From e674e9859bbfee56cade8622c31bd70d3022b95a Mon Sep 17 00:00:00 2001 From: zhanghongqing Date: Wed, 2 Mar 2022 15:38:43 +0800 Subject: [PATCH] 22.02 update --- .../TSG-22.02/job/update-02-job.sql | 2 +- .../galaxy-qgw-service/config/assessment_event.json | 87 - .../config/interim_session_record.json | 2291 ---------------- .../qgw/galaxy-qgw-service/config/meta_data.json | 90 - .../galaxy-qgw-service/config/public_schema_info.json | 2104 --------------- .../qgw/galaxy-qgw-service/config/security_event.json | 2367 ----------------- .../qgw/galaxy-qgw-service/config/session_record.json | 2320 ---------------- .../galaxy-qgw-service/config/transaction_record.json | 1500 ----------- .../qgw/galaxy-qgw-service/config/voip_record.json | 1382 ---------- 9 files changed, 1 insertion(+), 12142 deletions(-) delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/assessment_event.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/interim_session_record.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/meta_data.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/public_schema_info.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/security_event.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/session_record.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/transaction_record.json delete mode 100644 TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/voip_record.json diff --git a/TSG发布版本更新记录/TSG-22.02/job/update-02-job.sql b/TSG发布版本更新记录/TSG-22.02/job/update-02-job.sql index ca1478d..4b01e48 100644 --- a/TSG发布版本更新记录/TSG-22.02/job/update-02-job.sql +++ b/TSG发布版本更新记录/TSG-22.02/job/update-02-job.sql @@ -1,2 +1,2 @@ -INSERT INTO `xxl_job_info` VALUES ('101', '3', '0 0 0 1/7 * ?', 'Web-Sketch-Assessment-File', '2022-01-27 17:40:42', '2022-02-23 02:16:56', 'galaxy', '', 'FAILOVER', 'httpToStoreJobHandler', ' [{\r\n \"url\": \"http://{{machine_host}}:9999/?option=long-term&resultId=1&query=SELECT http_domain AS name, arrayStringConcat(groupUniqArray(common_l7_protocol),\',\') AS protocol, count(*) AS sessions FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 7 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) GROUP BY name ORDER BY sessions DESC LIMIT 500000;\",\r\n \"method\": \"get\",\r\n \"requestBody\": {},\r\n \"resultKey\": \"data\",\r\n \"store\": \"all\"\r\n}, {\r\n \"url\": \"http://{{machine_host}}:9999/?option=long-term&resultId=1&query=SELECT http_domain AS name, arrayStringConcat(groupUniqArray(common_l7_protocol),\',\') AS protocol, count(*) AS sessions FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 7 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) AND empty(common_service_category) AND http_domain NOT IN (select http_domain FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 7 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) AND notEmpty(common_service_category)) GROUP BY name ORDER BY sessions DESC LIMIT 500000;\",\r\n \"method\": \"get\",\r\n \"requestBody\": {},\r\n \"resultKey\": \"data\",\r\n \"store\": \"uncategorized\"\r\n}]', 'COVER_EARLY', '0', '0', 'BEAN', '', 'GLUE代码初始化', '2022-01-27 17:40:42', '', '1', '1645488000000', '1646092800000'); +INSERT INTO `xxl_job_info` VALUES ('101', '3', '0 0 0 1/7 * ?', 'Web-Sketch-Assessment-File', '2022-01-27 17:40:42', '2022-02-23 02:16:56', 'galaxy', '', 'FAILOVER', 'httpToStoreJobHandler', ' [{\r\n \"url\": \"http://{{machine_host}}:9999/?option=long-term&resultId=1&query=SELECT http_domain AS name, arrayStringConcat(groupUniqArray(common_l7_protocol),\',\') AS protocol, count(*) AS sessions FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 1 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) GROUP BY name ORDER BY sessions DESC LIMIT 500000;\",\r\n \"method\": \"get\",\r\n \"requestBody\": {},\r\n \"resultKey\": \"data\",\r\n \"store\": \"all\"\r\n}, {\r\n \"url\": \"http://{{machine_host}}:9999/?option=long-term&resultId=1&query=SELECT http_domain AS name, arrayStringConcat(groupUniqArray(common_l7_protocol),\',\') AS protocol, count(*) AS sessions FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 1 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) AND empty(common_service_category) AND http_domain NOT IN (select http_domain FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toStartOfDay(now()- INTERVAL 1 DAY) AND common_recv_time < toStartOfDay(now()) AND notEmpty(http_domain) AND notEmpty(common_service_category)) GROUP BY name ORDER BY sessions DESC LIMIT 500000;\",\r\n \"method\": \"get\",\r\n \"requestBody\": {},\r\n \"resultKey\": \"data\",\r\n \"store\": \"uncategorized\"\r\n}]', 'COVER_EARLY', '0', '0', 'BEAN', '', 'GLUE代码初始化', '2022-01-27 17:40:42', '', '1', '1645488000000', '1646092800000'); INSERT INTO `xxl_job_info` VALUES ('103', '3', '0 0 0/4 * * ?', 'IP-Locate-Library', '2022-02-08 15:14:04', '2022-02-10 15:26:28', 'tian', '', 'FIRST', 'IPLocateLibraryJobHandler', 'docker run -it -d --rm -v /home/galaxy/volumes/mmdb:/mmdb -v /home/galaxy/volumes/mmdb/mmdb-perl-user-defined.pl:/mmdb-perl-user-defined.pl -v /home/galaxy/volumes/mmdb/mmdb-perl-built-in.pl:/mmdb-perl-built-in.pl --name my-running-script perl:v3 sh -c \'cd /mmdb &&perl /mmdb-perl-user-defined.pl && perl /mmdb-perl-built-in.pl\'', 'SERIAL_EXECUTION', '200000', '0', 'BEAN', '', 'GLUE代码初始化', '2022-02-08 15:14:04', '', '1', '1644566511000', '1644566512000'); diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/assessment_event.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/assessment_event.json deleted file mode 100644 index 4d6cca5..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/assessment_event.json +++ /dev/null @@ -1,87 +0,0 @@ -{ - "type": "record", - "name": "assessment_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "lot_number", - "label": "Lot Number", - "type": "string" - }, - { - "name": "file_name", - "label": "File Name", - "type": "string" - }, - { - "name": "features", - "label": "Features", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "assessment_type", - "label": "Assessment Type", - "type": "string" - }, - { - "name": "size", - "label": "Size", - "type": "long" - }, - { - "name": "file_checksum_sha", - "label": "SHA256", - "type": "string" - }, - { - "name": "assessment_date", - "label": "Assessment Date", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "assessment_file", - "label": "Assessment File", - "doc": { - "constraints": { - "type": "file" - } - }, - "type": "string" - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/interim_session_record.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/interim_session_record.json deleted file mode 100644 index 7835eab..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/interim_session_record.json +++ /dev/null @@ -1,2291 +0,0 @@ -{ - "type": "record", - "name": "interim_session_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url", - "ssl_sni", - "ssl_ja3_hash", - "quic_sni", - "quic_vesion" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol", - "common_app_behavior" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - }, - "SSH": { - "$ref": "public_schema_info.json#/schema_type/SSH" - }, - "Stratum": { - "$ref": "public_schema_info.json#/schema_type/Stratum" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "internal_columns": [ - "common_recv_time", - "common_log_id", - "common_processing_time", - "common_userdefine_app_name", - "common_tunnels", - "common_packet_capture_file", - "rtp_pcap_path", - "http_request_body", - "http_response_body", - "mail_eml_file" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "APP", - "value": "APP" - }, - { - "code": "SSH", - "value": "SSH" - }, - { - "code": "Stratum", - "value": "Stratum" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_app_behavior", - "label": "Application Behavior", - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_packet_capture_file", - "label": "Packet Capture File", - "doc": { - "visibility": "hidden", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "type": "long" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_passthrough_reason", - "label": "SSL.Passthrough Reason", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "QUIC.Version", - "type": "string" - }, - { - "name": "quic_sni", - "label": "QUIC.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "QUIC.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration_s", - "label": "SIP.Duration(s)", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "allow_query": "false", - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ] - }, - "type": "int" - }, - { - "name": "ssh_version", - "label": "SSH.Version", - "type": "string" - }, - { - "name": "ssh_auth_success", - "label": "SSH.Authentication Result", - "type": "string" - }, - { - "name": "ssh_client_version", - "label": "SSH.Client Version", - "type": "string" - }, - { - "name": "ssh_server_version", - "label": "SSH.Server Version", - "type": "string" - }, - { - "name": "ssh_cipher_alg", - "label": "SSH.Encryption Algorithm", - "type": "string" - }, - { - "name": "ssh_mac_alg", - "label": "SSH.Signing Algorithm", - "type": "string" - }, - { - "name": "ssh_compression_alg", - "label": "SSH.Compression Algorithm", - "type": "string" - }, - { - "name": "ssh_kex_alg", - "label": "SSH. Key Exchange Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key_alg", - "label": "SSH.Server Host Key Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key", - "label": "SSH.Server Key Fingerprint", - "type": "string" - }, - { - "name": "ssh_hassh", - "label": "SSH.HASSH", - "type": "string" - }, - { - "name": "stratum_cryptocurrency", - "label": "Cryptocurrency", - "type": "string" - }, - { - "name": "stratum_mining_pools", - "label": "Mining Pools", - "type": "string" - }, - { - "name": "stratum_mining_program", - "label": "Mining Program", - "type": "string" - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/meta_data.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/meta_data.json deleted file mode 100644 index 6900e68..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/meta_data.json +++ /dev/null @@ -1,90 +0,0 @@ -{ - "metadata": [ - { - "namespace": "tsg_galaxy_v3", - "group": "CLICKHOUSE_GROUP", - "tables": [ - "radius_onff_log", - "session_record", - "session_record_common_client_ip", - "session_record_common_server_ip", - "session_record_http_domain", - "interim_session_record", - "transaction_record", - "radius_record", - "voip_record", - "gtpc_record", - "security_event", - "proxy_event", - "dos_event", - "active_defence_event", - "sys_packet_capture_event", - "assessment_event" - ] - }, - { - "namespace": "elasticsearch", - "group": "ELASTICSEARCH_GROUP", - "tables": [ - ] - }, - { - "namespace": "system", - "group": "CLICKHOUSE_GROUP", - "tables": [ - "query_log_cluster", - "tables_cluster", - "columns_cluster", - "disks_cluster", - "parts_cluster", - "processes", - "query_log" - ] - }, - { - "namespace": "druid", - "group": "DRUID_GROUP", - "tables": [ - "top_internal_host_log", - "top_website_domain_log", - "proxy_event_hits_log", - "sys_storage_log", - "security_event_hits_log", - "traffic_protocol_stat_log", - "top_server_ip_log", - "traffic_summary_log", - "traffic_metrics_log", - "top_user_log", - "top_urls_log", - "top_client_ip_log", - "top_external_host_log", - "traffic_app_stat_log", - "traffic_top_destination_ip_metrics_log" - ] - }, - { - "namespace": "etl", - "group": "ETL_GROUP", - "tables": [ - "liveChart_interim", - "liveChart_session" - ] - }, - { - "namespace":"tsg", - "group":"HBASE_GROUP", - "tables":[ - "report_result" - ] - }, - { - "namespace": "tsg_galaxy", - "group": "HBASE_GROUP", - "tables": [ - "relation_account_framedip", - "recommendation_app_cip", - "job_result" - ] - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/public_schema_info.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/public_schema_info.json deleted file mode 100644 index ab5f6eb..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/public_schema_info.json +++ /dev/null @@ -1,2104 +0,0 @@ -{ - "functions": { - "aggregation": [ - { - "name": "COUNT", - "label": "COUNT", - "function": "count(expr)" - }, - { - "name": "COUNT_DISTINCT", - "label": "COUNT_DISTINCT", - "function": "count(distinct expr)" - }, - { - "name": "AVG", - "label": "AVG", - "function": "avg(expr)" - }, - { - "name": "SUM", - "label": "SUM", - "function": "sum(expr)" - }, - { - "name": "MAX", - "label": "MAX", - "function": "max(expr)" - }, - { - "name": "MIN", - "label": "MIN", - "function": "min(expr)" - } - ], - "operator": [ - { - "name": "=", - "label": "=", - "function": "expr = value" - }, - { - "name": "!=", - "label": "!=", - "function": "expr != value" - }, - { - "name": ">", - "label": ">", - "function": "expr > value" - }, - { - "name": "<", - "label": "<", - "function": "expr < value" - }, - { - "name": ">=", - "label": ">=", - "function": "expr >= value" - }, - { - "name": "<=", - "label": "<=", - "function": "expr <= value" - }, - { - "name": "has", - "label": "HAS", - "function": "has(expr, value)" - }, - { - "name": "in", - "label": "IN", - "function": "expr in (values)" - }, - { - "name": "not in", - "label": "NOT IN", - "function": "expr not in (values)" - }, - { - "name": "like", - "label": "LIKE", - "function": "expr like value" - }, - { - "name": "not like", - "label": "NOT LIKE", - "function": "expr not like value" - }, - { - "name": "notEmpty", - "label": "NOT EMPTY", - "function": "notEmpty(expr)" - }, - { - "name": "empty", - "label": "EMPTY", - "function": "empty(expr)" - } - ] - }, - "schema_query": { - "references": { - "aggregation": [ - { - "type": "int", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "long", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "float", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "double", - "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN" - }, - { - "type": "string", - "functions": "COUNT,COUNT_DISTINCT" - }, - { - "type": "date", - "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" - }, - { - "type": "timestamp", - "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" - } - ], - "operator": [ - { - "type": "int", - "functions": "=,!=,>,<,>=,<=,in,not in" - }, - { - "type": "long", - "functions": "=,!=,>,<,>=,<=,in,not in" - }, - { - "type": "float", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "double", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "string", - "functions": "=,!=,in,not in,like,not like,notEmpty,empty" - }, - { - "type": "date", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "timestamp", - "functions": "=,!=,>,<,>=,<=" - }, - { - "type": "array", - "functions": "has" - } - ] - } - }, - "schema_type": { - "BASE": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_service_category", - "common_l7_protocol", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port" - ] - }, - "HTTP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_service_category", - "common_l7_protocol", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "http_url", - "http_host", - "http_domain", - "http_request_line", - "http_response_line", - "http_request_header", - "http_response_header", - "http_request_content", - "http_request_content_length", - "http_request_content_type", - "http_response_content", - "http_response_content_length", - "http_response_content_type", - "http_request_body", - "http_response_body", - "http_request_body_key", - "http_response_body_key", - "http_proxy_flag", - "http_sequence", - "http_snapshot", - "http_cookie", - "http_referer", - "http_user_agent", - "http_content_length", - "http_content_type", - "http_set_cookie", - "http_version", - "http_response_latency_ms", - "http_session_duration_ms", - "http_action_file_size" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "http_url", - "common_server_port", - "common_sub_action" - ] - }, - "MAIL": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "mail_protocol_type", - "mail_account", - "mail_from_cmd", - "mail_to_cmd", - "mail_from", - "mail_to", - "mail_cc", - "mail_bcc", - "mail_subject", - "mail_subject_charset", - "mail_content", - "mail_content_charset", - "mail_attachment_name", - "mail_attachment_name_charset", - "mail_attachment_content", - "mail_eml_file", - "mail_snapshot" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "mail_from", - "mail_to", - "mail_subject" - ] - }, - "DNS": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "dns_message_id", - "dns_qr", - "dns_opcode", - "dns_aa", - "dns_tc", - "dns_rd", - "dns_ra", - "dns_rcode", - "dns_qdcount", - "dns_ancount", - "dns_nscount", - "dns_arcount", - "dns_qname", - "dns_qtype", - "dns_qclass", - "dns_cname", - "dns_sub", - "dns_rr" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_client_ip", - "dns_qr", - "dns_qname", - "dns_qtype" - ] - }, - "SSL": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "ssl_sni", - "ssl_san", - "ssl_cn", - "ssl_pinningst", - "ssl_intercept_state", - "ssl_passthrough_reason", - "ssl_server_side_latency", - "ssl_client_side_latency", - "ssl_server_side_version", - "ssl_client_side_version", - "ssl_cert_verify", - "ssl_error", - "ssl_con_latency_ms", - "ssl_ja3_fingerprint", - "ssl_ja3_hash", - "ssl_cert_issuer", - "ssl_cert_subject" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "ssl_sni", - "common_server_ip", - "common_server_port" - ] - }, - "QUIC": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "quic_version", - "quic_sni", - "quic_user_agent" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "quic_sni", - "common_server_ip", - "common_server_port" - ] - }, - "FTP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "ftp_account", - "ftp_url", - "ftp_content", - "ftp_link_type" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "ftp_url", - "common_server_ip", - "common_server_port" - ] - }, - "BGP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "bgp_type", - "bgp_as_num", - "bgp_route" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "bgp_type", - "bgp_as_num", - "common_server_ip", - "common_server_port" - ] - }, - "SIP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_originator_sdp_connect_ip", - "sip_originator_sdp_media_port", - "sip_originator_sdp_media_type", - "sip_originator_sdp_content", - "sip_responder_sdp_connect_ip", - "sip_responder_sdp_media_port", - "sip_responder_sdp_media_type", - "sip_responder_sdp_content", - "sip_duration_s", - "sip_bye" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "sip_originator_description", - "sip_responder_description", - "sip_call_id", - "common_server_ip", - "common_server_port" - ] - }, - "RTP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_pcap_path", - "rtp_originator_dir" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "rtp_pcap_path", - "rtp_originator_dir" - ] - }, - "APP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "app_extra_info" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "common_app_id", - "common_app_label", - "app_extra_info", - "common_server_ip", - "common_server_port" - ] - }, - "DoH": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "doh_url", - "doh_host", - "doh_request_line", - "doh_response_line", - "doh_cookie", - "doh_referer", - "doh_user_agent", - "doh_content_length", - "doh_content_type", - "doh_set_cookie", - "doh_version", - "doh_message_id", - "doh_qr", - "doh_opcode", - "doh_aa", - "doh_tc", - "doh_rd", - "doh_ra", - "doh_rcode", - "doh_qdcount", - "doh_ancount", - "doh_nscount", - "doh_arcount", - "doh_qname", - "doh_qtype", - "doh_qclass", - "doh_cname", - "doh_sub", - "doh_rr" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_client_ip", - "doh_url", - "doh_qname", - "common_server_port" - ] - }, - "VoIP": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_originator_sdp_connect_ip", - "sip_originator_sdp_media_port", - "sip_originator_sdp_media_type", - "sip_originator_sdp_content", - "sip_responder_sdp_connect_ip", - "sip_responder_sdp_media_port", - "sip_responder_sdp_media_type", - "sip_responder_sdp_content", - "sip_duration_s", - "sip_bye", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_pcap_path", - "rtp_originator_dir" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "sip_originator_description", - "sip_responder_description", - "sip_call_id", - "common_server_ip", - "common_server_port", - "rtp_pcap_path", - "rtp_originator_dir" - ] - }, - "SSH": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "ssh_version", - "ssh_auth_success", - "ssh_client_version", - "ssh_server_version", - "ssh_cipher_alg", - "ssh_mac_alg", - "ssh_compression_alg", - "ssh_kex_alg", - "ssh_host_key_alg", - "ssh_host_key", - "ssh_hassh" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "ssh_auth_success" - ] - }, - "RADIUS": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "radius_packet_type", - "radius_nas_ip", - "radius_framed_ip", - "radius_account", - "radius_session_timeout", - "radius_idle_timeout", - "radius_acct_status_type", - "radius_acct_terminate_cause", - "radius_event_timestamp", - "radius_nas_port", - "radius_service_type", - "radius_framed_protocol", - "radius_callback_number", - "radius_callback_id", - "radius_termination_action", - "radius_called_station_id", - "radius_calling_station_id", - "radius_acct_delay_time", - "radius_acct_session_id", - "radius_acct_multi_session_id", - "radius_acct_input_octets", - "radius_acct_output_octets", - "radius_acct_input_packets", - "radius_acct_output_packets", - "radius_acct_session_time", - "radius_acct_link_count", - "radius_acct_interim_interval", - "radius_acct_authentic" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "radius_nas_ip", - "radius_framed_ip", - "radius_acct_status_type" - ] - }, - "Stratum": { - "columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number", - "common_client_ip", - "common_client_port", - "common_internal_ip", - "common_l4_protocol", - "common_address_type", - "common_server_ip", - "common_server_port", - "common_external_ip", - "common_action", - "common_direction", - "common_entrance_id", - "common_sled_ip", - "common_client_location", - "common_client_asn", - "common_server_location", - "common_server_asn", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_service", - "common_schema_type", - "common_user_tags", - "common_sub_action", - "common_user_region", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_device_tag", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_encapsulation", - "common_app_label", - "common_tunnels", - "common_protocol_label", - "common_app_id", - "common_userdefine_app_name", - "common_app_surrogate_id", - "common_l7_protocol", - "common_service_category", - "common_start_time", - "common_end_time", - "common_establish_latency_ms", - "common_con_duration_ms", - "common_stream_dir", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_stream_trace_id", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_first_ttl", - "common_processing_time", - "common_mirrored_pkts", - "common_mirrored_bytes", - "stratum_cryptocurrency", - "stratum_mining_pools", - "stratum_mining_program" - ], - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "stratum_cryptocurrency", - "stratum_mining_pools", - "stratum_mining_program" - ] - } - }, - "tunnel_type": { - "GTP": [ - { - "name": "gtp_sgw_ip", - "label": "S-GW IP", - "type": "string" - }, - { - "name": "gtp_pgw_ip", - "label": "P-GW IP", - "type": "string" - }, - { - "name": "gtp_sgw_port", - "label": "S-GW Port", - "type": "int" - }, - { - "name": "gtp_pgw_port", - "label": "P-GW Port", - "type": "int" - }, - { - "name": "gtp_uplink_teid", - "label": "Uplink TEID", - "type": "long" - }, - { - "name": "gtp_downlink_teid", - "label": "Downlink TEID", - "type": "long" - } - ], - "MPLS": [ - { - "name": "mpls_c2s_direction_label", - "label": "Multiprotocol Label(c2s)", - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "mpls_s2c_direction_label", - "label": "Multiprotocol Label(s2c)", - "type": { - "type": "array", - "items": "int" - } - } - ], - "VLAN": [ - { - "name": "vlan_c2s_direction_id", - "label": "VLAN Direction(c2s)", - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "vlan_s2c_direction_id", - "label": "VLAN Direction(s2c)", - "type": { - "type": "array", - "items": "int" - } - } - ], - "ETHERNET": [ - { - "name": "source_mac", - "label": "Source MAC", - "type": "string" - }, - { - "name": "destination_mac", - "label": "Destination MAC", - "type": "string" - } - ], - "MULTIPATH_ETHERNET": [ - { - "name": "c2s_source_mac", - "label": "Source MAC(c2s)", - "type": "string" - }, - { - "name": "c2s_destination_mac", - "label": "Destination MAC(c2s)", - "type": "string" - }, - { - "name": "s2c_source_mac", - "label": "Source MAC(s2c)", - "type": "string" - }, - { - "name": "s2c_destination_mac", - "label": "Destination MAC(s2c)", - "type": "string" - } - ], - "L2TP": [ - { - "name": "l2tp_version", - "label": "Version", - "type": "string" - }, - { - "name": "l2tp_lac2lns_tunnel_id", - "label": "LAC2LNS Tunnel ID", - "type": "int" - }, - { - "name": "l2tp_lns2lac_tunnel_id", - "label": "LNS2LAC Tunnel ID", - "type": "int" - }, - { - "name": "l2tp_lac2lns_session_id", - "label": "LAC2LNS Session ID", - "type": "int" - }, - { - "name": "l2tp_lns2lac_session_id", - "label": "LNS2LAC Session ID", - "type": "int" - }, - { - "name": "l2tp_access_concentrator_ip", - "label": "Access Concentrator IP", - "type": "string" - }, - { - "name": "l2tp_access_concentrator_port", - "label": "Access Concentrator Port", - "type": "int" - }, - { - "name": "l2tp_network_server_ip", - "label": "Network Server IP", - "type": "string" - }, - { - "name": "l2tp_network_server_port", - "label": "Network Server Port", - "type": "int" - } - ], - "PPTP": [ - { - "name": "pptp_uplink_tunnel_id", - "label": "UpLink Tunnel ID", - "type": "int" - }, - { - "name": "pptp_downlink_tunnel_id", - "label": "Down Tunnel ID", - "type": "int" - } - ] - }, - "fields": { - "common_encapsulation": { - "data": [ - { - "code": "0", - "value": "Ethernet" - }, - { - "code": "8", - "value": "PPP" - }, - { - "code": "12", - "value": "CiscoHDLC" - } - ] - }, - "common_has_dup_traffic": { - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - } - } -} diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/security_event.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/security_event.json deleted file mode 100644 index 1e1b904..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/security_event.json +++ /dev/null @@ -1,2367 +0,0 @@ -{ - "type": "record", - "name": "security_event", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_policy_id", - "common_action", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "ssl_sni", - "ssl_ja3_hash", - "ssl_passthrough_reason", - "ssl_client_side_version", - "ssl_server_side_version", - "ssl_cert_issuer", - "ssl_cert_subject", - "mail_account", - "mail_from", - "mail_to", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_mirrored_pkts", - "common_mirrored_bytes", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "ssl_sni", - "ssl_ja3_hash", - "ssl_passthrough_reason", - "ssl_client_side_latency", - "ssl_server_side_latency", - "ssl_cert_issuer", - "ssl_cert_subject", - "mail_account", - "mail_from", - "mail_to", - "quic_sni" - ], - "filters": [ - "common_policy_id", - "common_action", - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_mirrored_pkts", - "common_mirrored_bytes", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_sled_ip", - "common_device_id", - "common_direction", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "http_request_content_type", - "http_response_content_type", - "ssl_sni", - "ssl_ja3_hash", - "ssl_pinningst", - "ssl_intercept_state", - "ssl_passthrough_reason", - "ssl_client_side_version", - "ssl_server_side_version", - "ssl_cert_verify", - "ssl_client_side_latency", - "ssl_server_side_latency", - "ssl_cert_issuer", - "ssl_cert_subject", - "mail_account", - "mail_from", - "mail_to", - "mail_subject", - "quic_sni", - "quic_version" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "action": [ - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol", - "common_app_behavior" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - }, - "SSH": { - "$ref": "public_schema_info.json#/schema_type/SSH" - }, - "Stratum": { - "$ref": "public_schema_info.json#/schema_type/Stratum" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_policy_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "internal_columns": [ - "common_recv_time", - "common_log_id", - "common_processing_time", - "common_userdefine_app_name", - "common_tunnels", - "common_packet_capture_file", - "http_request_body", - "http_response_body", - "mail_eml_file", - "rtp_pcap_path" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "doc": { - "format": { - "functions": "set_value", - "param": "1" - } - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - }, - { - "code": "APP", - "value": "APP" - }, - { - "code": "SSH", - "value": "SSH" - }, - { - "code": "Stratum", - "value": "Stratum" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_app_behavior", - "label": "Application Behavior", - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string" - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_packet_capture_file", - "label": "Packet Capture File", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long" - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long" - }, - { - "name": "http_url", - "label": "HTTP.URL", - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Header", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Header", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "type": "long" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "constraints": { - "type": "file" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_passthrough_reason", - "label": "SSL.Passthrough Reason", - "type": "string" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "Quic.Version", - "type": "string" - }, - { - "name": "quic_sni", - "label": "Quic.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "Quic.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration_s", - "label": "SIP.Duration(s)", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ], - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "ssh_version", - "label": "SSH.Version", - "type": "string" - }, - { - "name": "ssh_auth_success", - "label": "SSH.Authentication Result", - "type": "string" - }, - { - "name": "ssh_client_version", - "label": "SSH.Client Version", - "type": "string" - }, - { - "name": "ssh_server_version", - "label": "SSH.Server Version", - "type": "string" - }, - { - "name": "ssh_cipher_alg", - "label": "SSH.Encryption Algorithm", - "type": "string" - }, - { - "name": "ssh_mac_alg", - "label": "SSH.Signing Algorithm", - "type": "string" - }, - { - "name": "ssh_compression_alg", - "label": "SSH.Compression Algorithm", - "type": "string" - }, - { - "name": "ssh_kex_alg", - "label": "SSH. Key Exchange Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key_alg", - "label": "SSH.Server Host Key Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key", - "label": "SSH.Server Key Fingerprint", - "type": "string" - }, - { - "name": "ssh_hassh", - "label": "SSH.HASSH", - "type": "string" - }, - { - "name": "stratum_cryptocurrency", - "label": "Cryptocurrency", - "type": "string" - }, - { - "name": "stratum_mining_pools", - "label": "Mining Pools", - "type": "string" - }, - { - "name": "stratum_mining_program", - "label": "Mining Program", - "type": "string" - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/session_record.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/session_record.json deleted file mode 100644 index e23da2f..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/session_record.json +++ /dev/null @@ -1,2320 +0,0 @@ -{ - "type": "record", - "name": "session_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "index_table": "session_record_common_client_ip,session_record_common_server_ip,session_record_http_domain", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "ssl_sni", - "ssl_ja3_hash", - "ssl_cert_issuer", - "ssl_cert_subject", - "quic_sni", - "quic_version" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "ssl_sni", - "ssl_ja3_hash", - "ssl_cert_issuer", - "ssl_cert_subject", - "quic_sni" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "common_app_label", - "http_host", - "http_domain", - "http_url", - "http_cookie", - "http_referer", - "http_user_agent", - "ssl_sni", - "ssl_ja3_hash", - "ssl_cert_issuer", - "ssl_cert_subject", - "quic_sni", - "quic_version" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol", - "common_app_behavior" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - }, - "SSH": { - "$ref": "public_schema_info.json#/schema_type/SSH" - }, - "Stratum": { - "$ref": "public_schema_info.json#/schema_type/Stratum" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "internal_columns": [ - "common_recv_time", - "common_log_id", - "common_processing_time", - "common_userdefine_app_name", - "common_tunnels", - "common_packet_capture_file", - "rtp_pcap_path", - "http_request_body", - "http_response_body", - "mail_eml_file" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "MAIL", - "value": "MAIL" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SSL", - "value": "SSL" - }, - { - "code": "QUIC", - "value": "QUIC" - }, - { - "code": "FTP", - "value": "FTP" - }, - { - "code": "APP", - "value": "APP" - }, - { - "code": "SSH", - "value": "SSH" - }, - { - "code": "Stratum", - "value": "Stratum" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_app_behavior", - "label": "Application Behavior", - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string" - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_packet_capture_file", - "label": "Packet Capture File", - "doc": { - "visibility": "hidden", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "label": "HTTP.URL", - "type": "string" - }, - { - "name": "http_host", - "label": "HTTP.Host", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "http_domain", - "label": "HTTP.Domain", - "type": "string" - }, - { - "name": "http_request_line", - "label": "HTTP.Request Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_line", - "label": "HTTP.Response Line", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_request_header", - "label": "HTTP.Request Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_header", - "label": "HTTP.Response Headers", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content", - "label": "HTTP.Request Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "label": "HTTP.Response Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "label": "HTTP.Request Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_response_body", - "label": "HTTP.Response Body", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "http_request_body_key", - "label": "HTTP.Request Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_response_body_key", - "label": "HTTP.Response Body Key", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "http_proxy_flag", - "label": "HTTP.Proxy Flag", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_sequence", - "label": "HTTP.Sequence", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "http_snapshot", - "label": "HTTP.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_cookie", - "label": "HTTP.Cookie", - "type": "string" - }, - { - "name": "http_referer", - "label": "HTTP.Referer", - "type": "string" - }, - { - "name": "http_user_agent", - "label": "HTTP.User Agent", - "type": "string" - }, - { - "name": "http_content_length", - "label": "HTTP.Content Length", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_content_type", - "label": "HTTP.Content Type", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "http_set_cookie", - "label": "HTTP.Set Cookie", - "type": "string" - }, - { - "name": "http_version", - "label": "HTTP.Version", - "type": "string" - }, - { - "name": "http_response_latency_ms", - "label": "HTTP.Response Latency(ms)", - "type": "long" - }, - { - "name": "http_session_duration_ms", - "label": "HTTP.Session Duration(ms)", - "type": "long" - }, - { - "name": "http_action_file_size", - "label": "HTTP.Action File Size", - "type": "int" - }, - { - "name": "mail_protocol_type", - "label": "Mail.Protocol Type", - "type": "string" - }, - { - "name": "mail_account", - "label": "Mail.Account", - "type": "string" - }, - { - "name": "mail_from_cmd", - "label": "Mail.From CMD", - "type": "string" - }, - { - "name": "mail_to_cmd", - "label": "Mail.To CMD", - "type": "string" - }, - { - "name": "mail_from", - "label": "Mail.From", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_to", - "label": "Mail.To", - "doc": { - "constraints": { - "type": "email" - } - }, - "type": "string" - }, - { - "name": "mail_cc", - "label": "Mail.CC", - "type": "string" - }, - { - "name": "mail_bcc", - "label": "Mail.BCC", - "type": "string" - }, - { - "name": "mail_subject", - "label": "Mail.Subject", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_subject_charset" - } - }, - "type": "string" - }, - { - "name": "mail_subject_charset", - "label": "Mail.Subject Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content", - "label": "Mail.Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_content_charset", - "label": "Mail.Content Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_name", - "label": "Mail.Attachment", - "doc": { - "format": { - "functions": "decode_of_base64", - "param": "$.mail_attachment_name_charset" - } - }, - "type": "string" - }, - { - "name": "mail_attachment_name_charset", - "label": "Mail.Attachment Charset", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_attachment_content", - "label": "Mail.Attachment Content", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "mail_eml_file", - "label": "Mail.EML File", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "mail_snapshot", - "label": "Mail.Snapshot", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "dns_message_id", - "label": "DNS.Message ID", - "type": "int" - }, - { - "name": "dns_qr", - "label": "DNS.QR", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_opcode", - "label": "DNS.OPCODE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "type": "int" - }, - { - "name": "dns_aa", - "label": "DNS.AA", - "type": "int" - }, - { - "name": "dns_tc", - "label": "DNS.TC", - "type": "int" - }, - { - "name": "dns_rd", - "label": "DNS.RD", - "type": "int" - }, - { - "name": "dns_ra", - "label": "DNS.RA", - "type": "int" - }, - { - "name": "dns_rcode", - "label": "DNS.RCODE", - "type": "int" - }, - { - "name": "dns_qdcount", - "label": "DNS.QDCOUNT", - "type": "int" - }, - { - "name": "dns_ancount", - "label": "DNS.ANCOUNT", - "type": "int" - }, - { - "name": "dns_nscount", - "label": "DNS.NSCOUNT", - "type": "int" - }, - { - "name": "dns_arcount", - "label": "DNS.ARCOUNT", - "type": "int" - }, - { - "name": "dns_qname", - "label": "DNS.QNAME", - "type": "string" - }, - { - "name": "dns_qtype", - "label": "DNS.QTYPE", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "type": "int" - }, - { - "name": "dns_qclass", - "label": "DNS.QCLASS", - "type": "int" - }, - { - "name": "dns_cname", - "label": "DNS.CNAME", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "dns_sub", - "label": "DNS.SUB", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "type": "int" - }, - { - "name": "dns_rr", - "label": "DNS.RR", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_version", - "label": "SSL.Version", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_sni", - "label": "SSL.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "ssl_san", - "label": "SSL.SAN", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "ssl_cn", - "label": "SSL.CN", - "type": "string" - }, - { - "name": "ssl_pinningst", - "label": "SSL.Pinning", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Not Pinning" - }, - { - "code": "1", - "value": "Pinning" - }, - { - "code": "2", - "value": "Maybe Pinning" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_intercept_state", - "label": "SSL.Intercept State", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "Passthrough" - }, - { - "code": "1", - "value": "Intercept" - }, - { - "code": "2", - "value": "Shutdown" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_passthrough_reason", - "label": "SSL.Passthrough Reason", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_server_side_latency", - "label": "SSL.Server Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_client_side_latency", - "label": "SSL.Client Side Latency(ms)", - "type": "int" - }, - { - "name": "ssl_server_side_version", - "label": "SSL.Server Side Version", - "type": "string" - }, - { - "name": "ssl_client_side_version", - "label": "SSL.Client Side Version", - "type": "string" - }, - { - "name": "ssl_cert_verify", - "label": "SSL.Certificate Verify", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "No" - }, - { - "code": "1", - "value": "Yes" - } - ] - }, - "type": "int" - }, - { - "name": "ssl_error", - "label": "SSL.Error", - "type": "string" - }, - { - "name": "ssl_con_latency_ms", - "label": "SSL.Connection Latency(ms)", - "type": "int" - }, - { - "name": "ssl_ja3_fingerprint", - "label": "SSL.JA3", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "ssl_ja3_hash", - "label": "SSL.JA3 hash", - "type": "string" - }, - { - "name": "ssl_cert_issuer", - "label": "SSL.Issuer", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "ssl_cert_subject", - "label": "SSL.Subject", - "doc": { - "constraints": { - "type": "items" - } - }, - "type": "string" - }, - { - "name": "quic_version", - "label": "QUIC.Version", - "type": "string" - }, - { - "name": "quic_sni", - "label": "QUIC.SNI", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "type": "string" - }, - { - "name": "quic_user_agent", - "label": "QUIC.User Agent", - "type": "string" - }, - { - "name": "ftp_account", - "label": "FTP.Account", - "type": "string" - }, - { - "name": "ftp_url", - "label": "FTP.URL", - "type": "string" - }, - { - "name": "ftp_content", - "label": "FTP.Content", - "type": "string" - }, - { - "name": "ftp_link_type", - "label": "FTP.Link Type", - "type": "string" - }, - { - "name": "bgp_type", - "label": "BGP.Type", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "bgp_as_num", - "label": "BGP.AS Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "bgp_route", - "label": "BGP.Route", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_account", - "label": "VoIP.Calling Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_account", - "label": "VoIP.Called Account", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_calling_number", - "label": "VoIP.Calling Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "voip_called_number", - "label": "VoIP.Called Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_url", - "label": "Streaming.Media URL", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "streaming_media_protocol", - "label": "Streaming.Media Protocol", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "app_extra_info", - "label": "APP.Extra Info", - "type": "string" - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration_s", - "label": "SIP.Duration(s)", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "allow_query": "false", - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ], - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "ssh_version", - "label": "SSH.Version", - "type": "string" - }, - { - "name": "ssh_auth_success", - "label": "SSH.Authentication Result", - "type": "string" - }, - { - "name": "ssh_client_version", - "label": "SSH.Client Version", - "type": "string" - }, - { - "name": "ssh_server_version", - "label": "SSH.Server Version", - "type": "string" - }, - { - "name": "ssh_cipher_alg", - "label": "SSH.Encryption Algorithm", - "type": "string" - }, - { - "name": "ssh_mac_alg", - "label": "SSH.Signing Algorithm", - "type": "string" - }, - { - "name": "ssh_compression_alg", - "label": "SSH.Compression Algorithm", - "type": "string" - }, - { - "name": "ssh_kex_alg", - "label": "SSH. Key Exchange Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key_alg", - "label": "SSH.Server Host Key Algorithm", - "type": "string" - }, - { - "name": "ssh_host_key", - "label": "SSH.Server Key Fingerprint", - "type": "string" - }, - { - "name": "ssh_hassh", - "label": "SSH.HASSH", - "type": "string" - }, - { - "name": "stratum_cryptocurrency", - "label": "Cryptocurrency", - "type": "string" - }, - { - "name": "stratum_mining_pools", - "label": "Mining Pools", - "type": "string" - }, - { - "name": "stratum_mining_program", - "label": "Mining Program", - "type": "string" - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/transaction_record.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/transaction_record.json deleted file mode 100644 index 387b96f..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/transaction_record.json +++ /dev/null @@ -1,1500 +0,0 @@ -{ - "type": "record", - "name": "transaction_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_stream_trace_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_imei", - "common_imsi", - "common_phone_number", - "http_host", - "http_domain", - "http_url" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol", - "common_app_behavior" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ] - } - }, - "schema_type": { - "BASE": { - "$ref": "public_schema_info.json#/schema_type/BASE" - }, - "HTTP": { - "$ref": "public_schema_info.json#/schema_type/HTTP" - }, - "MAIL": { - "$ref": "public_schema_info.json#/schema_type/MAIL" - }, - "DNS": { - "$ref": "public_schema_info.json#/schema_type/DNS" - }, - "SSL": { - "$ref": "public_schema_info.json#/schema_type/SSL" - }, - "QUIC": { - "$ref": "public_schema_info.json#/schema_type/QUIC" - }, - "FTP": { - "$ref": "public_schema_info.json#/schema_type/FTP" - }, - "BGP": { - "$ref": "public_schema_info.json#/schema_type/BGP" - }, - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "APP": { - "$ref": "public_schema_info.json#/schema_type/APP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "common_server_ip", - "common_server_port", - "common_schema_type" - ], - "internal_columns": [ - "common_recv_time", - "common_log_id", - "common_processing_time", - "common_tunnels", - "common_packet_capture_file", - "http_request_body", - "http_response_body" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "label": "Receive Time" - }, - { - "name": "common_log_id", - "type": "long", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "label": "Log ID" - }, - { - "name": "common_policy_id", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Policy ID" - }, - { - "name": "common_subscriber_id", - "type": "string", - "label": "Subscriber ID" - }, - { - "name": "common_imei", - "type": "string", - "label": "IMEI" - }, - { - "name": "common_imsi", - "type": "string", - "label": "IMSI" - }, - { - "name": "common_phone_number", - "type": "string", - "label": "Phone Number" - }, - { - "name": "common_client_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "label": "Client IP" - }, - { - "name": "common_internal_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - } - }, - "label": "Internal IP" - }, - { - "name": "common_client_port", - "type": "int", - "label": "Client Port" - }, - { - "name": "common_l4_protocol", - "type": "string", - "label": "L4 Protocol" - }, - { - "name": "common_address_type", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "label": "Address Type" - }, - { - "name": "common_server_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "label": "Server IP" - }, - { - "name": "common_server_port", - "type": "int", - "label": "Server Port" - }, - { - "name": "common_external_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - } - }, - "label": "External IP" - }, - { - "name": "common_action", - "type": "int", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "label": "Action" - }, - { - "name": "common_direction", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "label": "Direction" - }, - { - "name": "common_entrance_id", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Entrance ID" - }, - { - "name": "common_sled_ip", - "type": "string", - "doc": { - "constraints": { - "type": "ip" - } - }, - "label": "Sled IP" - }, - { - "name": "common_client_location", - "type": "string", - "label": "Client Location" - }, - { - "name": "common_client_asn", - "type": "string", - "label": "Client ASN" - }, - { - "name": "common_server_location", - "type": "string", - "label": "Server Location" - }, - { - "name": "common_server_asn", - "type": "string", - "label": "Server ASN" - }, - { - "name": "common_sessions", - "type": "long", - "label": "Sessions" - }, - { - "name": "common_c2s_pkt_num", - "type": "long", - "label": "Packets Sent" - }, - { - "name": "common_s2c_pkt_num", - "type": "long", - "label": "Packets Received" - }, - { - "name": "common_c2s_byte_num", - "type": "long", - "label": "Bytes Sent" - }, - { - "name": "common_s2c_byte_num", - "type": "long", - "label": "Bytes Received" - }, - { - "name": "common_c2s_pkt_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Packets Sent(Diff)" - }, - { - "name": "common_s2c_pkt_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Packets Received(Diff)" - }, - { - "name": "common_c2s_byte_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Bytes Sent(Diff)" - }, - { - "name": "common_s2c_byte_diff", - "type": "long", - "doc": { - "visibility": "hidden" - }, - "label": "Bytes Received(Diff)" - }, - { - "name": "common_service", - "type": "int", - "doc": { - "visibility": "disabled" - }, - "label": "Service" - }, - { - "name": "common_schema_type", - "type": "string", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "BASE", - "value": "BASE" - }, - { - "code": "DNS", - "value": "DNS" - }, - { - "code": "HTTP", - "value": "HTTP" - }, - { - "code": "SIP", - "value": "SIP" - } - ] - }, - "label": "Schema Type" - }, - { - "name": "common_user_tags", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "User Tags" - }, - { - "name": "common_sub_action", - "type": "string", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "label": "Sub Action" - }, - { - "name": "common_user_region", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "User Region" - }, - { - "name": "common_device_id", - "type": "string", - "label": "Device ID" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "ISP" - }, - { - "name": "common_device_tag", - "type": "string", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "label": "Device Tag" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_app_behavior", - "label": "Application Behavior", - "type": "string" - }, - { - "name": "common_encapsulation", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "label": "Encapsulation" - }, - { - "name": "common_app_label", - "type": "string", - "label": "Application Label" - }, - { - "name": "common_tunnels", - "type": "string", - "label": "Tunnels" - }, - { - "name": "common_protocol_label", - "type": "string", - "label": "Protocol Label" - }, - { - "name": "common_app_id", - "type": "string", - "label": "Application ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "type": "string", - "label": "Surrogate ID", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "type": "string", - "label": "L7 Protocol" - }, - { - "name": "common_service_category", - "type": { - "type": "array", - "items": "int" - }, - "doc": { - "constraints": { - "operator_functions": "has" - }, - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "label": "FQDN Category" - }, - { - "name": "common_start_time", - "type": "long", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - } - }, - "label": "Start Time" - }, - { - "name": "common_end_time", - "type": "long", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "label": "End Time" - }, - { - "name": "common_establish_latency_ms", - "type": "long", - "label": "Establish Latency(ms)" - }, - { - "name": "common_con_duration_ms", - "type": "long", - "label": "Duration(ms)" - }, - { - "name": "common_stream_dir", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "label": "Stream Direction" - }, - { - "name": "common_address_list", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "Address List" - }, - { - "name": "common_has_dup_traffic", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "label": "Duplication Traffic" - }, - { - "name": "common_stream_error", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Stream Error" - }, - { - "name": "common_stream_trace_id", - "type": "long", - "label": "Session ID" - }, - { - "name": "common_link_info_c2s", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(c2s)" - }, - { - "name": "common_link_info_s2c", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "Link Info(s2c)" - }, - { - "name": "common_packet_capture_file", - "label": "Packet Capture File", - "doc": { - "visibility": "hidden", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "type": "long", - "label": "Fragmentation Packets(c2s)" - }, - { - "name": "common_s2c_ipfrag_num", - "type": "long", - "label": "Fragmentation Packets(s2c)" - }, - { - "name": "common_c2s_tcp_lostlen", - "type": "long", - "label": "Sequence Gap Loss(c2s)" - }, - { - "name": "common_s2c_tcp_lostlen", - "type": "long", - "label": "Sequence Gap Loss(s2c)" - }, - { - "name": "common_c2s_tcp_unorder_num", - "type": "long", - "label": "Unorder Packets(c2s)" - }, - { - "name": "common_s2c_tcp_unorder_num", - "type": "long", - "label": "Unorder Packets(s2c)" - }, - { - "name": "common_c2s_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(c2s)" - }, - { - "name": "common_s2c_pkt_retrans", - "type": "long", - "label": "Packet Retransmission(s2c)" - }, - { - "name": "common_c2s_byte_retrans", - "type": "long", - "label": "Byte Retransmission(c2s)" - }, - { - "name": "common_s2c_byte_retrans", - "type": "long", - "label": "Byte Retransmission(s2c)" - }, - { - "name": "common_tcp_client_isn", - "type": "long", - "label": "TCP Client ISN" - }, - { - "name": "common_tcp_server_isn", - "type": "long", - "label": "TCP Server ISN" - }, - { - "name": "common_first_ttl", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "First TTL" - }, - { - "name": "common_processing_time", - "type": "long", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "label": "Processing Time" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "http_url", - "type": "string", - "label": "HTTP.URL" - }, - { - "name": "http_host", - "type": "string", - "doc": { - "format": { - "functions": "sub_domain", - "appendTo": "http_domain" - } - }, - "label": "HTTP.Host" - }, - { - "name": "http_domain", - "type": "string", - "label": "HTTP.Domain" - }, - { - "name": "http_request_line", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Request Line" - }, - { - "name": "http_response_line", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Response Line" - }, - { - "name": "http_request_header", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Request Headers" - }, - { - "name": "http_response_header", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Response Headers" - }, - { - "name": "http_request_content", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Request Content" - }, - { - "name": "http_request_content_length", - "label": "HTTP.Request Content Length", - "type": "string" - }, - { - "name": "http_request_content_type", - "label": "HTTP.Request Content Type", - "type": "string" - }, - { - "name": "http_response_content", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Response Content" - }, - { - "name": "http_response_content_length", - "label": "HTTP.Response Content Length", - "type": "string" - }, - { - "name": "http_response_content_type", - "label": "HTTP.Response Content Type", - "type": "string" - }, - { - "name": "http_request_body", - "type": "string", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "label": "HTTP.Request Body" - }, - { - "name": "http_response_body", - "type": "string", - "doc": { - "allow_query": "false", - "constraints": { - "type": "file" - } - }, - "label": "HTTP.Response Body" - }, - { - "name": "http_request_body_key", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Request Body Key" - }, - { - "name": "http_response_body_key", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "HTTP.Response Body Key" - }, - { - "name": "http_proxy_flag", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Proxy Flag" - }, - { - "name": "http_sequence", - "type": "int", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Sequence" - }, - { - "name": "http_snapshot", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Snapshot" - }, - { - "name": "http_cookie", - "type": "string", - "label": "HTTP.Cookie" - }, - { - "name": "http_referer", - "type": "string", - "label": "HTTP.Referer" - }, - { - "name": "http_user_agent", - "type": "string", - "label": "HTTP.User Agent" - }, - { - "name": "http_content_length", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Content Length" - }, - { - "name": "http_content_type", - "type": "string", - "doc": { - "visibility": "hidden" - }, - "label": "HTTP.Content Type" - }, - { - "name": "http_set_cookie", - "type": "string", - "label": "HTTP.Set Cookie" - }, - { - "name": "http_version", - "type": "string", - "label": "HTTP.Version" - }, - { - "name": "http_response_latency_ms", - "type": "long", - "label": "HTTP.Response Latency(ms)" - }, - { - "name": "http_session_duration_ms", - "type": "long", - "label": "HTTP.Session Duration(ms)" - }, - { - "name": "http_action_file_size", - "type": "int", - "label": "HTTP.Action File Size" - }, - { - "name": "dns_message_id", - "type": "int", - "label": "DNS.Message ID" - }, - { - "name": "dns_qr", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "RESPONSE" - } - ] - }, - "label": "DNS.QR" - }, - { - "name": "dns_opcode", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "QUERY" - }, - { - "code": "1", - "value": "IQUERY" - }, - { - "code": "2", - "value": "STATUS" - }, - { - "code": "5", - "value": "UPDATE" - } - ] - }, - "label": "DNS.OPCODE" - }, - { - "name": "dns_aa", - "type": "int", - "label": "DNS.AA" - }, - { - "name": "dns_tc", - "type": "int", - "label": "DNS.TC" - }, - { - "name": "dns_rd", - "type": "int", - "label": "DNS.RD" - }, - { - "name": "dns_ra", - "type": "int", - "label": "DNS.RA" - }, - { - "name": "dns_rcode", - "type": "int", - "label": "DNS.RCODE" - }, - { - "name": "dns_qdcount", - "type": "int", - "label": "DNS.QDCOUNT" - }, - { - "name": "dns_ancount", - "type": "int", - "label": "DNS.ANCOUNT" - }, - { - "name": "dns_nscount", - "type": "int", - "label": "DNS.NSCOUNT" - }, - { - "name": "dns_arcount", - "type": "int", - "label": "DNS.ARCOUNT" - }, - { - "name": "dns_qname", - "type": "string", - "label": "DNS.QNAME" - }, - { - "name": "dns_qtype", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "A" - }, - { - "code": "2", - "value": "NS" - }, - { - "code": "5", - "value": "CNAME" - }, - { - "code": "6", - "value": "SOA" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "12", - "value": "PTR" - }, - { - "code": "13", - "value": "HINFO" - }, - { - "code": "11", - "value": "WKS" - }, - { - "code": "15", - "value": "MX" - }, - { - "code": "28", - "value": "AAAA" - } - ] - }, - "label": "DNS.QTYPE" - }, - { - "name": "dns_qclass", - "type": "int", - "label": "DNS.QCLASS" - }, - { - "name": "dns_cname", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "DNS.CNAME" - }, - { - "name": "dns_sub", - "type": "int", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "DNS" - }, - { - "code": "2", - "value": "DNSSEC" - } - ] - }, - "label": "DNS.SUB" - }, - { - "name": "dns_rr", - "type": "string", - "doc": { - "visibility": "disabled" - }, - "label": "DNS.RR" - }, - { - "name": "sip_call_id", - "type": "string", - "label": "SIP.Call-ID" - }, - { - "name": "sip_originator_description", - "type": "string", - "label": "SIP.Originator" - }, - { - "name": "sip_responder_description", - "type": "string", - "label": "SIP.Responder" - }, - { - "name": "sip_user_agent", - "type": "string", - "label": "SIP.User-Agent" - }, - { - "name": "sip_server", - "type": "string", - "label": "SIP.Server" - }, - { - "name": "sip_originator_sdp_connect_ip", - "type": "string", - "label": "SIP.Originator IP" - }, - { - "name": "sip_originator_sdp_media_port", - "type": "int", - "label": "SIP.Originator Port" - }, - { - "name": "sip_originator_sdp_media_type", - "type": "string", - "label": "SIP.Originator Media Type" - }, - { - "name": "sip_originator_sdp_content", - "type": "string", - "label": "SIP.Originator Content" - }, - { - "name": "sip_responder_sdp_connect_ip", - "type": "string", - "label": "SIP.Responder IP" - }, - { - "name": "sip_responder_sdp_media_port", - "type": "int", - "label": "SIP.Responder Port" - }, - { - "name": "sip_responder_sdp_media_type", - "type": "string", - "label": "SIP.Responder Media Type" - }, - { - "name": "sip_responder_sdp_content", - "type": "string", - "label": "SIP.Responder Content" - }, - { - "name": "sip_duration_s", - "type": "int", - "label": "SIP.Duration(s)" - }, - { - "name": "sip_bye", - "type": "string", - "label": "SIP.Bye" - } - ] -} \ No newline at end of file diff --git a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/voip_record.json b/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/voip_record.json deleted file mode 100644 index c4859df..0000000 --- a/TSG发布版本更新记录/TSG-22.02/qgw/galaxy-qgw-service/config/voip_record.json +++ /dev/null @@ -1,1382 +0,0 @@ -{ - "type": "record", - "name": "voip_record", - "namespace": "tsg_galaxy_v3", - "doc": { - "primary_key": "common_log_id", - "partition_key": "common_recv_time", - "functions": { - "$ref": "public_schema_info.json#/functions" - }, - "schema_query": { - "dimensions": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_sled_ip", - "common_device_id", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_client_port", - "common_server_port", - "common_schema_type", - "common_l4_protocol", - "common_l7_protocol", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration_s", - "sip_bye", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_originator_dir" - ], - "metrics": [ - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_subscriber_id", - "common_sled_ip", - "common_device_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_sessions", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration_s" - ], - "filters": [ - "common_address_type", - "common_server_ip", - "common_client_ip", - "common_internal_ip", - "common_external_ip", - "common_client_port", - "common_server_port", - "common_client_location", - "common_server_location", - "common_subscriber_id", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_l4_protocol", - "common_l7_protocol", - "common_stream_dir", - "common_direction", - "common_data_center", - "common_device_group", - "common_app_behavior", - "common_sled_ip", - "common_device_id", - "common_schema_type", - "common_client_asn", - "common_server_asn", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "sip_call_id", - "sip_originator_description", - "sip_responder_description", - "sip_user_agent", - "sip_server", - "sip_duration_s", - "sip_bye", - "rtp_payload_type_c2s", - "rtp_payload_type_s2c", - "rtp_originator_dir" - ], - "references": { - "$ref": "public_schema_info.json#/schema_query/references" - }, - "details": { - "general": [ - "common_recv_time", - "common_log_id", - "common_stream_trace_id", - "common_direction", - "common_stream_dir", - "common_start_time", - "common_end_time", - "common_con_duration_ms", - "common_establish_latency_ms", - "common_processing_time", - "common_entrance_id", - "common_device_id", - "common_egress_link_id", - "common_ingress_link_id", - "common_isp", - "common_data_center", - "common_device_group", - "common_sled_ip" - ], - "source": [ - "common_client_ip", - "common_internal_ip", - "common_client_port", - "common_client_location", - "common_client_asn", - "common_subscriber_id", - "common_imei", - "common_imsi", - "common_phone_number" - ], - "destination": [ - "common_server_ip", - "common_external_ip", - "common_server_port", - "common_server_location", - "common_server_asn" - ], - "application": [ - "common_app_id", - "common_userdefine_app_name", - "common_app_label", - "common_app_surrogate_id", - "common_l7_protocol", - "common_protocol_label", - "common_service_category", - "common_service", - "common_l4_protocol", - "common_app_behavior" - ], - "transmission": [ - "common_sessions", - "common_c2s_pkt_num", - "common_s2c_pkt_num", - "common_c2s_byte_num", - "common_s2c_byte_num", - "common_c2s_pkt_diff", - "common_s2c_pkt_diff", - "common_c2s_byte_diff", - "common_s2c_byte_diff", - "common_c2s_ipfrag_num", - "common_s2c_ipfrag_num", - "common_c2s_tcp_lostlen", - "common_s2c_tcp_lostlen", - "common_c2s_tcp_unorder_num", - "common_s2c_tcp_unorder_num", - "common_c2s_pkt_retrans", - "common_s2c_pkt_retrans", - "common_c2s_byte_retrans", - "common_s2c_byte_retrans", - "common_first_ttl", - "common_tcp_client_isn", - "common_tcp_server_isn", - "common_mirrored_pkts", - "common_mirrored_bytes" - ], - "other": [ - "common_address_type", - "common_schema_type", - "common_device_tag", - "common_encapsulation", - "common_tunnels", - "common_address_list", - "common_has_dup_traffic", - "common_stream_error", - "common_link_info_c2s", - "common_link_info_s2c", - "common_packet_capture_file", - "common_action", - "common_sub_action", - "common_policy_id", - "common_user_tags", - "common_user_region" - ] - } - }, - "schema_type": { - "SIP": { - "$ref": "public_schema_info.json#/schema_type/SIP" - }, - "RTP": { - "$ref": "public_schema_info.json#/schema_type/RTP" - }, - "VoIP": { - "$ref": "public_schema_info.json#/schema_type/VoIP" - } - }, - "default_columns": [ - "common_recv_time", - "common_log_id", - "common_subscriber_id", - "common_client_ip", - "sip_originator_description", - "sip_responder_description", - "sip_call_id", - "common_server_ip", - "common_server_port", - "rtp_pcap_path", - "rtp_originator_dir" - ], - "internal_columns": [ - "common_recv_time", - "common_log_id", - "common_processing_time", - "common_packet_capture_file", - "rtp_pcap_path" - ], - "tunnel_type": { - "$ref": "public_schema_info.json#/tunnel_type" - } - }, - "fields": [ - { - "name": "common_recv_time", - "label": "Receive Time", - "doc": { - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_log_id", - "label": "Log ID", - "doc": { - "format": { - "functions": "snowflake_id" - } - }, - "type": "long" - }, - { - "name": "common_policy_id", - "label": "Policy ID", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_subscriber_id", - "label": "Subscriber ID", - "type": "string" - }, - { - "name": "common_imei", - "label": "IMEI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_imsi", - "label": "IMSI", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_phone_number", - "label": "Phone Number", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_client_ip", - "label": "Client IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn,radius_match", - "appendTo": "common_client_asn,common_subscriber_id" - } - }, - "type": "string" - }, - { - "name": "common_internal_ip", - "label": "Internal IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_client_port", - "label": "Client Port", - "type": "int" - }, - { - "name": "common_l4_protocol", - "label": "L4 Protocol", - "type": "string" - }, - { - "name": "common_address_type", - "label": "Address Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "4", - "value": "ipv4" - }, - { - "code": "6", - "value": "ipv6" - } - ] - }, - "type": "int" - }, - { - "name": "common_server_ip", - "label": "Server IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "geo_asn", - "appendTo": "common_server_asn" - } - }, - "type": "string" - }, - { - "name": "common_server_port", - "label": "Server Port", - "type": "int" - }, - { - "name": "common_external_ip", - "label": "External IP", - "doc": { - "constraints": { - "type": "ip" - }, - "format": { - "functions": "if", - "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" - } - }, - "type": "string" - }, - { - "name": "common_action", - "label": "Action", - "doc": { - "visibility": "hidden", - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "None" - }, - { - "code": "1", - "value": "Monitor" - }, - { - "code": "2", - "value": "Intercept" - }, - { - "code": "16", - "value": "Deny" - }, - { - "code": "128", - "value": "Allow" - } - ] - }, - "type": "int" - }, - { - "name": "common_direction", - "label": "Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "69", - "value": "outbound" - }, - { - "code": "73", - "value": "inbound" - } - ] - }, - "type": "int" - }, - { - "name": "common_entrance_id", - "label": "Entrance ID", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_sled_ip", - "label": "Sled IP", - "doc": { - "constraints": { - "type": "ip" - } - }, - "type": "string" - }, - { - "name": "common_client_location", - "label": "Client Location", - "type": "string" - }, - { - "name": "common_client_asn", - "label": "Client ASN", - "type": "string" - }, - { - "name": "common_server_location", - "label": "Server Location", - "type": "string" - }, - { - "name": "common_server_asn", - "label": "Server ASN", - "type": "string" - }, - { - "name": "common_sessions", - "label": "Sessions", - "type": "long" - }, - { - "name": "common_c2s_pkt_num", - "label": "Packets Sent", - "type": "long" - }, - { - "name": "common_s2c_pkt_num", - "label": "Packets Received", - "type": "long" - }, - { - "name": "common_c2s_byte_num", - "label": "Bytes Sent", - "type": "long" - }, - { - "name": "common_s2c_byte_num", - "label": "Bytes Received", - "type": "long" - }, - { - "name": "common_c2s_pkt_diff", - "label": "Packets Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_diff", - "label": "Packets Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_diff", - "label": "Bytes Sent(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_diff", - "label": "Bytes Received(Diff)", - "doc": { - "visibility": "disabled" - }, - "type": "long" - }, - { - "name": "common_service", - "label": "Service", - "doc": { - "visibility": "disabled" - }, - "type": "int" - }, - { - "name": "common_schema_type", - "label": "Schema Type", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "VoIP", - "value": "VoIP" - }, - { - "code": "SIP", - "value": "SIP" - }, - { - "code": "RTP", - "value": "RTP" - } - ] - }, - "type": "string" - }, - { - "name": "common_user_tags", - "label": "User Tags", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_sub_action", - "label": "Sub Action", - "doc": { - "data": [ - { - "code": "allow", - "value": "Allow" - }, - { - "code": "deny", - "value": "Deny" - }, - { - "code": "monitor", - "value": "Monitor" - }, - { - "code": "replace", - "value": "Replace" - }, - { - "code": "redirect", - "value": "Redirect" - }, - { - "code": "insert", - "value": "Insert" - }, - { - "code": "hijack", - "value": "Hijack" - } - ], - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_user_region", - "label": "User Region", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_id", - "label": "Device ID", - "type": "string" - }, - { - "name": "common_egress_link_id", - "label": "Egress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_ingress_link_id", - "label": "Ingress Link ID", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_isp", - "label": "ISP", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_device_tag", - "label": "Device Tag", - "doc": { - "visibility": "hidden", - "format": { - "functions": "flattenSpec,flattenSpec", - "appendTo": "common_data_center,common_device_group", - "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value" - } - }, - "type": "string" - }, - { - "name": "common_data_center", - "label": "Data Center", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", - "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" - }, - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_device_group", - "label": "Device Group", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "device_tag.json#", - "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", - "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" - } - }, - "type": "string" - }, - { - "name": "common_app_behavior", - "label": "Application Behavior", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_encapsulation", - "label": "Encapsulation", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_encapsulation/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_app_label", - "label": "Application Label", - "type": "string" - }, - { - "name": "common_tunnels", - "label": "Tunnels", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_protocol_label", - "label": "Protocol Label", - "type": "string" - }, - { - "name": "common_app_id", - "label": "Application ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_userdefine_app_name", - "label": "User Define APP Name", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_app_surrogate_id", - "label": "Surrogate ID", - "type": "string", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_l7_protocol", - "label": "L7 Protocol", - "type": "string" - }, - { - "name": "common_service_category", - "label": "FQDN Category", - "doc": { - "constraints": { - "operator_functions": "has" - }, - "visibility": "disabled", - "dict_location": { - "path": "/v1/category/dict", - "key": "categoryId", - "value": "categoryName" - } - }, - "type": { - "type": "array", - "items": "int" - } - }, - { - "name": "common_start_time", - "label": "Start Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - } - }, - "type": "long" - }, - { - "name": "common_end_time", - "label": "End Time", - "doc": { - "allow_query": "false", - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "get_value", - "appendTo": "common_recv_time" - } - }, - "type": "long" - }, - { - "name": "common_establish_latency_ms", - "label": "Establish Latency(ms)", - "type": "long" - }, - { - "name": "common_con_duration_ms", - "label": "Duration(ms)", - "type": "long" - }, - { - "name": "common_stream_dir", - "label": "Stream Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - }, - { - "code": "3", - "value": "double" - } - ] - }, - "type": "int" - }, - { - "name": "common_address_list", - "label": "Address List", - "doc": { - "visibility": "disabled" - }, - "type": "string" - }, - { - "name": "common_has_dup_traffic", - "label": "Duplication Traffic", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": { - "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" - }, - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_stream_error", - "label": "Stream Error", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_stream_trace_id", - "label": "Session ID", - "type": "long" - }, - { - "name": "common_link_info_c2s", - "label": "Link Info(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_link_info_s2c", - "label": "Link Info(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "string" - }, - { - "name": "common_packet_capture_file", - "label": "Packet Capture File", - "doc": { - "visibility": "hidden", - "constraints": { - "type": "file" - } - }, - "type": "string" - }, - { - "name": "common_c2s_ipfrag_num", - "label": "Fragmentation Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_ipfrag_num", - "label": "Fragmentation Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_lostlen", - "label": "Sequence Gap Loss(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_lostlen", - "label": "Sequence Gap Loss(s2c)", - "type": "long" - }, - { - "name": "common_c2s_tcp_unorder_num", - "label": "Unorder Packets(c2s)", - "type": "long" - }, - { - "name": "common_s2c_tcp_unorder_num", - "label": "Unorder Packets(s2c)", - "type": "long" - }, - { - "name": "common_c2s_pkt_retrans", - "label": "Packet Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_pkt_retrans", - "label": "Packet Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_c2s_byte_retrans", - "label": "Byte Retransmission(c2s)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_s2c_byte_retrans", - "label": "Byte Retransmission(s2c)", - "doc": { - "visibility": "hidden" - }, - "type": "long" - }, - { - "name": "common_tcp_client_isn", - "label": "TCP Client ISN", - "type": "long" - }, - { - "name": "common_tcp_server_isn", - "label": "TCP Server ISN", - "type": "long" - }, - { - "name": "common_first_ttl", - "label": "First TTL", - "doc": { - "visibility": "hidden" - }, - "type": "int" - }, - { - "name": "common_processing_time", - "label": "Processing Time", - "doc": { - "constraints": { - "type": "timestamp" - }, - "format": { - "functions": "current_timestamp" - } - }, - "type": "long" - }, - { - "name": "common_mirrored_pkts", - "label": "Mirrored Packets", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "common_mirrored_bytes", - "label": "Mirrored Bytes", - "type": "long", - "doc": { - "visibility": "hidden" - } - }, - { - "name": "sip_call_id", - "label": "SIP.Call-ID", - "type": "string" - }, - { - "name": "sip_originator_description", - "label": "SIP.Originator", - "type": "string" - }, - { - "name": "sip_responder_description", - "label": "SIP.Responder", - "type": "string" - }, - { - "name": "sip_user_agent", - "label": "SIP.User-Agent", - "type": "string" - }, - { - "name": "sip_server", - "label": "SIP.Server", - "type": "string" - }, - { - "name": "sip_originator_sdp_connect_ip", - "label": "SIP.Originator IP", - "type": "string" - }, - { - "name": "sip_originator_sdp_media_port", - "label": "SIP.Originator Port", - "type": "int" - }, - { - "name": "sip_originator_sdp_media_type", - "label": "SIP.Originator Media Type", - "type": "string" - }, - { - "name": "sip_originator_sdp_content", - "label": "SIP.Originator Content", - "type": "string" - }, - { - "name": "sip_responder_sdp_connect_ip", - "label": "SIP.Responder IP", - "type": "string" - }, - { - "name": "sip_responder_sdp_media_port", - "label": "SIP.Responder Port", - "type": "int" - }, - { - "name": "sip_responder_sdp_media_type", - "label": "SIP.Responder Media Type", - "type": "string" - }, - { - "name": "sip_responder_sdp_content", - "label": "SIP.Responder Content", - "type": "string" - }, - { - "name": "sip_duration_s", - "label": "SIP.Duration(s)", - "type": "int" - }, - { - "name": "sip_bye", - "label": "SIP.Bye", - "type": "string" - }, - { - "name": "rtp_payload_type_c2s", - "label": "RTP.Payload Type(c2s)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_payload_type_s2c", - "label": "RTP.Payload Type(s2c)", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "PCMU" - }, - { - "code": "1", - "value": "1016" - }, - { - "code": "2", - "value": "G721" - }, - { - "code": "3", - "value": "GSM" - }, - { - "code": "4", - "value": "G723" - }, - { - "code": "5", - "value": "DVI4_8000" - }, - { - "code": "6", - "value": "DVI4_16000" - }, - { - "code": "7", - "value": "LPC" - }, - { - "code": "8", - "value": "PCMA" - }, - { - "code": "9", - "value": "G722" - }, - { - "code": "10", - "value": "L16_STEREO" - }, - { - "code": "11", - "value": "L16_MONO" - }, - { - "code": "12", - "value": "QCELP" - }, - { - "code": "13", - "value": "CN" - }, - { - "code": "14", - "value": "MPA" - }, - { - "code": "15", - "value": "G728" - }, - { - "code": "16", - "value": "DVI4_11025" - }, - { - "code": "17", - "value": "DVI4_22050" - }, - { - "code": "18", - "value": "G729" - }, - { - "code": "19", - "value": "CN_OLD" - }, - { - "code": "25", - "value": "CELB" - }, - { - "code": "26", - "value": "JPEG" - }, - { - "code": "28", - "value": "NV" - }, - { - "code": "31", - "value": "H261" - }, - { - "code": "32", - "value": "MPV" - }, - { - "code": "33", - "value": "MP2T" - }, - { - "code": "34", - "value": "H263" - } - ] - }, - "type": "int" - }, - { - "name": "rtp_pcap_path", - "label": "RTP.PCAP", - "doc": { - "allow_query": "false", - "constraints": { - "type": "files" - } - }, - "type": "string" - }, - { - "name": "rtp_originator_dir", - "label": "RTP.Direction", - "doc": { - "constraints": { - "operator_functions": "=,!=" - }, - "data": [ - { - "code": "0", - "value": "unknown" - }, - { - "code": "1", - "value": "c2s" - }, - { - "code": "2", - "value": "s2c" - } - ] - }, - "type": "int" - } - ] -} \ No newline at end of file