diff --git a/TSG-21.03/.gitkeep b/TSG-21.03/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/TSG-21.03/Clickhouse/.gitkeep b/TSG-21.03/Clickhouse/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/TSG-21.03/网关/connection_record_log.avsc b/TSG-21.03/网关/connection_record_log.avsc new file mode 100644 index 0000000..461aa5f --- /dev/null +++ b/TSG-21.03/网关/connection_record_log.avsc @@ -0,0 +1,963 @@ +{ + "type": "record", + "name": "connection_record_log", + "namespace": "tsg_galaxy_v3", + "doc": "{\"primary_key\":\"common_log_id\",\"partition_key\":\"common_recv_time\",\"index_table\":\"connection_record_log_common_client_ip,connection_record_log_common_server_ip,connection_record_log_common_subscriber_id,connection_record_log_http_domain\",\"functions\":{\"aggregation\":[{\"name\":\"COUNT\",\"function\":\"count(expr)\"},{\"name\":\"COUNT_DISTINCT\",\"function\":\"count(distinct expr)\"},{\"name\":\"AVG\",\"function\":\"avg(expr)\"},{\"name\":\"SUM\",\"function\":\"sum(expr)\"},{\"name\":\"MAX\",\"function\":\"max(expr)\"},{\"name\":\"MIN\",\"function\":\"min(expr)\"}],\"operator\":[{\"name\":\"=\",\"function\":\"expr = value\"},{\"name\":\"!=\",\"function\":\"expr != value\"},{\"name\":\">\",\"function\":\"expr > value\"},{\"name\":\"<\",\"function\":\"expr < value\"},{\"name\":\">=\",\"function\":\"expr >= value\"},{\"name\":\"<=\",\"function\":\"expr <= value\"},{\"name\":\"in\",\"function\":\"expr in (values)\"},{\"name\":\"not in\",\"function\":\"expr not in (values)\"},{\"name\":\"like\",\"function\":\"expr like value\"},{\"name\":\"not like\",\"function\":\"expr not like value\"},{\"name\":\"not empty\",\"function\":\"notEmpty(expr)\"},{\"name\":\"empty\",\"function\":\"empty(expr)\"}]},\"schema_query\":{\"dimensions\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_sled_ip\",\"common_device_id\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_client_port\",\"common_server_port\",\"common_schema_type\",\"common_l4_protocol\",\"common_l7_protocol\",\"common_data_center\",\"common_client_asn\",\"common_server_asn\",\"common_start_time\",\"common_end_time\",\"http_host\",\"http_domain\",\"http_url\",\"ssl_sni\",\"ssl_ja3_hash\"],\"metrics\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_subscriber_id\",\"common_sled_ip\",\"common_device_id\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_sessions\",\"common_con_duration_ms\",\"common_establish_latency_ms\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"http_host\",\"http_domain\",\"http_url\",\"ssl_sni\",\"ssl_ja3_hash\"],\"filters\":[\"common_address_type\",\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_client_port\",\"common_server_port\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_l4_protocol\",\"common_l7_protocol\",\"common_stream_dir\",\"common_direction\",\"common_data_center\",\"common_sled_ip\",\"common_device_id\",\"common_schema_type\",\"common_client_asn\",\"common_server_asn\",\"common_start_time\",\"common_end_time\",\"common_con_duration_ms\",\"common_establish_latency_ms\",\"http_host\",\"http_domain\",\"http_url\",\"ssl_sni\",\"ssl_ja3_hash\"],\"references\":{\"aggregation\":[{\"type\":\"int\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"long\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"float\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"double\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"string\",\"functions\":\"COUNT,COUNT_DISTINCT\"},{\"type\":\"date\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"},{\"type\":\"timestamp\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"}],\"operator\":[{\"type\":\"int\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"long\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"float\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"double\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"string\",\"functions\":\"=,!=,in,not in,like,not like,not empty,empty\"},{\"type\":\"date\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"timestamp\",\"functions\":\"=,!=,>,<,>=,<=\"}]}},\"schema_type\":{\"BASE\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\"]},\"HTTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"http_url\",\"http_host\",\"http_domain\",\"http_request_line\",\"http_response_line\",\"http_request_header\",\"http_response_header\",\"http_request_body\",\"http_response_body\",\"http_request_body_key\",\"http_response_body_key\",\"http_proxy_flag\",\"http_sequence\",\"http_snapshot\",\"http_cookie\",\"http_referer\",\"http_user_agent\",\"http_content_length\",\"http_content_type\",\"http_set_cookie\",\"http_version\",\"http_response_lantency_ms\",\"http_session_duration_ms\",\"http_action_file_size\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"http_url\",\"common_server_port\"]},\"MAIL\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"mail_protocol_type\",\"mail_account\",\"mail_from_cmd\",\"mail_to_cmd\",\"mail_from\",\"mail_to\",\"mail_cc\",\"mail_bcc\",\"mail_subject\",\"mail_subject_charset\",\"mail_content\",\"mail_content_charset\",\"mail_attachment_name\",\"mail_attachment_name_charset\",\"mail_attachment_content\",\"mail_eml_file\",\"mail_snapshot\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"mail_from\",\"mail_to\",\"mail_subject\"]},\"DNS\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"dns_message_id\",\"dns_qr\",\"dns_opcode\",\"dns_aa\",\"dns_tc\",\"dns_rd\",\"dns_ra\",\"dns_rcode\",\"dns_qdcount\",\"dns_ancount\",\"dns_nscount\",\"dns_arcount\",\"dns_qname\",\"dns_qtype\",\"dns_qclass\",\"dns_cname\",\"dns_sub\",\"dns_rr\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_client_ip\",\"dns_qr\",\"dns_qname\",\"dns_qtype\"]},\"SSL\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"ssl_sni\",\"ssl_san\",\"ssl_cn\",\"ssl_pinningst\",\"ssl_intercept_state\",\"ssl_server_side_latency\",\"ssl_client_side_latency\",\"ssl_server_side_version\",\"ssl_client_side_version\",\"ssl_cert_verify\",\"ssl_error\",\"ssl_con_latency_ms\",\"ssl_ja3_fingerprint\",\"ssl_ja3_hash\",\"ssl_cert_issuer\",\"ssl_cert_subject\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"ssl_sni\",\"common_server_ip\",\"common_server_port\"]},\"QUIC\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"quic_version\",\"quic_sni\",\"quic_user_agent\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"quic_sni\",\"common_server_ip\",\"common_server_port\"]},\"FTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"ftp_account\",\"ftp_url\",\"ftp_content\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"ftp_url\",\"common_server_ip\",\"common_server_port\"]},\"BGP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"bgp_type\",\"bgp_as_num\",\"bgp_route\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"bgp_type\",\"bgp_as_num\",\"common_server_ip\",\"common_server_port\"]},\"VOIP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"voip_calling_account\",\"voip_called_account\",\"voip_calling_number\",\"voip_called_number\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"voip_calling_account\",\"voip_called_account\",\"common_server_ip\",\"common_server_port\"]},\"SIP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"sip_call_id\",\"sip_from\",\"sip_to\",\"sip_user_agent\",\"sip_server\",\"sip_from_sdp_connect_ip\",\"sip_from_sdp_media_port\",\"sip_from_sdp_media_type\",\"sip_from_sdp_content\",\"sip_to_sdp_connect_ip\",\"sip_to_sdp_media_port\",\"sip_to_sdp_media_type\",\"sip_to_sdp_content\",\"sip_duration\",\"sip_bye\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"sip_from\",\"sip_from\",\"sip_call_id\",\"common_server_ip\",\"common_server_port\"]},\"RTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"rtp_payload_type_c2s\",\"rtp_payload_type_s2c\",\"rtp_pcap_dir_c2s\",\"rtp_pcap_dir_s2c\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\",\"rtp_pcap_dir_c2s\",\"rtp_pcap_dir_s2c\"]},\"APP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"app_extra_info\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_app_id\",\"common_app_label\",\"app_extra_info\",\"common_server_ip\",\"common_server_port\"]}},\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\",\"common_schema_type\"]}", + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_log_id", + "label": "Log ID", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"snowflake_id\"}}" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn,radius_match\",\"appendTo\":\"common_client_asn,common_subscriber_id\"}}" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=69,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_client_port", + "label": "Client Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"4\",\"value\":\"ipv4\"},{\"code\":\"6\",\"value\":\"ipv6\"}]}" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn\",\"appendTo\":\"common_server_asn\"}}" + }, + { + "name": "common_server_port", + "label": "Server Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_external_ip", + "label": "External IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=73,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_action", + "label": "Action", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"None\"},{\"code\":\"1\",\"value\":\"Monitor\"},{\"code\":\"2\",\"value\":\"Intercept\"},{\"code\":\"16\",\"value\":\"Deny\"},{\"code\":\"128\",\"value\":\"Allow\"}]}" + }, + { + "name": "common_direction", + "label": "Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"69\",\"value\":\"outbound\"},{\"code\":\"73\",\"value\":\"inbound\"}]}" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"}}" + }, + { + "name": "common_client_location", + "label": "Client Location", + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"BASE\",\"value\":\"BASE\"},{\"code\":\"MAIL\",\"value\":\"MAIL\"},{\"code\":\"DNS\",\"value\":\"DNS\"},{\"code\":\"HTTP\",\"value\":\"HTTP\"},{\"code\":\"SSL\",\"value\":\"SSL\"},{\"code\":\"SIP\",\"value\":\"SIP\"},{\"code\":\"RTP\",\"value\":\"RTP\"},{\"code\":\"APP\",\"value\":\"APP\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_device_id", + "label": "Device ID", + "type": "string" + }, + { + "name": "common_link_id", + "label": "Link ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_isp", + "label": "ISP", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_data_center", + "label": "Data Center", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"Nur-sultan\",\"value\":\"Nur-sultan\"},{\"code\":\"Aktau\",\"value\":\"Aktau\"},{\"code\":\"Aktubinsk\",\"value\":\"Aktubinsk\"},{\"code\":\"Almaty\",\"value\":\"Almaty\"},{\"code\":\"Atyrau\",\"value\":\"Atyrau\"},{\"code\":\"Karaganda\",\"value\":\"Karaganda\"},{\"code\":\"Kokshetau\",\"value\":\"Kokshetau\"},{\"code\":\"Kostanay\",\"value\":\"Kostanay\"},{\"code\":\"Kyzylorda\",\"value\":\"Kyzylorda\"},{\"code\":\"Pavlodar\",\"value\":\"Pavlodar\"},{\"code\":\"Petropavl\",\"value\":\"Petropavl\"},{\"code\":\"Semey\",\"value\":\"Semey\"},{\"code\":\"Shymkent\",\"value\":\"Shymkent\"},{\"code\":\"Taldykurgan\",\"value\":\"Taldykurgan\"},{\"code\":\"Taraz\",\"value\":\"Taraz\"},{\"code\":\"Uralsk\",\"value\":\"Uralsk\"},{\"code\":\"Ust-Kamenogorsk\",\"value\":\"Ust-Kamenogorsk\"},{\"code\":\"Zhezkazgan\",\"value\":\"Zhezkazgan\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Ethernet\"},{\"code\":\"8\",\"value\":\"PPP\"},{\"code\":\"12\",\"value\":\"CiscoHDLC\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_label", + "label": "Application Label", + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "int" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "int" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string" + }, + { + "name": "common_start_time", + "label": "Start Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_end_time", + "label": "End Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"get_value\",\"appendTo\":\"common_recv_time\"}}" + }, + { + "name": "common_establish_latency_ms", + "label": "Establish Latency(ms)", + "type": "int" + }, + { + "name": "common_con_duration_ms", + "label": "Duration(ms)", + "type": "int" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"allow_query\":\"true\",\"data\":[{\"code\":\"1\",\"value\":\"c2s\"},{\"code\":\"2\",\"value\":\"s2c\"},{\"code\":\"3\",\"value\":\"double\"}]}" + }, + { + "name": "common_address_list", + "label": "Address List", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info(c2s)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info(s2c)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets(c2s)", + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets(s2c)", + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss(c2s)", + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss(s2c)", + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unorder Packets(c2s)", + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unorder Packets(s2c)", + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"current_timestamp\"}}", + "type": "long" + }, + { + "name": "http_url", + "label": "Http.URL", + "type": "string" + }, + { + "name": "http_host", + "label": "Http.Host", + "type": "string", + "doc": "{\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "http_domain", + "label": "Http.Domain", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "http_request_line", + "label": "Http.Request Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_line", + "label": "Http.Response Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_request_header", + "label": "Http.Request Headers", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_response_header", + "label": "Http.Response Headers", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_request_body", + "label": "Http.Request Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"},\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_body", + "label": "Http.Response Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"},\"visibility\":\"disabled\"}" + }, + { + "name": "http_request_body_key", + "label": "Http.Request Body Key", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_body_key", + "label": "Http.Response Body Key", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_proxy_flag", + "label": "Http.Proxy Flag", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_sequence", + "label": "Http.Sequence", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_snapshot", + "label": "Http.Snapshot", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_cookie", + "label": "Http.Cookie", + "type": "string" + }, + { + "name": "http_referer", + "label": "Http.Referer", + "type": "string" + }, + { + "name": "http_user_agent", + "label": "Http.User Agent", + "type": "string" + }, + { + "name": "http_content_length", + "label": "Http.Content Length", + "type": "string" + }, + { + "name": "http_content_type", + "label": "Http.Content Type", + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "Http.Set Cookie", + "type": "string" + }, + { + "name": "http_version", + "label": "Http.Version", + "type": "string" + }, + { + "name": "http_response_lantency_ms", + "label": "Http.Response Latency(ms)", + "type": "int" + }, + { + "name": "http_session_duration_ms", + "label": "Http.Session Duration(ms)", + "type": "int" + }, + { + "name": "http_action_file_size", + "label": "Http.Action File Size", + "type": "int" + }, + { + "name": "mail_protocol_type", + "label": "Mail.Protocol Type", + "type": "string" + }, + { + "name": "mail_account", + "label": "Mail.Account", + "type": "string" + }, + { + "name": "mail_from_cmd", + "label": "Mail.From CMD", + "type": "string" + }, + { + "name": "mail_to_cmd", + "label": "Mail.To CMD", + "type": "string" + }, + { + "name": "mail_from", + "label": "Mail.From", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"email\"}}" + }, + { + "name": "mail_to", + "label": "Mail.To", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"email\"}}" + }, + { + "name": "mail_cc", + "label": "Mail.CC", + "type": "string" + }, + { + "name": "mail_bcc", + "label": "Mail.BCC", + "type": "string" + }, + { + "name": "mail_subject", + "label": "Mail.Subject", + "type": "string", + "doc": "{\"format\":{\"functions\":\"decode_of_base64\",\"param\":\"$.mail_subject_charset\"}}" + }, + { + "name": "mail_subject_charset", + "label": "Mail.Subject Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_content", + "label": "Mail.Content", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_content_charset", + "label": "Mail.Content Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_attachment_name", + "label": "Mail.Attachment", + "type": "string", + "doc": "{\"format\":{\"functions\":\"decode_of_base64\",\"param\":\"$.mail_attachment_name_charset\"}}" + }, + { + "name": "mail_attachment_name_charset", + "label": "Mail.Attachment Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_attachment_content", + "label": "Mail.Attachment Content", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_eml_file", + "label": "Mail.EML File", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"}}" + }, + { + "name": "mail_snapshot", + "label": "Mail.Snapshot", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "dns_message_id", + "label": "Dns.Message ID", + "type": "int" + }, + { + "name": "dns_qr", + "label": "Dns.QR", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"REESPONSE\"}]}" + }, + { + "name": "dns_opcode", + "label": "Dns.OPCODE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"IQUERY\"},{\"code\":\"2\",\"value\":\"STATUS\"},{\"code\":\"5\",\"value\":\"UPDATE\"}]}" + }, + { + "name": "dns_aa", + "label": "Dns.AA", + "type": "int" + }, + { + "name": "dns_tc", + "label": "Dns.TC", + "type": "int" + }, + { + "name": "dns_rd", + "label": "Dns.RD", + "type": "int" + }, + { + "name": "dns_ra", + "label": "Dns.RA", + "type": "int" + }, + { + "name": "dns_rcode", + "label": "Dns.RCODE", + "type": "int" + }, + { + "name": "dns_qdcount", + "label": "Dns.QDCOUNT", + "type": "int" + }, + { + "name": "dns_ancount", + "label": "Dns.ANCOUNT", + "type": "int" + }, + { + "name": "dns_nscount", + "label": "Dns.NSCOUNT", + "type": "int" + }, + { + "name": "dns_arcount", + "label": "Dns.ARCOUNT", + "type": "int" + }, + { + "name": "dns_qname", + "label": "Dns.QNAME", + "type": "string" + }, + { + "name": "dns_qtype", + "label": "Dns.QTYPE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"A\"},{\"code\":\"2\",\"value\":\"NS\"},{\"code\":\"5\",\"value\":\"CNAME\"},{\"code\":\"6\",\"value\":\"SOA\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"12\",\"value\":\"PTR\"},{\"code\":\"13\",\"value\":\"HINFO\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"15\",\"value\":\"MX\"},{\"code\":\"28\",\"value\":\"AAAA\"}]}" + }, + { + "name": "dns_qclass", + "label": "Dns.QCLASS", + "type": "int" + }, + { + "name": "dns_cname", + "label": "Dns.CNAME", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "dns_sub", + "label": "Dns.SUB", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"DNS\"},{\"code\":\"2\",\"value\":\"DNSSEC\"}]}" + }, + { + "name": "dns_rr", + "label": "Dns.RR", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "type": "string" + }, + { + "name": "ssl_pinningst", + "label": "SSL.Pinning", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Not Pinning\"},{\"code\":\"1\",\"value\":\"Pinning\"},{\"code\":\"2\",\"value\":\"Maybe Pinning\"}]}" + }, + { + "name": "ssl_intercept_state", + "label": "SSL.Intercept State", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Passthrough\"},{\"code\":\"1\",\"value\":\"Intercept\"},{\"code\":\"2\",\"value\":\"Shutdown\"}]}" + }, + { + "name": "ssl_server_side_latency", + "label": "SSL.Server Side Latency(ms)", + "type": "int" + }, + { + "name": "ssl_client_side_latency", + "label": "SSL.Client Side Latency(ms)", + "type": "int" + }, + { + "name": "ssl_server_side_version", + "label": "SSL.Server Side Version", + "type": "string" + }, + { + "name": "ssl_client_side_version", + "label": "SSL.Client Side Version", + "type": "string" + }, + { + "name": "ssl_cert_verify", + "label": "SSL.Certificate Verify", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}]}" + }, + { + "name": "ssl_error", + "label": "SSL.Error", + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Connection Latency(ms)", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "type": "string" + }, + { + "name": "quic_version", + "label": "Quic.Version", + "type": "string" + }, + { + "name": "quic_sni", + "label": "Quic.SNI", + "type": "string", + "doc": "{\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "quic_user_agent", + "label": "Quic.User Agent", + "type": "string" + }, + { + "name": "ftp_account", + "label": "Ftp.Account", + "type": "string" + }, + { + "name": "ftp_url", + "label": "Ftp.URL", + "type": "string" + }, + { + "name": "ftp_content", + "label": "Ftp.Content", + "type": "string" + }, + { + "name": "bgp_type", + "label": "BGP.Type", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "bgp_as_num", + "label": "BGP.AS Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "bgp_route", + "label": "BGP.Route", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_calling_account", + "label": "Voip.Calling Account", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_called_account", + "label": "Voip.Called Account", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_calling_number", + "label": "Voip.Calling Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_called_number", + "label": "Voip.Called Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "streaming_media_url", + "label": "Streaming.Media URL", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "streaming_media_protocol", + "label": "Streaming.Media Protocol", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "app_extra_info", + "label": "APP.Extra Info", + "type": "string" + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "type": "string" + }, + { + "name": "sip_from", + "label": "SIP.From", + "type": "string" + }, + { + "name": "sip_to", + "label": "SIP.To", + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "type": "string" + }, + { + "name": "sip_from_sdp_connect_ip", + "label": "SIP.From Connect IP", + "type": "string" + }, + { + "name": "sip_from_sdp_media_port", + "label": "SIP.From Media Port", + "type": "int" + }, + { + "name": "sip_from_sdp_media_type", + "label": "SIP.From Media Type", + "type": "string" + }, + { + "name": "sip_from_sdp_content", + "label": "SIP.From SDP Content", + "type": "string" + }, + { + "name": "sip_to_sdp_connect_ip", + "label": "SIP.To Connect IP", + "type": "string" + }, + { + "name": "sip_to_sdp_media_port", + "label": "SIP.To Media Port", + "type": "int" + }, + { + "name": "sip_to_sdp_media_type", + "label": "SIP.To Media Type", + "type": "string" + }, + { + "name": "sip_to_sdp_content", + "label": "SIP.To SDP Content", + "type": "string" + }, + { + "name": "sip_duration", + "label": "SIP.Duration", + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload(c2s)", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"PCMU\"},{\"code\":\"1\",\"value\":\"1016\"},{\"code\":\"2\",\"value\":\"G721\"},{\"code\":\"3\",\"value\":\"GSM\"},{\"code\":\"4\",\"value\":\"G723\"},{\"code\":\"5\",\"value\":\"DVI4_8000\"},{\"code\":\"6\",\"value\":\"DVI4_16000\"},{\"code\":\"7\",\"value\":\"LPC\"},{\"code\":\"8\",\"value\":\"PCMA\"},{\"code\":\"9\",\"value\":\"G722\"},{\"code\":\"10\",\"value\":\"L16_STEREO\"},{\"code\":\"11\",\"value\":\"L16_MONO\"},{\"code\":\"12\",\"value\":\"QCELP\"},{\"code\":\"13\",\"value\":\"CN\"},{\"code\":\"14\",\"value\":\"MPA\"},{\"code\":\"15\",\"value\":\"G728\"},{\"code\":\"16\",\"value\":\"DVI4_11025\"},{\"code\":\"17\",\"value\":\"DVI4_22050\"},{\"code\":\"18\",\"value\":\"G729\"},{\"code\":\"19\",\"value\":\"CN_OLD\"},{\"code\":\"25\",\"value\":\"CELB\"},{\"code\":\"26\",\"value\":\"JPEG\"},{\"code\":\"28\",\"value\":\"NV\"},{\"code\":\"31\",\"value\":\"H261\"},{\"code\":\"32\",\"value\":\"MPV\"},{\"code\":\"33\",\"value\":\"MP2T\"},{\"code\":\"34\",\"value\":\"H263\"}]}", + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload(s2c)", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"PCMU\"},{\"code\":\"1\",\"value\":\"1016\"},{\"code\":\"2\",\"value\":\"G721\"},{\"code\":\"3\",\"value\":\"GSM\"},{\"code\":\"4\",\"value\":\"G723\"},{\"code\":\"5\",\"value\":\"DVI4_8000\"},{\"code\":\"6\",\"value\":\"DVI4_16000\"},{\"code\":\"7\",\"value\":\"LPC\"},{\"code\":\"8\",\"value\":\"PCMA\"},{\"code\":\"9\",\"value\":\"G722\"},{\"code\":\"10\",\"value\":\"L16_STEREO\"},{\"code\":\"11\",\"value\":\"L16_MONO\"},{\"code\":\"12\",\"value\":\"QCELP\"},{\"code\":\"13\",\"value\":\"CN\"},{\"code\":\"14\",\"value\":\"MPA\"},{\"code\":\"15\",\"value\":\"G728\"},{\"code\":\"16\",\"value\":\"DVI4_11025\"},{\"code\":\"17\",\"value\":\"DVI4_22050\"},{\"code\":\"18\",\"value\":\"G729\"},{\"code\":\"19\",\"value\":\"CN_OLD\"},{\"code\":\"25\",\"value\":\"CELB\"},{\"code\":\"26\",\"value\":\"JPEG\"},{\"code\":\"28\",\"value\":\"NV\"},{\"code\":\"31\",\"value\":\"H261\"},{\"code\":\"32\",\"value\":\"MPV\"},{\"code\":\"33\",\"value\":\"MP2T\"},{\"code\":\"34\",\"value\":\"H263\"}]}", + "type": "int" + }, + { + "name": "rtp_pcap_dir_c2s", + "label": "RTP.PCAP(c2s)", + "doc": "{\"constraints\":{\"type\":\"file\"}}", + "type": "string" + }, + { + "name": "rtp_pcap_dir_s2c", + "label": "RTP.PCAP(s2c)", + "doc": "{\"constraints\":{\"type\":\"file\"}}", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/TSG-21.03/网关/proxy_event_log.avsc b/TSG-21.03/网关/proxy_event_log.avsc new file mode 100644 index 0000000..89814c8 --- /dev/null +++ b/TSG-21.03/网关/proxy_event_log.avsc @@ -0,0 +1,656 @@ +{ + "type": "record", + "name": "proxy_event_log", + "namespace": "tsg_galaxy_v3", + "doc": "{\"primary_key\":\"common_log_id\",\"partition_key\":\"common_recv_time\",\"functions\":{\"aggregation\":[{\"name\":\"COUNT\",\"function\":\"count(expr)\"},{\"name\":\"COUNT_DISTINCT\",\"function\":\"count(distinct expr)\"},{\"name\":\"AVG\",\"function\":\"avg(expr)\"},{\"name\":\"SUM\",\"function\":\"sum(expr)\"},{\"name\":\"MAX\",\"function\":\"max(expr)\"},{\"name\":\"MIN\",\"function\":\"min(expr)\"}],\"operator\":[{\"name\":\"=\",\"function\":\"expr = value\"},{\"name\":\"!=\",\"function\":\"expr != value\"},{\"name\":\">\",\"function\":\"expr > value\"},{\"name\":\"<\",\"function\":\"expr < value\"},{\"name\":\">=\",\"function\":\"expr >= value\"},{\"name\":\"<=\",\"function\":\"expr <= value\"},{\"name\":\"in\",\"function\":\"expr in (values)\"},{\"name\":\"not in\",\"function\":\"expr not in (values)\"},{\"name\":\"like\",\"function\":\"expr like value\"},{\"name\":\"not like\",\"function\":\"expr not like value\"},{\"name\":\"not empty\",\"function\":\"notEmpty(expr)\"},{\"name\":\"empty\",\"function\":\"empty(expr)\"}]},\"schema_query\":{\"dimensions\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_policy_id\",\"common_sub_action\",\"common_sled_ip\",\"common_device_id\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_client_port\",\"common_server_port\",\"common_schema_type\",\"common_data_center\",\"common_client_asn\",\"common_server_asn\",\"http_host\",\"http_domain\",\"http_url\",\"doh_host\",\"doh_qname\"],\"metrics\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_subscriber_id\",\"common_sled_ip\",\"common_device_id\",\"common_sessions\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"http_host\",\"http_domain\",\"http_url\",\"doh_host\",\"doh_qname\"],\"filters\":[\"common_policy_id\",\"common_sub_action\",\"common_address_type\",\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_client_port\",\"common_server_port\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_l4_protocol\",\"common_data_center\",\"common_sled_ip\",\"common_device_id\",\"common_client_asn\",\"common_server_asn\",\"common_direction\",\"common_schema_type\",\"http_host\",\"http_domain\",\"http_url\",\"http_content_type\",\"doh_host\",\"doh_qname\"],\"references\":{\"aggregation\":[{\"type\":\"int\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"long\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"float\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"double\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"string\",\"functions\":\"COUNT,COUNT_DISTINCT\"},{\"type\":\"date\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"},{\"type\":\"timestamp\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"}],\"operator\":[{\"type\":\"int\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"long\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"float\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"double\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"string\",\"functions\":\"=,!=,in,not in,like,not like,not empty,empty\"},{\"type\":\"date\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"timestamp\",\"functions\":\"=,!=,>,<,>=,<=\"}]}},\"schema_type\":{\"HTTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"http_url\",\"http_host\",\"http_domain\",\"http_request_line\",\"http_response_line\",\"http_request_header\",\"http_response_header\",\"http_request_body\",\"http_response_body\",\"http_request_body_key\",\"http_response_body_key\",\"http_proxy_flag\",\"http_sequence\",\"http_snapshot\",\"http_cookie\",\"http_referer\",\"http_user_agent\",\"http_content_length\",\"http_content_type\",\"http_set_cookie\",\"http_version\",\"http_response_lantency_ms\",\"http_session_duration_ms\",\"http_action_file_size\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"http_url\",\"common_sub_action\"]},\"DoH\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"doh_url\",\"doh_host\",\"doh_request_line\",\"doh_response_line\",\"doh_cookie\",\"doh_referer\",\"doh_user_agent\",\"doh_content_length\",\"doh_content_type\",\"doh_set_cookie\",\"doh_version\",\"doh_message_id\",\"doh_qr\",\"doh_opcode\",\"doh_aa\",\"doh_tc\",\"doh_rd\",\"doh_ra\",\"doh_rcode\",\"doh_qdcount\",\"doh_ancount\",\"doh_nscount\",\"doh_arcount\",\"doh_qname\",\"doh_qtype\",\"doh_qclass\",\"doh_cname\",\"doh_sub\",\"doh_rr\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_client_ip\",\"doh_url\",\"doh_qname\",\"common_server_port\"]}},\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\",\"common_sub_action\",\"common_schema_type\"]}", + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_log_id", + "label": "Log ID", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"snowflake_id\"}}" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn,radius_match\",\"appendTo\":\"common_client_asn,common_subscriber_id\"}}" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=69,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_client_port", + "label": "Client Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"4\",\"value\":\"ipv4\"},{\"code\":\"6\",\"value\":\"ipv6\"}]}" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn\",\"appendTo\":\"common_server_asn\"}}" + }, + { + "name": "common_server_port", + "label": "Server Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_external_ip", + "label": "External IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=73,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_action", + "label": "Action", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"None\"},{\"code\":\"1\",\"value\":\"Monitor\"},{\"code\":\"2\",\"value\":\"Intercept\"},{\"code\":\"16\",\"value\":\"Deny\"},{\"code\":\"48\",\"value\":\"Manipulation\"},{\"code\":\"128\",\"value\":\"Allow\"}]}" + }, + { + "name": "common_direction", + "label": "Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"69\",\"value\":\"outbound\"},{\"code\":\"73\",\"value\":\"inbound\"}]}" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"}}" + }, + { + "name": "common_client_location", + "label": "Client Location", + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "type": "long", + "doc": "{\"format\":{\"functions\":\"set_value\",\"param\":\"1\"}}" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"allow_query\":\"true\",\"data\":[{\"code\":\"HTTP\",\"value\":\"HTTP\"},{\"code\":\"DoH\",\"value\":\"DoH\"}]}" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"allow\",\"value\":\"allow\"},{\"code\":\"deny\",\"value\":\"deny\"},{\"code\":\"monitor\",\"value\":\"monitor\"},{\"code\":\"replace\",\"value\":\"replace\"},{\"code\":\"redirect\",\"value\":\"redirect\"},{\"code\":\"insert\",\"value\":\"insert\"},{\"code\":\"hijack\",\"value\":\"hijack\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_user_region", + "label": "User Region", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_device_id", + "label": "Device ID", + "type": "string" + }, + { + "name": "common_link_id", + "label": "Link ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_isp", + "label": "ISP", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_data_center", + "label": "Data Center", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"Nur-sultan\",\"value\":\"Nur-sultan\"},{\"code\":\"Aktau\",\"value\":\"Aktau\"},{\"code\":\"Aktubinsk\",\"value\":\"Aktubinsk\"},{\"code\":\"Almaty\",\"value\":\"Almaty\"},{\"code\":\"Atyrau\",\"value\":\"Atyrau\"},{\"code\":\"Karaganda\",\"value\":\"Karaganda\"},{\"code\":\"Kokshetau\",\"value\":\"Kokshetau\"},{\"code\":\"Kostanay\",\"value\":\"Kostanay\"},{\"code\":\"Kyzylorda\",\"value\":\"Kyzylorda\"},{\"code\":\"Pavlodar\",\"value\":\"Pavlodar\"},{\"code\":\"Petropavl\",\"value\":\"Petropavl\"},{\"code\":\"Semey\",\"value\":\"Semey\"},{\"code\":\"Shymkent\",\"value\":\"Shymkent\"},{\"code\":\"Taldykurgan\",\"value\":\"Taldykurgan\"},{\"code\":\"Taraz\",\"value\":\"Taraz\"},{\"code\":\"Uralsk\",\"value\":\"Uralsk\"},{\"code\":\"Ust-Kamenogorsk\",\"value\":\"Ust-Kamenogorsk\"},{\"code\":\"Zhezkazgan\",\"value\":\"Zhezkazgan\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Ethernet\"},{\"code\":\"8\",\"value\":\"PPP\"},{\"code\":\"12\",\"value\":\"CiscoHDLC\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_label", + "label": "Application Label", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_start_time", + "label": "Start Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_end_time", + "label": "End Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"get_value\",\"appendTo\":\"common_recv_time\"}}" + }, + { + "name": "common_establish_latency_ms", + "label": "Establish Latency(ms)", + "type": "int" + }, + { + "name": "common_con_duration_ms", + "label": "Duration(ms)", + "type": "int" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"c2s\"},{\"code\":\"2\",\"value\":\"s2c\"},{\"code\":\"3\",\"value\":\"double\"}]}" + }, + { + "name": "common_address_list", + "label": "Address List", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info(c2s)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info(s2c)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unorder Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unorder Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "type": "long", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "type": "long", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"current_timestamp\"}}", + "type": "long" + }, + { + "name": "http_url", + "label": "Http.URL", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "http_host", + "label": "Http.Host", + "type": "string", + "doc": "{\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "http_domain", + "label": "Http.Domain", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "http_request_line", + "label": "Http.Request Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_line", + "label": "Http.Response Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_request_header", + "label": "Http.Request Header", + "type": "string" + }, + { + "name": "http_response_header", + "label": "Http.Response Header", + "type": "string" + }, + { + "name": "http_request_body", + "label": "Http.Request Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"}}" + }, + { + "name": "http_response_body", + "label": "Http.Response Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"}}" + }, + { + "name": "http_request_body_key", + "label": "Http.Request Body Key", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_body_key", + "label": "Http.Response Body Key", + "type":"string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_proxy_flag", + "label": "Http.Proxy Flag", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_sequence", + "label": "Http.Sequence", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_snapshot", + "label": "Http.Snapshot", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_cookie", + "label": "Http.Cookie", + "type": "string" + }, + { + "name": "http_referer", + "label": "Http.Referer", + "type": "string" + }, + { + "name": "http_user_agent", + "label": "Http.User Agent", + "type": "string" + }, + { + "name": "http_content_length", + "label": "Http.Content Length", + "type": "string" + }, + { + "name": "http_content_type", + "label": "Http.Content Type", + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "Http.Set Cookie", + "type": "string" + }, + { + "name": "http_version", + "label": "Http.Version", + "type": "string" + }, + { + "name": "http_response_lantency_ms", + "label": "Http.Response Latency(ms)", + "type": "int" + }, + { + "name": "http_session_duration_ms", + "label": "Http.Session Duration(ms)", + "type": "int" + }, + { + "name": "http_action_file_size", + "label": "Http.Action File Size", + "type": "int" + }, + { + "name": "doh_url", + "label": "DoH.URL", + "type": "string" + }, + { + "name": "doh_host", + "label": "DoH.Host", + "type": "string" + }, + { + "name": "doh_request_line", + "label": "DoH.Request Line", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "doh_response_line", + "label": "DoH.Response Line", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "doh_cookie", + "label": "DoH.Cookie", + "type": "string" + }, + { + "name": "doh_referer", + "label": "DoH.Referer", + "type": "string" + }, + { + "name": "doh_user_agent", + "label": "DoH.User Agent", + "type": "string" + }, + { + "name": "doh_content_length", + "label": "DoH.Content Length", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "doh_content_type", + "label": "DoH.Content Type", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "doh_set_cookie", + "label": "DoH.Set Cookie", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "doh_version", + "label": "DoH.Version", + "type": "string" + }, + { + "name": "doh_message_id", + "label": "DoH.Message ID", + "type": "int" + }, + { + "name": "doh_qr", + "label": "DoH.QR", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"REESPONSE\"}]}" + }, + { + "name": "doh_opcode", + "label": "DoH.OPCODE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"IQUERY\"},{\"code\":\"2\",\"value\":\"STATUS\"},{\"code\":\"5\",\"value\":\"UPDATE\"}]}" + }, + { + "name": "doh_aa", + "label": "DoH.AA", + "type": "int" + }, + { + "name": "doh_tc", + "label": "DoH.TC", + "type": "int" + }, + { + "name": "doh_rd", + "label": "DoH.RD", + "type": "int" + }, + { + "name": "doh_ra", + "label": "DoH.RA", + "type": "int" + }, + { + "name": "doh_rcode", + "label": "DoH.RCODE", + "type": "int" + }, + { + "name": "doh_qdcount", + "label": "DoH.QDCOUNT", + "type": "int" + }, + { + "name": "doh_ancount", + "label": "DoH.ANCOUNT", + "type": "int" + }, + { + "name": "doh_nscount", + "label": "DoH.NSCOUNT", + "type": "int" + }, + { + "name": "doh_arcount", + "label": "DoH.ARCOUNT", + "type": "int" + }, + { + "name": "doh_qname", + "label": "DoH.QNAME", + "type": "string" + }, + { + "name": "doh_qtype", + "label": "DoH.QTYPE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"A\"},{\"code\":\"2\",\"value\":\"NS\"},{\"code\":\"5\",\"value\":\"CNAME\"},{\"code\":\"6\",\"value\":\"SOA\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"12\",\"value\":\"PTR\"},{\"code\":\"13\",\"value\":\"HINFO\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"15\",\"value\":\"MX\"},{\"code\":\"28\",\"value\":\"AAAA\"}]}" + }, + { + "name": "doh_qclass", + "label": "DoH.QCLASS", + "type": "int" + }, + { + "name": "doh_cname", + "label": "DoH.CNAME", + "type": "string" + }, + { + "name": "doh_sub", + "label": "DoH.SUB", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"DNS\"},{\"code\":\"2\",\"value\":\"DNSSEC\"}]}" + }, + { + "name": "doh_rr", + "label": "DoH.RR", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/TSG-21.03/网关/radius_record_log.avsc b/TSG-21.03/网关/radius_record_log.avsc new file mode 100644 index 0000000..1fdec7c --- /dev/null +++ b/TSG-21.03/网关/radius_record_log.avsc @@ -0,0 +1,515 @@ +{ + "type": "record", + "name": "radius_record_log", + "namespace": "tsg_galaxy_v3", + "doc": "{\"primary_key\":\"common_log_id\",\"partition_key\":\"common_recv_time\",\"functions\":{\"aggregation\":[{\"name\":\"COUNT\",\"function\":\"count(expr)\"},{\"name\":\"COUNT_DISTINCT\",\"function\":\"count(distinct expr)\"},{\"name\":\"AVG\",\"function\":\"avg(expr)\"},{\"name\":\"SUM\",\"function\":\"sum(expr)\"},{\"name\":\"MAX\",\"function\":\"max(expr)\"},{\"name\":\"MIN\",\"function\":\"min(expr)\"}],\"operator\":[{\"name\":\"=\",\"function\":\"expr = value\"},{\"name\":\"!=\",\"function\":\"expr != value\"},{\"name\":\">\",\"function\":\"expr > value\"},{\"name\":\"<\",\"function\":\"expr < value\"},{\"name\":\">=\",\"function\":\"expr >= value\"},{\"name\":\"<=\",\"function\":\"expr <= value\"},{\"name\":\"in\",\"function\":\"expr in (values)\"},{\"name\":\"not in\",\"function\":\"expr not in (values)\"},{\"name\":\"like\",\"function\":\"expr like value\"},{\"name\":\"not like\",\"function\":\"expr not like value\"},{\"name\":\"not empty\",\"function\":\"notEmpty(expr)\"},{\"name\":\"empty\",\"function\":\"empty(expr)\"}]},\"schema_query\":{\"dimensions\":[\"radius_nas_ip\",\"radius_framed_ip\",\"common_subscriber_id\"],\"metrics\":[\"radius_framed_ip\",\"radius_event_timestamp\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\"],\"filters\":[\"radius_framed_ip\",\"common_subscriber_id\",\"radius_packet_type\",\"radius_acct_session_id\",\"radius_acct_multi_session_id\",\"radius_acct_status_type\"],\"references\":{\"aggregation\":[{\"type\":\"int\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"long\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"float\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"double\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"string\",\"functions\":\"COUNT,COUNT_DISTINCT\"},{\"type\":\"date\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"},{\"type\":\"timestamp\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"}],\"operator\":[{\"type\":\"int\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"long\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"float\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"double\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"string\",\"functions\":\"=,!=,in,not in,like,not like,not empty,empty\"},{\"type\":\"date\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"timestamp\",\"functions\":\"=,!=,>,<,>=,<=\"}]}},\"schema_type\":{\"RADIUS\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"radius_packet_type\",\"radius_nas_ip\",\"radius_framed_ip\",\"radius_account\",\"radius_session_timeout\",\"radius_idle_timeout\",\"radius_acct_status_type\",\"radius_acct_terminate_cause\",\"radius_event_timestamp\",\"radius_nas_port\",\"radius_service_type\",\"radius_framed_protocol\",\"radius_callback_number\",\"radius_callback_id\",\"radius_termination_action\",\"radius_called_station_id\",\"radius_calling_station_id\",\"radius_acct_delay_time\",\"radius_acct_session_id\",\"radius_acct_multi_session_id\",\"radius_acct_input_octets\",\"radius_acct_output_octets\",\"radius_acct_input_packets\",\"radius_acct_output_packets\",\"radius_acct_session_time\",\"radius_acct_link_count\",\"radius_acct_interim_interval\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"radius_nas_ip\",\"radius_framed_ip\",\"radius_acct_status_type\"]}},\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"radius_nas_ip\",\"radius_framed_ip\",\"radius_acct_status_type\"]}", + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_log_id", + "label": "Log ID", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"snowflake_id\"}}" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "type": "long", + "doc":"{\"visibility\":\"hidden\"}" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_client_port", + "label": "Client Port", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"4\",\"value\":\"ipv4\"},{\"code\":\"6\",\"value\":\"ipv6\"}]}" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn\",\"appendTo\":\"common_server_asn\"}}" + }, + { + "name": "common_server_port", + "label": "Server Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_external_ip", + "label": "External IP", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_action", + "label": "Action", + "type": "int", + "doc": "{\"visibility\":\"hidden\",\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"None\"},{\"code\":\"1\",\"value\":\"Monitor\"},{\"code\":\"2\",\"value\":\"Intercept\"},{\"code\":\"16\",\"value\":\"Deny\"},{\"code\":\"48\",\"value\":\"Manipulation\"},{\"code\":\"128\",\"value\":\"Allow\"}]}" + }, + { + "name": "common_direction", + "label": "Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"69\",\"value\":\"outbound\"},{\"code\":\"73\",\"value\":\"inbound\"}]}" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"}}" + }, + { + "name": "common_client_location", + "label": "Client Location", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_server_location", + "label": "Server Location", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_sessions", + "label": "Sessions", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"BASE\",\"value\":\"BASE\"},{\"code\":\"HTTP\",\"value\":\"HTTP\"},{\"code\":\"MAIL\",\"value\":\"MAIL\"},{\"code\":\"DNS\",\"value\":\"DNS\"},{\"code\":\"SSL\",\"value\":\"SSL\"},{\"code\":\"FTP\",\"value\":\"FTP\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_user_region", + "label": "User Region", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_device_id", + "label": "Device ID", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_link_id", + "label": "Link ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_isp", + "label": "ISP", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_data_center", + "label": "Data Center", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"Nur-sultan\",\"value\":\"Nur-sultan\"},{\"code\":\"Aktau\",\"value\":\"Aktau\"},{\"code\":\"Aktubinsk\",\"value\":\"Aktubinsk\"},{\"code\":\"Almaty\",\"value\":\"Almaty\"},{\"code\":\"Atyrau\",\"value\":\"Atyrau\"},{\"code\":\"Karaganda\",\"value\":\"Karaganda\"},{\"code\":\"Kokshetau\",\"value\":\"Kokshetau\"},{\"code\":\"Kostanay\",\"value\":\"Kostanay\"},{\"code\":\"Kyzylorda\",\"value\":\"Kyzylorda\"},{\"code\":\"Pavlodar\",\"value\":\"Pavlodar\"},{\"code\":\"Petropavl\",\"value\":\"Petropavl\"},{\"code\":\"Semey\",\"value\":\"Semey\"},{\"code\":\"Shymkent\",\"value\":\"Shymkent\"},{\"code\":\"Taldykurgan\",\"value\":\"Taldykurgan\"},{\"code\":\"Taraz\",\"value\":\"Taraz\"},{\"code\":\"Uralsk\",\"value\":\"Uralsk\"},{\"code\":\"Ust-Kamenogorsk\",\"value\":\"Ust-Kamenogorsk\"},{\"code\":\"Zhezkazgan\",\"value\":\"Zhezkazgan\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Ethernet\"},{\"code\":\"8\",\"value\":\"PPP\"},{\"code\":\"12\",\"value\":\"CiscoHDLC\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_label", + "label": "Application Label", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_start_time", + "label": "Start Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"visibility\":\"hidden\"}" + }, + { + "name": "common_end_time", + "label": "End Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"get_value\",\"appendTo\":\"common_recv_time\"},\"visibility\":\"hidden\"}" + }, + { + "name": "common_establish_latency_ms", + "label": "Establish Latency(ms)", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_con_duration_ms", + "label": "Duration(ms)", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"c2s\"},{\"code\":\"2\",\"value\":\"s2c\"},{\"code\":\"3\",\"value\":\"double\"}]}" + }, + { + "name": "common_address_list", + "label": "Address List", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info(c2s)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info(s2c)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unorder Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unorder Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "type": "long", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "type": "long", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"current_timestamp\"}}", + "type": "long" + }, + { + "name": "radius_packet_type", + "label": "Packet Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"Access-Request\"},{\"code\":\"2\",\"value\":\"Access-Accept\"},{\"code\":\"3\",\"value\":\"Access-Reject\"},{\"code\":\"4\",\"value\":\"Accounting-Request\"},{\"code\":\"5\",\"value\":\"Accounting-Response\"},{\"code\":\"11\",\"value\":\"Access-Challenge\"}]}" + }, + { + "name": "radius_account", + "label": "Account", + "type": "string", + "doc": "{\"format\":{\"functions\":\"get_value\",\"appendTo\":\"common_subscriber_id\"}}" + }, + { + "name": "radius_nas_ip", + "label": "Nas IP", + "type": "string" + }, + { + "name": "radius_framed_ip", + "label": "Framed IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"}}" + }, + { + "name": "radius_session_timeout", + "label": "Session Timeout", + "type": "int" + }, + { + "name": "radius_idle_timeout", + "label": "Idle Timeout", + "type": "int" + }, + { + "name": "radius_acct_status_type", + "label": "ACC Status Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"Start\"},{\"code\":\"2\",\"value\":\"Stop\"},{\"code\":\"3\",\"value\":\"Interim-Update\"},{\"code\":\"7\",\"value\":\"Accounting-On\"},{\"code\":\"8\",\"value\":\"Accounting-Off\"}]}" + }, + { + "name": "radius_acct_terminate_cause", + "label": "Acct Terminate Cause", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"User Request\"},{\"code\":\"2\",\"value\":\"Lost Carrier\"},{\"code\":\"3\",\"value\":\"Lost Service\"},{\"code\":\"4\",\"value\":\"Idle Timeout\"},{\"code\":\"5\",\"value\":\"Session Timeout\"},{\"code\":\"6\",\"value\":\"Admin Reset\"},{\"code\":\"7\",\"value\":\"Admin Reboot\"},{\"code\":\"8\",\"value\":\"Port Error\"},{\"code\":\"9\",\"value\":\"NAS Error\"},{\"code\":\"10\",\"value\":\"NAS Request\"},{\"code\":\"11\",\"value\":\"NAS Reboot\"},{\"code\":\"12\",\"value\":\"Port Unneeded\"},{\"code\":\"13\",\"value\":\"Port Preempted\"},{\"code\":\"14\",\"value\":\"Port Suspended\"},{\"code\":\"15\",\"value\":\"Service Unavailable\"},{\"code\":\"16\",\"value\":\"Callback\"},{\"code\":\"17\",\"value\":\"User Error\"},{\"code\":\"18\",\"value\":\"Host Request\"}]}" + }, + { + "name": "radius_event_timestamp", + "label": "Event Timestamp", + "type": "int" + }, + { + "name": "radius_service_type", + "label": "Service Type", + "type": "int" + }, + { + "name": "radius_nas_port", + "label": "Nas Port", + "type": "int" + }, + { + "name": "radius_framed_protocol", + "label": "Framed Protocol", + "type": "int" + }, + { + "name": "radius_callback_number", + "label": "Callback Number", + "type": "string" + }, + { + "name": "radius_callback_id", + "label": "Callback ID", + "type": "string" + }, + { + "name": "radius_termination_action", + "label": "Termination Action", + "type": "int" + }, + { + "name": "radius_called_station_id", + "label": "Called Station Id", + "type": "string" + }, + { + "name": "radius_calling_station_id", + "label": "Calling Station Id", + "type": "string" + }, + { + "name": "radius_acct_delay_time", + "label": "Acct Delay Time", + "type": "int" + }, + { + "name": "radius_acct_session_id", + "label": "Acct Session ID", + "type": "string" + }, + { + "name": "radius_acct_multi_session_id", + "label": "Acct Multi Session ID", + "type": "string" + }, + { + "name": "radius_acct_input_octets", + "label": "Acct Input Octets", + "type": "long" + }, + { + "name": "radius_acct_output_octets", + "label": "Acct Output Octets", + "type": "long" + }, + { + "name": "radius_acct_input_packets", + "label": "Acct Input Packets", + "type": "long" + }, + { + "name": "radius_acct_output_packets", + "label": "Acct Output Packets", + "type": "long" + }, + { + "name": "radius_acct_session_time", + "label": "Acct Session Time", + "type": "int" + }, + { + "name": "radius_acct_link_count", + "label": "Acct Link Count", + "type": "int" + }, + { + "name": "radius_acct_interim_interval", + "label": "Acct Interim Interval", + "type": "int" + } + ] +} \ No newline at end of file diff --git a/TSG-21.03/网关/security_event_log.avsc b/TSG-21.03/网关/security_event_log.avsc new file mode 100644 index 0000000..2f6fdf0 --- /dev/null +++ b/TSG-21.03/网关/security_event_log.avsc @@ -0,0 +1,969 @@ +{ + "type": "record", + "name": "security_event_log", + "namespace": "tsg_galaxy_v3", + "doc": "{\"primary_key\":\"common_log_id\",\"partition_key\":\"common_recv_time\",\"functions\":{\"aggregation\":[{\"name\":\"COUNT\",\"function\":\"count(expr)\"},{\"name\":\"COUNT_DISTINCT\",\"function\":\"count(distinct expr)\"},{\"name\":\"AVG\",\"function\":\"avg(expr)\"},{\"name\":\"SUM\",\"function\":\"sum(expr)\"},{\"name\":\"MAX\",\"function\":\"max(expr)\"},{\"name\":\"MIN\",\"function\":\"min(expr)\"}],\"operator\":[{\"name\":\"=\",\"function\":\"expr = value\"},{\"name\":\"!=\",\"function\":\"expr != value\"},{\"name\":\">\",\"function\":\"expr > value\"},{\"name\":\"<\",\"function\":\"expr < value\"},{\"name\":\">=\",\"function\":\"expr >= value\"},{\"name\":\"<=\",\"function\":\"expr <= value\"},{\"name\":\"in\",\"function\":\"expr in (values)\"},{\"name\":\"not in\",\"function\":\"expr not in (values)\"},{\"name\":\"like\",\"function\":\"expr like value\"},{\"name\":\"not like\",\"function\":\"expr not like value\"},{\"name\":\"not empty\",\"function\":\"notEmpty(expr)\"},{\"name\":\"empty\",\"function\":\"empty(expr)\"}]},\"schema_query\":{\"dimensions\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_policy_id\",\"common_action\",\"common_sled_ip\",\"common_device_id\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_client_port\",\"common_server_port\",\"common_schema_type\",\"common_l4_protocol\",\"common_l7_protocol\",\"common_data_center\",\"common_client_asn\",\"common_server_asn\",\"common_start_time\",\"common_end_time\",\"http_host\",\"http_domain\",\"http_url\",\"ssl_sni\",\"ssl_ja3_hash\",\"ssl_client_side_version\",\"ssl_server_side_version\",\"mail_account\",\"mail_from\",\"mail_to\",\"quic_sni\"],\"metrics\":[\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_subscriber_id\",\"common_sled_ip\",\"common_device_id\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_con_duration_ms\",\"common_establish_latency_ms\",\"http_host\",\"http_domain\",\"http_url\",\"ssl_sni\",\"ssl_ja3_hash\",\"ssl_client_side_latency\",\"ssl_server_side_latency\",\"mail_account\",\"mail_from\",\"mail_to\",\"quic_sni\"],\"filters\":[\"common_policy_id\",\"common_action\",\"common_address_type\",\"common_server_ip\",\"common_client_ip\",\"common_internal_ip\",\"common_external_ip\",\"common_client_port\",\"common_server_port\",\"common_client_location\",\"common_server_location\",\"common_subscriber_id\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_l4_protocol\",\"common_l7_protocol\",\"common_stream_dir\",\"common_data_center\",\"common_sled_ip\",\"common_device_id\",\"common_direction\",\"common_schema_type\",\"common_client_asn\",\"common_server_asn\",\"common_start_time\",\"common_end_time\",\"common_con_duration_ms\",\"common_establish_latency_ms\",\"http_host\",\"http_domain\",\"http_url\",\"http_content_type\",\"ssl_sni\",\"ssl_ja3_hash\",\"ssl_pinningst\",\"ssl_intercept_state\",\"ssl_client_side_version\",\"ssl_server_side_version\",\"ssl_cert_verify\",\"ssl_client_side_latency\",\"ssl_server_side_latency\",\"mail_account\",\"mail_from\",\"mail_to\",\"mail_subject\",\"quic_sni\"],\"references\":{\"aggregation\":[{\"type\":\"int\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"long\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"float\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"double\",\"functions\":\"COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN\"},{\"type\":\"string\",\"functions\":\"COUNT,COUNT_DISTINCT\"},{\"type\":\"date\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"},{\"type\":\"timestamp\",\"functions\":\"COUNT,COUNT_DISTINCT,MAX,MIN\"}],\"operator\":[{\"type\":\"int\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"long\",\"functions\":\"=,!=,>,<,>=,<=,in,not in\"},{\"type\":\"float\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"double\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"string\",\"functions\":\"=,!=,in,not in,like,not like,not empty,empty\"},{\"type\":\"date\",\"functions\":\"=,!=,>,<,>=,<=\"},{\"type\":\"timestamp\",\"functions\":\"=,!=,>,<,>=,<=\"}]}},\"schema_type\":{\"BASE\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\"]},\"HTTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"http_url\",\"http_host\",\"http_domain\",\"http_request_line\",\"http_response_line\",\"http_request_header\",\"http_response_header\",\"http_request_body\",\"http_response_body\",\"http_request_body_key\",\"http_response_body_key\",\"http_proxy_flag\",\"http_sequence\",\"http_snapshot\",\"http_cookie\",\"http_referer\",\"http_user_agent\",\"http_content_length\",\"http_content_type\",\"http_set_cookie\",\"http_version\",\"http_response_lantency_ms\",\"http_session_duration_ms\",\"http_action_file_size\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"http_url\",\"common_server_port\"]},\"MAIL\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"mail_protocol_type\",\"mail_account\",\"mail_from_cmd\",\"mail_to_cmd\",\"mail_from\",\"mail_to\",\"mail_cc\",\"mail_bcc\",\"mail_subject\",\"mail_subject_charset\",\"mail_content\",\"mail_content_charset\",\"mail_attachment_name\",\"mail_attachment_name_charset\",\"mail_attachment_content\",\"mail_eml_file\",\"mail_snapshot\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"mail_from\",\"mail_to\",\"mail_subject\"]},\"DNS\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"dns_message_id\",\"dns_qr\",\"dns_opcode\",\"dns_aa\",\"dns_tc\",\"dns_rd\",\"dns_ra\",\"dns_rcode\",\"dns_qdcount\",\"dns_ancount\",\"dns_nscount\",\"dns_arcount\",\"dns_qname\",\"dns_qtype\",\"dns_qclass\",\"dns_cname\",\"dns_sub\",\"dns_rr\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_client_ip\",\"dns_qr\",\"dns_qname\",\"dns_qtype\"]},\"SSL\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"ssl_sni\",\"ssl_san\",\"ssl_cn\",\"ssl_pinningst\",\"ssl_intercept_state\",\"ssl_server_side_latency\",\"ssl_client_side_latency\",\"ssl_server_side_version\",\"ssl_client_side_version\",\"ssl_cert_verify\",\"ssl_error\",\"ssl_con_latency_ms\",\"ssl_ja3_fingerprint\",\"ssl_ja3_hash\",\"ssl_cert_issuer\",\"ssl_cert_subject\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"ssl_sni\",\"common_server_ip\",\"common_server_port\"]},\"QUIC\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"quic_version\",\"quic_sni\",\"quic_user_agent\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"quic_sni\",\"common_server_ip\",\"common_server_port\"]},\"FTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"ftp_account\",\"ftp_url\",\"ftp_content\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"ftp_url\",\"common_server_ip\",\"common_server_port\"]},\"BGP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"bgp_type\",\"bgp_as_num\",\"bgp_route\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"bgp_type\",\"bgp_as_num\",\"common_server_ip\",\"common_server_port\"]},\"VOIP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"voip_calling_account\",\"voip_called_account\",\"voip_calling_number\",\"voip_called_number\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"voip_calling_account\",\"voip_called_account\",\"common_server_ip\",\"common_server_port\"]},\"SIP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"sip_call_id\",\"sip_from\",\"sip_to\",\"sip_user_agent\",\"sip_server\",\"sip_from_sdp_connect_ip\",\"sip_from_sdp_media_port\",\"sip_from_sdp_media_type\",\"sip_from_sdp_content\",\"sip_to_sdp_connect_ip\",\"sip_to_sdp_media_port\",\"sip_to_sdp_media_type\",\"sip_to_sdp_content\",\"sip_duration\",\"sip_bye\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"sip_from\",\"sip_from\",\"sip_call_id\",\"common_server_ip\",\"common_server_port\"]},\"RTP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"rtp_payload_type_c2s\",\"rtp_payload_type_s2c\",\"rtp_pcap_dir_c2s\",\"rtp_pcap_dir_s2c\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\",\"rtp_pcap_dir_c2s\",\"rtp_pcap_dir_s2c\"]},\"APP\":{\"columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_client_port\",\"common_internal_ip\",\"common_l4_protocol\",\"common_address_type\",\"common_server_ip\",\"common_server_port\",\"common_external_ip\",\"common_action\",\"common_direction\",\"common_entrance_id\",\"common_sled_ip\",\"common_client_location\",\"common_client_asn\",\"common_server_location\",\"common_server_asn\",\"common_sessions\",\"common_c2s_pkt_num\",\"common_s2c_pkt_num\",\"common_c2s_byte_num\",\"common_s2c_byte_num\",\"common_service\",\"common_schema_type\",\"common_user_tags\",\"common_sub_action\",\"common_user_region\",\"common_device_id\",\"common_link_id\",\"common_isp\",\"common_device_tag\",\"common_data_center\",\"common_encapsulation\",\"common_app_label\",\"common_protocol_label\",\"common_app_id\",\"common_app_surrogate_id\",\"common_l7_protocol\",\"common_start_time\",\"common_end_time\",\"common_establish_latency_ms\",\"common_con_duration_ms\",\"common_stream_dir\",\"common_address_list\",\"common_has_dup_traffic\",\"common_stream_error\",\"common_stream_trace_id\",\"common_link_info_c2s\",\"common_link_info_s2c\",\"common_c2s_ipfrag_num\",\"common_s2c_ipfrag_num\",\"common_c2s_tcp_lostlen\",\"common_s2c_tcp_lostlen\",\"common_c2s_tcp_unorder_num\",\"common_s2c_tcp_unorder_num\",\"common_tcp_client_isn\",\"common_tcp_server_isn\",\"common_first_ttl\",\"common_processing_time\",\"app_extra_info\"],\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_app_id\",\"common_app_label\",\"app_extra_info\",\"common_server_ip\",\"common_server_port\"]}},\"default_columns\":[\"common_recv_time\",\"common_log_id\",\"common_policy_id\",\"common_subscriber_id\",\"common_client_ip\",\"common_server_ip\",\"common_server_port\",\"common_schema_type\"]}", + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_log_id", + "label": "Log ID", + "type": "long", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"snowflake_id\"}}" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn,radius_match\",\"appendTo\":\"common_client_asn,common_subscriber_id\"}}" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=69,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_client_port", + "label": "Client Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"4\",\"value\":\"ipv4\"},{\"code\":\"6\",\"value\":\"ipv6\"}]}" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"geo_asn\",\"appendTo\":\"common_server_asn\"}}" + }, + { + "name": "common_server_port", + "label": "Server Port", + "type": "int", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_external_ip", + "label": "External IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"},\"format\":{\"functions\":\"if\",\"param\":\"$.common_direction=73,$.common_client_ip,$.common_server_ip\"}}" + }, + { + "name": "common_action", + "label": "Action", + "type": "int", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"Monitor\"},{\"code\":\"2\",\"value\":\"Intercept\"},{\"code\":\"16\",\"value\":\"Deny\"},{\"code\":\"128\",\"value\":\"Allow\"}]}" + }, + { + "name": "common_direction", + "label": "Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"69\",\"value\":\"outbound\"},{\"code\":\"73\",\"value\":\"inbound\"}]}" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"constraints\":{\"type\":\"ip\"}}" + }, + { + "name": "common_client_location", + "label": "Client Location", + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "type": "long", + "doc": "{\"format\":{\"functions\":\"set_value\",\"param\":\"1\"}}" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"HTTP\",\"value\":\"HTTP\"},{\"code\":\"MAIL\",\"value\":\"MAIL\"},{\"code\":\"DNS\",\"value\":\"DNS\"},{\"code\":\"SSL\",\"value\":\"SSL\"},{\"code\":\"QUIC\",\"value\":\"QUIC\"},{\"code\":\"FTP\",\"value\":\"FTP\"},{\"code\":\"SIP\",\"value\":\"SIP\"},{\"code\":\"RTP\",\"value\":\"RTP\"},{\"code\":\"APP\",\"value\":\"APP\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_device_id", + "label": "Device ID", + "type": "string" + }, + { + "name": "common_link_id", + "label": "Link ID", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_isp", + "label": "ISP", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_data_center", + "label": "Data Center", + "type": "string", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"Nur-sultan\",\"value\":\"Nur-sultan\"},{\"code\":\"Aktau\",\"value\":\"Aktau\"},{\"code\":\"Aktubinsk\",\"value\":\"Aktubinsk\"},{\"code\":\"Almaty\",\"value\":\"Almaty\"},{\"code\":\"Atyrau\",\"value\":\"Atyrau\"},{\"code\":\"Karaganda\",\"value\":\"Karaganda\"},{\"code\":\"Kokshetau\",\"value\":\"Kokshetau\"},{\"code\":\"Kostanay\",\"value\":\"Kostanay\"},{\"code\":\"Kyzylorda\",\"value\":\"Kyzylorda\"},{\"code\":\"Pavlodar\",\"value\":\"Pavlodar\"},{\"code\":\"Petropavl\",\"value\":\"Petropavl\"},{\"code\":\"Semey\",\"value\":\"Semey\"},{\"code\":\"Shymkent\",\"value\":\"Shymkent\"},{\"code\":\"Taldykurgan\",\"value\":\"Taldykurgan\"},{\"code\":\"Taraz\",\"value\":\"Taraz\"},{\"code\":\"Uralsk\",\"value\":\"Uralsk\"},{\"code\":\"Ust-Kamenogorsk\",\"value\":\"Ust-Kamenogorsk\"},{\"code\":\"Zhezkazgan\",\"value\":\"Zhezkazgan\"}],\"allow_query\":\"true\"}" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Ethernet\"},{\"code\":\"8\",\"value\":\"PPP\"},{\"code\":\"12\",\"value\":\"CiscoHDLC\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_app_label", + "label": "Application Label", + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "int" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "int" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string" + }, + { + "name": "common_start_time", + "label": "Start Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"}}" + }, + { + "name": "common_end_time", + "label": "End Time", + "type": "long", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"get_value\",\"appendTo\":\"common_recv_time\"}}" + }, + { + "name": "common_establish_latency_ms", + "label": "Establish Latency(ms)", + "type": "int" + }, + { + "name": "common_con_duration_ms", + "label": "Duration(ms)", + "type": "int" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"c2s\"},{\"code\":\"2\",\"value\":\"s2c\"},{\"code\":\"3\",\"value\":\"double\"}]}" + }, + { + "name": "common_address_list", + "label": "Address List", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}],\"visibility\":\"hidden\"}" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info(c2s)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info(s2c)", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unorder Packets(c2s)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unorder Packets(s2c)", + "type": "long", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "type": "long", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": "{\"constraints\":{\"type\":\"timestamp\"},\"format\":{\"functions\":\"current_timestamp\"}}", + "type": "long" + }, + { + "name": "http_url", + "label": "Http.URL", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "http_host", + "label": "Http.Host", + "type": "string", + "doc": "{\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "http_domain", + "label": "Http.Domain", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "http_request_line", + "label": "Http.Request Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_line", + "label": "Http.Response Line", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_request_header", + "label": "Http.Request Header", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_response_header", + "label": "Http.Response Header", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_request_body", + "label": "Http.Request Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"},\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_body", + "label": "Http.Response Body", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"},\"visibility\":\"disabled\"}" + }, + { + "name": "http_request_body_key", + "label": "Http.Request Body Key", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_response_body_key", + "label": "Http.Response Body Key", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "http_proxy_flag", + "label": "http.Proxy Flag", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_sequence", + "label": "Http.Sequence", + "type": "int", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_snapshot", + "label": "Http.Snapshot", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "http_cookie", + "label": "Http.Cookie", + "type": "string" + }, + { + "name": "http_referer", + "label": "Http.Referer", + "type": "string" + }, + { + "name": "http_user_agent", + "label": "Http.User Agent", + "type": "string" + }, + { + "name": "http_content_length", + "label": "Http.Content Length", + "type": "string" + }, + { + "name": "http_content_type", + "label": "Http.Content Type", + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "Http.Set Cookie", + "type": "string" + }, + { + "name": "http_version", + "label": "Http.Version", + "type": "string" + }, + { + "name": "http_response_lantency_ms", + "label": "Http.Response Latency(ms)", + "type": "int" + }, + { + "name": "http_action_file_size", + "label": "Http.Action File Size", + "type": "int" + }, + { + "name": "http_session_duration_ms", + "label": "Http.Session Duration(ms)", + "type": "int" + }, + { + "name": "mail_protocol_type", + "label": "Mail.Protocol Type", + "type": "string" + }, + { + "name": "mail_account", + "label": "Mail.Account", + "type": "string" + }, + { + "name": "mail_from_cmd", + "label": "Mail.From CMD", + "type": "string" + }, + { + "name": "mail_to_cmd", + "label": "Mail.To CMD", + "type": "string" + }, + { + "name": "mail_from", + "label": "Mail.From", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"email\"}}" + }, + { + "name": "mail_to", + "label": "Mail.To", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"email\"}}" + }, + { + "name": "mail_cc", + "label": "Mail.CC", + "type": "string" + }, + { + "name": "mail_bcc", + "label": "Mail.BCC", + "type": "string" + }, + { + "name": "mail_subject", + "label": "Mail.Subject", + "type": "string", + "doc": "{\"format\":{\"functions\":\"decode_of_base64\",\"param\":\"$.mail_subject_charset\"}}" + }, + { + "name": "mail_subject_charset", + "label": "Mail.Subject Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_content", + "label": "Mail.Content", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_content_charset", + "label": "Mail.Content Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_attachment_name", + "label": "Mail.Attachment", + "type": "string", + "doc": "{\"format\":{\"functions\":\"decode_of_base64\",\"param\":\"$.mail_attachment_name_charset\"}}" + }, + { + "name": "mail_attachment_name_charset", + "label": "Mail.Attachment Charset", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_attachment_content", + "label": "Mail.Attachment Content", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "mail_eml_file", + "label": "Mail.EML File", + "type": "string", + "doc": "{\"constraints\":{\"type\":\"file\"}}" + }, + { + "name": "mail_snapshot", + "label": "Mail.Snapshot", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "dns_message_id", + "label": "Dns.Message ID", + "type": "int" + }, + { + "name": "dns_qr", + "label": "Dns.QR", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"REESPONSE\"}]}" + }, + { + "name": "dns_opcode", + "label": "Dns.OPCODE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"QUERY\"},{\"code\":\"1\",\"value\":\"IQUERY\"},{\"code\":\"2\",\"value\":\"STATUS\"},{\"code\":\"5\",\"value\":\"UPDATE\"}]}" + }, + { + "name": "dns_aa", + "label": "Dns.AA", + "type": "int" + }, + { + "name": "dns_tc", + "label": "Dns.TC", + "type": "int" + }, + { + "name": "dns_rd", + "label": "Dns.RD", + "type": "int" + }, + { + "name": "dns_ra", + "label": "Dns.RA", + "type": "int" + }, + { + "name": "dns_rcode", + "label": "Dns.RCODE", + "type": "int" + }, + { + "name": "dns_qdcount", + "label": "Dns.QDCOUNT", + "type": "int" + }, + { + "name": "dns_ancount", + "label": "Dns.ANCOUNT", + "type": "int" + }, + { + "name": "dns_nscount", + "label": "Dns.NSCOUNT", + "type": "int" + }, + { + "name": "dns_arcount", + "label": "Dns.ARCOUNT", + "type": "int" + }, + { + "name": "dns_qname", + "label": "Dns.QNAME", + "type": "string" + }, + { + "name": "dns_qtype", + "label": "Dns.QTYPE", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"A\"},{\"code\":\"2\",\"value\":\"NS\"},{\"code\":\"5\",\"value\":\"CNAME\"},{\"code\":\"6\",\"value\":\"SOA\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"12\",\"value\":\"PTR\"},{\"code\":\"13\",\"value\":\"HINFO\"},{\"code\":\"11\",\"value\":\"WKS\"},{\"code\":\"15\",\"value\":\"MX\"},{\"code\":\"28\",\"value\":\"AAAA\"}]}" + }, + { + "name": "dns_qclass", + "label": "Dns.QCLASS", + "type": "int" + }, + { + "name": "dns_cname", + "label": "Dns.CNAME", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "dns_sub", + "label": "Dns.SUB", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"1\",\"value\":\"DNS\"},{\"code\":\"2\",\"value\":\"DNSSEC\"}]}" + }, + { + "name": "dns_rr", + "label": "Dns.RR", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "type": "string", + "doc": "{\"allow_query\":\"true\",\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "type": "string" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "type": "string" + }, + { + "name": "ssl_pinningst", + "label": "SSL.Pinning", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Not Pinning\"},{\"code\":\"1\",\"value\":\"Pinning\"},{\"code\":\"2\",\"value\":\"Maybe Pinning\"}]}" + }, + { + "name": "ssl_intercept_state", + "label": "SSL.Intercept State", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"Passthrough\"},{\"code\":\"1\",\"value\":\"Intercept\"},{\"code\":\"2\",\"value\":\"Shutdown\"}]}" + }, + { + "name": "ssl_server_side_latency", + "label": "SSL.Server Side Latency(ms)", + "type": "int" + }, + { + "name": "ssl_client_side_latency", + "label": "SSL.Client Side Latency(ms)", + "type": "int" + }, + { + "name": "ssl_server_side_version", + "label": "SSL.Server Side Version", + "type": "string" + }, + { + "name": "ssl_client_side_version", + "label": "SSL.Client Side Version", + "type": "string" + }, + { + "name": "ssl_cert_verify", + "label": "SSL.Certificate Verify", + "type": "int", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"No\"},{\"code\":\"1\",\"value\":\"Yes\"}]}" + }, + { + "name": "ssl_error", + "label": "SSL.Error", + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Connection Latency(ms)", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "type": "string", + "doc": "{\"visibility\":\"hidden\"}" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "type": "string", + "doc": "{\"allow_query\":\"true\"}" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "type": "string" + }, + { + "name": "quic_version", + "label": "Quic.Version", + "type": "string" + }, + { + "name": "quic_sni", + "label": "Quic.SNI", + "type": "string", + "doc": "{\"format\":{\"functions\":\"sub_domain\",\"appendTo\":\"http_domain\"}}" + }, + { + "name": "quic_user_agent", + "label": "Quic.User Agent", + "type": "string" + }, + { + "name": "ftp_account", + "label": "Ftp.Account", + "type": "string" + }, + { + "name": "ftp_url", + "label": "Ftp.URL", + "type": "string" + }, + { + "name": "ftp_content", + "label": "Ftp.Content", + "type": "string" + }, + { + "name": "bgp_type", + "label": "BGP.Type", + "type": "int", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "bgp_as_num", + "label": "BGP.AS Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "bgp_route", + "label": "BGP.Route", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_calling_account", + "label": "Voip.Calling Account", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_called_account", + "label": "Voip.Called Account", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_calling_number", + "label": "Voip.Calling Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "voip_called_number", + "label": "Voip.Called Number", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "streaming_media_url", + "label": "Streaming.Media URL", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "streaming_media_protocol", + "label": "Streaming.Media Protocol", + "type": "string", + "doc": "{\"visibility\":\"disabled\"}" + }, + { + "name": "app_extra_info", + "label": "APP.Extra Info", + "type": "string" + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "type": "string" + }, + { + "name": "sip_from", + "label": "SIP.From", + "type": "string" + }, + { + "name": "sip_to", + "label": "SIP.To", + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "type": "string" + }, + { + "name": "sip_from_sdp_connect_ip", + "label": "SIP.From Connect IP", + "type": "string" + }, + { + "name": "sip_from_sdp_media_port", + "label": "SIP.From Media Port", + "type": "int" + }, + { + "name": "sip_from_sdp_media_type", + "label": "SIP.From Media Type", + "type": "string" + }, + { + "name": "sip_from_sdp_content", + "label": "SIP.From SDP Content", + "type": "string" + }, + { + "name": "sip_to_sdp_connect_ip", + "label": "SIP.To Connect IP", + "type": "string" + }, + { + "name": "sip_to_sdp_media_port", + "label": "SIP.To Media Port", + "type": "int" + }, + { + "name": "sip_to_sdp_media_type", + "label": "SIP.To Media Type", + "type": "string" + }, + { + "name": "sip_to_sdp_content", + "label": "SIP.To SDP Content", + "type": "string" + }, + { + "name": "sip_duration", + "label": "SIP.Duration", + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload(c2s)", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"PCMU\"},{\"code\":\"1\",\"value\":\"1016\"},{\"code\":\"2\",\"value\":\"G721\"},{\"code\":\"3\",\"value\":\"GSM\"},{\"code\":\"4\",\"value\":\"G723\"},{\"code\":\"5\",\"value\":\"DVI4_8000\"},{\"code\":\"6\",\"value\":\"DVI4_16000\"},{\"code\":\"7\",\"value\":\"LPC\"},{\"code\":\"8\",\"value\":\"PCMA\"},{\"code\":\"9\",\"value\":\"G722\"},{\"code\":\"10\",\"value\":\"L16_STEREO\"},{\"code\":\"11\",\"value\":\"L16_MONO\"},{\"code\":\"12\",\"value\":\"QCELP\"},{\"code\":\"13\",\"value\":\"CN\"},{\"code\":\"14\",\"value\":\"MPA\"},{\"code\":\"15\",\"value\":\"G728\"},{\"code\":\"16\",\"value\":\"DVI4_11025\"},{\"code\":\"17\",\"value\":\"DVI4_22050\"},{\"code\":\"18\",\"value\":\"G729\"},{\"code\":\"19\",\"value\":\"CN_OLD\"},{\"code\":\"25\",\"value\":\"CELB\"},{\"code\":\"26\",\"value\":\"JPEG\"},{\"code\":\"28\",\"value\":\"NV\"},{\"code\":\"31\",\"value\":\"H261\"},{\"code\":\"32\",\"value\":\"MPV\"},{\"code\":\"33\",\"value\":\"MP2T\"},{\"code\":\"34\",\"value\":\"H263\"}]}", + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload(s2c)", + "doc": "{\"constraints\":{\"operator_functions\":\"=,!=\"},\"data\":[{\"code\":\"0\",\"value\":\"PCMU\"},{\"code\":\"1\",\"value\":\"1016\"},{\"code\":\"2\",\"value\":\"G721\"},{\"code\":\"3\",\"value\":\"GSM\"},{\"code\":\"4\",\"value\":\"G723\"},{\"code\":\"5\",\"value\":\"DVI4_8000\"},{\"code\":\"6\",\"value\":\"DVI4_16000\"},{\"code\":\"7\",\"value\":\"LPC\"},{\"code\":\"8\",\"value\":\"PCMA\"},{\"code\":\"9\",\"value\":\"G722\"},{\"code\":\"10\",\"value\":\"L16_STEREO\"},{\"code\":\"11\",\"value\":\"L16_MONO\"},{\"code\":\"12\",\"value\":\"QCELP\"},{\"code\":\"13\",\"value\":\"CN\"},{\"code\":\"14\",\"value\":\"MPA\"},{\"code\":\"15\",\"value\":\"G728\"},{\"code\":\"16\",\"value\":\"DVI4_11025\"},{\"code\":\"17\",\"value\":\"DVI4_22050\"},{\"code\":\"18\",\"value\":\"G729\"},{\"code\":\"19\",\"value\":\"CN_OLD\"},{\"code\":\"25\",\"value\":\"CELB\"},{\"code\":\"26\",\"value\":\"JPEG\"},{\"code\":\"28\",\"value\":\"NV\"},{\"code\":\"31\",\"value\":\"H261\"},{\"code\":\"32\",\"value\":\"MPV\"},{\"code\":\"33\",\"value\":\"MP2T\"},{\"code\":\"34\",\"value\":\"H263\"}]}", + "type": "int" + }, + { + "name": "rtp_pcap_dir_c2s", + "label": "RTP.PCAP(c2s)", + "doc": "{\"constraints\":{\"type\":\"file\"}}", + "type": "string" + }, + { + "name": "rtp_pcap_dir_s2c", + "label": "RTP.PCAP(s2c)", + "doc": "{\"constraints\":{\"type\":\"file\"}}", + "type": "string" + } + ] +} \ No newline at end of file