01.empty

1193
TSG发布版本更新记录/TSG-22.05/qgw/config/gtpc_record.json Normal file
View File

File diff suppressed because it is too large Load Diff

2382
TSG发布版本更新记录/TSG-22.05/qgw/config/interim_session_record.json Normal file
View File

File diff suppressed because it is too large Load Diff

1665
TSG发布版本更新记录/TSG-22.05/qgw/config/proxy_event.json Normal file
View File

File diff suppressed because it is too large Load Diff

2230
TSG发布版本更新记录/TSG-22.05/qgw/config/public_schema_info.json Normal file
View File

File diff suppressed because it is too large Load Diff

37
TSG发布版本更新记录/TSG-22.05/qgw/config/radius_onff_log.json Normal file
View File

@@ -0,0 +1,37 @@
{
"type": "record",
"name": "radius_onff_log",
"namespace": "tsg_galaxy_v3",
"fields": [
{
"name": "event_timestamp",
"label": "Event Time",
"type": "long"
},
{
"name": "account",
"label": "Account",
"type": "string"
},
{
"name": "framed_ip",
"label": "Framed IP",
"type": "string"
},
{
"name": "acct_session_id",
"label": "Acct Session ID",
"type": "string"
},
{
"name": "acct_status_type",
"label": "Acct Status Type",
"type": "int"
},
{
"name": "acct_session_time",
"label": "Acct Session Time",
"type": "int"
}
]
}

1289
TSG发布版本更新记录/TSG-22.05/qgw/config/radius_record.json Normal file
View File

File diff suppressed because it is too large Load Diff

2458
TSG发布版本更新记录/TSG-22.05/qgw/config/security_event.json Normal file
View File

File diff suppressed because it is too large Load Diff

2396
TSG发布版本更新记录/TSG-22.05/qgw/config/session_record.json Normal file
View File

File diff suppressed because it is too large Load Diff

71
TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_client_ip.json Normal file
View File

@@ -0,0 +1,71 @@
{
"type": "record",
"name": "session_record_common_client_ip",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"index_key": "common_client_ip"
},
"fields": [
{
"name": "common_log_id",
"type": "long"
},
{
"name": "common_recv_time",
"type": "long"
},
{
"name": "common_server_ip",
"type": "string"
},
{
"name": "common_client_ip",
"type": "string"
},
{
"name": "common_sled_ip",
"type": "string"
},
{
"name": "common_entrance_id",
"type": "int"
},
{
"name": "common_subscriber_id",
"type": "string"
},
{
"name": "common_stream_trace_id",
"type": "long"
},
{
"name": "common_schema_type",
"type": "string"
},
{
"name": "common_client_port",
"type": "int"
},
{
"name": "common_server_port",
"type": "int"
},
{
"name": "common_app_label",
"type": "string"
},
{
"name": "common_direction",
"type": "int"
},
{
"name": "http_domain",
"type": "string"
},
{
"name": "ssl_sni",
"type": "string"
}
]
}

71
TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_server_ip.json Normal file
View File

@@ -0,0 +1,71 @@
{
"type": "record",
"name": "session_record_common_server_ip",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"index_key": "common_server_ip"
},
"fields": [
{
"name": "common_log_id",
"type": "long"
},
{
"name": "common_recv_time",
"type": "long"
},
{
"name": "common_server_ip",
"type": "string"
},
{
"name": "common_client_ip",
"type": "string"
},
{
"name": "common_sled_ip",
"type": "string"
},
{
"name": "common_entrance_id",
"type": "int"
},
{
"name": "common_subscriber_id",
"type": "string"
},
{
"name": "common_stream_trace_id",
"type": "long"
},
{
"name": "common_schema_type",
"type": "string"
},
{
"name": "common_client_port",
"type": "int"
},
{
"name": "common_server_port",
"type": "int"
},
{
"name": "common_app_label",
"type": "string"
},
{
"name": "common_direction",
"type": "int"
},
{
"name": "http_domain",
"type": "string"
},
{
"name": "ssl_sni",
"type": "string"
}
]
}

71
TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_http_domain.json Normal file
View File

@@ -0,0 +1,71 @@
{
"type": "record",
"name": "session_record_http_domain",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"index_key": "http_domain"
},
"fields": [
{
"name": "common_log_id",
"type": "long"
},
{
"name": "common_recv_time",
"type": "long"
},
{
"name": "common_server_ip",
"type": "string"
},
{
"name": "common_client_ip",
"type": "string"
},
{
"name": "common_sled_ip",
"type": "string"
},
{
"name": "common_entrance_id",
"type": "int"
},
{
"name": "common_subscriber_id",
"type": "string"
},
{
"name": "common_stream_trace_id",
"type": "long"
},
{
"name": "common_schema_type",
"type": "string"
},
{
"name": "common_client_port",
"type": "int"
},
{
"name": "common_server_port",
"type": "int"
},
{
"name": "common_app_label",
"type": "string"
},
{
"name": "common_direction",
"type": "int"
},
{
"name": "http_domain",
"type": "string"
},
{
"name": "ssl_sni",
"type": "string"
}
]
}

819
TSG发布版本更新记录/TSG-22.05/qgw/config/sys_packet_capture_event.json Normal file
View File

@@ -0,0 +1,819 @@
{
"type": "record",
"name": "sys_packet_capture_event",
"namespace": "tsg_galaxy_v3",
"doc": {
"primary_key": "common_log_id",
"partition_key": "common_recv_time"
},
"fields": [
{
"name": "common_recv_time",
"type": "long",
"doc": {
"constraints": {
"type": "timestamp"
},
"format": {
"functions": "current_timestamp"
}
},
"label": "Receive Time"
},
{
"name": "common_log_id",
"type": "long",
"doc": {
"format": {
"functions": "snowflake_id"
}
},
"label": "Log ID"
},
{
"name": "common_policy_id",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Policy ID"
},
{
"name": "common_subscriber_id",
"type": "string",
"label": "Subscriber ID"
},
{
"name": "common_imei",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "IMEI"
},
{
"name": "common_imsi",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "IMSI"
},
{
"name": "common_phone_number",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "Phone Number"
},
{
"name": "common_client_ip",
"type": "string",
"doc": {
"constraints": {
"type": "ip"
}
},
"label": "Client IP"
},
{
"name": "common_internal_ip",
"type": "string",
"doc": {
"constraints": {
"type": "ip"
}
},
"label": "Internal IP"
},
{
"name": "common_client_port",
"type": "int",
"label": "Client Port"
},
{
"name": "common_l4_protocol",
"type": "string",
"label": "L4 Protocol"
},
{
"name": "common_address_type",
"type": "int",
"doc": {
"data": [
{
"code": "4",
"value": "ipv4"
},
{
"code": "6",
"value": "ipv6"
}
]
},
"label": "Address Type"
},
{
"name": "common_server_ip",
"type": "string",
"doc": {
"constraints": {
"type": "ip"
}
},
"label": "Server IP"
},
{
"name": "common_server_port",
"type": "int",
"label": "Server Port"
},
{
"name": "common_external_ip",
"type": "string",
"doc": {
"constraints": {
"type": "ip"
}
},
"label": "External IP"
},
{
"name": "common_action",
"type": "int",
"doc": {
"data": [
{
"code": "0",
"value": "None"
},
{
"code": "1",
"value": "Monitor"
},
{
"code": "2",
"value": "Intercept"
},
{
"code": "16",
"value": "Deny"
},
{
"code": "128",
"value": "Allow"
}
]
},
"label": "Action"
},
{
"name": "common_direction",
"type": "int",
"doc": {
"data": [
{
"code": "69",
"value": "outbound"
},
{
"code": "73",
"value": "inbound"
}
]
},
"label": "Direction"
},
{
"name": "common_entrance_id",
"type": "int",
"doc": {
"visibility": "disabled"
},
"label": "Entrance ID"
},
{
"name": "common_sled_ip",
"type": "string",
"doc": {
"constraints": {
"type": "ip"
}
},
"label": "Sled IP"
},
{
"name": "common_client_location",
"type": "string",
"label": "Client Location"
},
{
"name": "common_client_asn",
"type": "string",
"label": "Client ASN"
},
{
"name": "common_server_location",
"type": "string",
"label": "Server Location"
},
{
"name": "common_server_asn",
"type": "string",
"label": "Server ASN"
},
{
"name": "common_sessions",
"type": "long",
"label": "Sessions"
},
{
"name": "common_c2s_pkt_num",
"type": "long",
"label": "Packets Sent"
},
{
"name": "common_s2c_pkt_num",
"type": "long",
"label": "Packets Received"
},
{
"name": "common_c2s_byte_num",
"type": "long",
"label": "Bytes Sent"
},
{
"name": "common_s2c_byte_num",
"type": "long",
"label": "Bytes Received"
},
{
"name": "common_c2s_pkt_diff",
"label": "Packets Sent(Diff)",
"type": "long"
},
{
"name": "common_s2c_pkt_diff",
"label": "Packets Received(Diff)",
"type": "long"
},
{
"name": "common_c2s_byte_diff",
"label": "Bytes Sent(Diff)",
"type": "long"
},
{
"name": "common_s2c_byte_diff",
"label": "Bytes Received(Diff)",
"type": "long"
},
{
"name": "common_service",
"type": "int",
"doc": {
"visibility": "disabled"
},
"label": "Service"
},
{
"name": "common_schema_type",
"type": "string",
"doc": {
"data": [
{
"code": "BASE",
"value": "BASE"
},
{
"code": "HTTP",
"value": "HTTP"
},
{
"code": "MAIL",
"value": "MAIL"
},
{
"code": "DNS",
"value": "DNS"
},
{
"code": "SSL",
"value": "SSL"
},
{
"code": "FTP",
"value": "FTP"
}
],
"visibility": "hidden"
},
"label": "Schema Type"
},
{
"name": "common_user_tags",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "User Tags"
},
{
"name": "common_sub_action",
"type": "string",
"doc": {
"data": [
{
"code": "allow",
"value": "Allow"
},
{
"code": "deny",
"value": "Deny"
},
{
"code": "monitor",
"value": "Monitor"
},
{
"code": "replace",
"value": "Replace"
},
{
"code": "redirect",
"value": "Redirect"
},
{
"code": "insert",
"value": "Insert"
},
{
"code": "hijack",
"value": "Hijack"
}
],
"visibility": "hidden"
},
"label": "Sub Action"
},
{
"name": "common_user_region",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "User Region"
},
{
"name": "common_device_id",
"type": "string",
"label": "Device ID"
},
{
"name": "common_egress_link_id",
"label": "Egress Link ID",
"doc": {
"visibility": "hidden"
},
"type": "int"
},
{
"name": "common_ingress_link_id",
"label": "Ingress Link ID",
"doc": {
"visibility": "hidden"
},
"type": "int"
},
{
"name": "common_isp",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "ISP"
},
{
"name": "common_device_tag",
"type": "string",
"doc": {
"visibility": "hidden",
"format": {
"functions": "flattenSpec,flattenSpec",
"appendTo": "common_data_center,common_device_group",
"param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
}
},
"label": "Device Tag"
},
{
"name": "common_data_center",
"label": "Data Center",
"doc": {
"constraints": {
"operator_functions": "=,!="
},
"data": {
"$ref": "device_tag.json#",
"key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
"value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
}
},
"type": "string"
},
{
"name": "common_device_group",
"label": "Device Group",
"doc": {
"constraints": {
"operator_functions": "=,!="
},
"data": {
"$ref": "device_tag.json#",
"key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
"value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
}
},
"type": "string"
},
{
"name": "common_app_behavior",
"label": "Application Behavior",
"doc": {
"visibility": "hidden"
},
"type": "string"
},
{
"name": "common_encapsulation",
"type": "int",
"doc": {
"data": [
{
"code": "0",
"value": "Ethernet"
},
{
"code": "8",
"value": "PPP"
},
{
"code": "12",
"value": "CiscoHDLC"
}
]
},
"label": "Encapsulation"
},
{
"name": "common_app_label",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "Application Label"
},
{
"name": "common_tunnels",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "Tunnels"
},
{
"name": "common_protocol_label",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "Protocol Label"
},
{
"name": "common_app_id",
"type": "string",
"label": "Application ID",
"doc": {
"visibility": "hidden"
}
},
{
"name": "common_userdefine_app_name",
"label": "User Define APP Name",
"type": "string",
"doc": {
"visibility": "hidden"
}
},
{
"name": "common_app_surrogate_id",
"type": "string",
"label": "Surrogate ID",
"doc": {
"visibility": "hidden"
}
},
{
"name": "common_l7_protocol",
"type": "string",
"label": "L7 Protocol"
},
{
"name": "common_service_category",
"label": "FQDN Category",
"type": {
"type": "array",
"items": "int"
}
},
{
"name": "common_start_time",
"type": "long",
"doc": {
"constraints": {
"type": "timestamp"
},
"visibility": "hidden"
},
"label": "Start Time"
},
{
"name": "common_end_time",
"type": "long",
"doc": {
"constraints": {
"type": "timestamp"
},
"visibility": "hidden"
},
"label": "End Time"
},
{
"name": "common_establish_latency_ms",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Establish Latency(ms)"
},
{
"name": "common_con_duration_ms",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Duration(ms)"
},
{
"name": "common_stream_dir",
"type": "int",
"doc": {
"data": [
{
"code": "1",
"value": "c2s"
},
{
"code": "2",
"value": "s2c"
},
{
"code": "3",
"value": "double"
}
]
},
"label": "Stream Direction"
},
{
"name": "common_address_list",
"type": "string",
"doc": {
"visibility": "disabled"
},
"label": "Address List"
},
{
"name": "common_has_dup_traffic",
"type": "int",
"doc": {
"data": [
{
"code": "0",
"value": "No"
},
{
"code": "1",
"value": "Yes"
}
],
"visibility": "hidden"
},
"label": "Duplication Traffic"
},
{
"name": "common_stream_error",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "Stream Error"
},
{
"name": "common_stream_trace_id",
"type": "long",
"label": "Session ID"
},
{
"name": "common_link_info_c2s",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "Link Info(c2s)"
},
{
"name": "common_link_info_s2c",
"type": "string",
"doc": {
"visibility": "hidden"
},
"label": "Link Info(s2c)"
},
{
"name": "common_packet_capture_file",
"label": "Packet Capture File",
"doc": {
"visibility": "hidden",
"constraints": {
"type": "file"
}
},
"type": "string"
},
{
"name": "common_c2s_ipfrag_num",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Fragmentation Packets(c2s)"
},
{
"name": "common_s2c_ipfrag_num",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Fragmentation Packets(s2c)"
},
{
"name": "common_c2s_tcp_lostlen",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Sequence Gap Loss(c2s)"
},
{
"name": "common_s2c_tcp_lostlen",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Sequence Gap Loss(s2c)"
},
{
"name": "common_c2s_tcp_unorder_num",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Unorder Packets(c2s)"
},
{
"name": "common_s2c_tcp_unorder_num",
"type": "long",
"doc": {
"visibility": "hidden"
},
"label": "Unorder Packets(s2c)"
},
{
"name": "common_c2s_pkt_retrans",
"type": "long",
"label": "Packet Retransmission(c2s)"
},
{
"name": "common_s2c_pkt_retrans",
"type": "long",
"label": "Packet Retransmission(s2c)"
},
{
"name": "common_c2s_byte_retrans",
"type": "long",
"label": "Byte Retransmission(c2s)"
},
{
"name": "common_s2c_byte_retrans",
"type": "long",
"label": "Byte Retransmission(s2c)"
},
{
"name": "common_tcp_client_isn",
"label": "TCP Client ISN",
"doc": {
"visibility": "disabled"
},
"type": "long"
},
{
"name": "common_tcp_server_isn",
"label": "TCP Server ISN",
"doc": {
"visibility": "disabled"
},
"type": "long"
},
{
"name": "common_first_ttl",
"type": "int",
"doc": {
"visibility": "hidden"
},
"label": "First TTL"
},
{
"name": "common_processing_time",
"type": "long",
"doc": {
"constraints": {
"type": "timestamp"
},
"format": {
"functions": "current_timestamp"
}
},
"label": "Processing Time"
},
{
"name": "common_ingestion_time",
"label": "Ingestion Time",
"doc": {
"constraints": {
"type": "timestamp"
},
"format": {
"functions": "ingestion_time"
}
},
"type": "long"
},
{
"name": "common_mirrored_pkts",
"label": "Mirrored Packets",
"type": "long",
"doc": {
"visibility": "hidden"
}
},
{
"name": "common_mirrored_bytes",
"label": "Mirrored Bytes",
"type": "long",
"doc": {
"visibility": "hidden"
}
},
{
"name": "nic_name",
"type": "string",
"label": "Nic Name"
},
{
"name": "origin_source_mac",
"type": "string",
"label": "Origin Source Mac"
},
{
"name": "origin_dest_mac",
"type": "string",
"label": "Origin Dest Mac"
},
{
"name": "packet_url",
"type": "string",
"label": "Packet URL"
},
{
"name": "pcap_storage_task_id",
"type": "int",
"label": "Task ID"
},
{
"name": "pcap_storage_duration",
"type": "int",
"label": "Duration"
}
]
}

1519
TSG发布版本更新记录/TSG-22.05/qgw/config/transaction_record.json Normal file
View File

File diff suppressed because it is too large Load Diff

1396
TSG发布版本更新记录/TSG-22.05/qgw/config/voip_record.json Normal file
View File

File diff suppressed because it is too large Load Diff