gfwleak/galaxy-platform-galaxy-troubleshooting-api
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support new troubleshooting in 24.05

Browse Source
This commit is contained in:
doufenghu
2024-06-20 14:57:25 +08:00
parent 9015c601ab
commit bc9bd1976b
11 changed files with 472 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
24.05/README.md
View File

@@ -2,119 +2,78 @@
## 概述
TSG OLAP的数据摄入分为三种类型:LogsMetricsFile Chunks。为确保能够正确处理并写入相应存储系统需要支持端到端业务自检。
TSG OLAP 支持对LogsMetricsFiles进行端到端业务自检,自检数据流: Smaple Datasets -> Kafka Topic -> FLINK ETL -> Storage DB -> QGW API .
## 环境依赖
- 测试数据生成工具 `e2e-mockdata-generator.jar`
- 安装`Newman`详细参考[帮助文档](https://learning.postman.com/docs/collections/using-newman-cli/newman-options/)
- 样例数据生成工具`e2e-mockdata-generator` 需要JDK11环境
- Report诊断工具`Newman`具体参考[帮助文档](https://learning.postman.com/docs/collections/using-newman-cli/newman-options/)
## 使用方法
### Newman CLI enviroment.json 修改如下配置
`Newman CLI 使用QGW HTTP Rest API 接口输出诊断报告,一般部署至国家中心`
### 修改 enviroment.json 配置
`Newman CLI 使用QGW HTTP REST API 输出诊断报告,需要添加访问IP`
```json
[
{
"key": "qgw_ip",
"value": "192.168.44.30",
"type": "default",
"enabled": true
},
{
"key": "qgw_port",
"value": "9999",
"type": "default",
"enabled": true
}
"key": "qgw_ip",
"value": "127.0.0.1",
"type": "default",
"enabled": true
},
{
"key": "hos_token",
"value": "c21f969b5f03d33d43e04f8f136e7682",
"type": "secret",
"enabled": true
}
]
```
### 测试数据生成工具修改Kafka地址
### 修改e2e_test.sh配置
`Kafka需为分中心地址`
- 修改`config.properties`, 增加Kafka访问地址
```props
kafka.server=192.168.41.29:9092
```
### 写入测试集至Kafka
- Logs
```shell
cd e2e-mockdata-generator/
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic SESSION-RECORD -f ./datasets/logs/session_record.dat
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic VOIP-RECORD -f ./datasets/logs/voip_record.dat
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic PROXY-EVENT -f ./datasets/logs/proxy_event.dat
```
- Metrics
- 增加每个分中心的kafka broker地址
```shell
cd e2e-mockdata-generator/
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic NETWORK-TRAFFIC-METRIC -f ./datasets/metrics/network_traffic_metric.dat
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic POLICY-RULE-METRIC -f ./datasets/metrics/policy_rule_metric.dat
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic OBJECT-STATISTICS-METRIC -f ./datasets/metrics/object_statistics_metric.dat
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --topic STATISTICS-RULE-METRIC -f ./datasets/metrics/statistics_rule_metric.dat
# [data_center_name]:kafka_server_list
declare -A KAFKA_SERVERS=(
["tsg_olap_dc_a"]="192.168.44.11:9092"
["tsg_olap_dc_b"]="192.168.44.11:9092"
)
```
- 增加每个分中心的HOS访问地址
```shell
# [data_center_name]:hos_endpoint_uri
declare -A HOS_ENDPOINTS=(
["tsg_olap_dc_a"]="192.168.44.11"
["tsg_olap_dc_b"]="192.168.44.11"
)
```
- Files
- 123e4567-e89b-12d3-a456-426614174001 监测策略 PcapNG
- 123e4567-e89b-12d3-a456-426614174002 HTTP Request Body
- 123e4567-e89b-12d3-a456-426614174003 HTTP Response Body
- 123e4567-e89b-12d3-a456-426614174004 MAIL EML
- 123e4567-e89b-12d3-a456-426614174005 RTP PcapNG
- 123e4567-e89b-12d3-a456-426614174006 Troubleshooting PcapNG
- 123e4567-e89b-12d3-a456-426614174007 Datapath Telemetry PcapNG
### 命令详解
`./e2e_test.sh -h`
```shell
cd e2e-mockdata-generator/
Usage: ./e2e_test.sh [options]
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TRAFFIC-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174001 --file_type traffic_pcapng
Options:
-g <type> Generate data (logs, metrics, files)
-d <type> Run diagnostic report (logs, metrics, files)
-c Clear test data
-a Perform all operations: generate data, run diagnostics, and clear data
-i <key=value,...> Set environment variable (data_center, hos_ip)
-v Enable verbose reporting
-e Enable emojitrain reporting
-h Show this help message
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TRAFFIC-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174002 --file_type html
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TRAFFIC-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174003 --file_type html
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TRAFFIC-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174004 --file_type eml
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TRAFFIC-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174005 --file_type traffic_pcapng
# java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic TROUBLESHOOTING-FILE-STREAM-RECORD -n 123e4567-e89b-12d3-a456-426614174006 --file_type troubleshooting_pcapng
# java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --topic DATAPATH-TELEMETRY-RECORD -n 123e4567-e89b-12d3-a456-426614174007 --file_type datapath_telemetry_pcapng
Examples:
./e2e_test.sh -a -e Perform all operations and enable emojitrain reporting
./e2e_test.sh -g logs -i data_center=my_data_center Generate log data at my_data_center
./e2e_test.sh -d logs -v Run diagnostics on logs data with verbose reporting
./e2e_test.sh -d metrics -v Run diagnostics on metrics data with verbose reporting
./e2e_test.sh -g logs Generate log data use default data center
./e2e_test.sh -c Clear test data
```
### 输出故障诊断报告等待3-5分钟
```shell
# -folder logs 对日志进行故障诊断输出诊断明细指定data_center。
# -folder metrics对Metrics进行故障诊断输出诊断明细指定data_center。
# -folder files对文件进行故障诊断输出诊断明细指定分中心HOS访问地址。
newman run ./tsg-olap-e2e-test-collection.json -n 1 -e ./environment.json --delay-request 500 --timeout-script 10000 --timeout-request 300000 --timeout 3600000 --insecure --verbose --ignore-redirects --env-var "data_center=tsg_olap" --folder logs
newman run ./tsg-olap-e2e-test-collection.json -n 1 -e ./environment.json --delay-request 500 --timeout-script 10000 --timeout-request 300000 --timeout 3600000 --insecure --verbose --ignore-redirects --env-var "data_center=tsg_olap" --folder metrics
newman run ./tsg-olap-e2e-test-collection.json -n 1 -e ./environment.json --delay-request 500 --timeout-script 10000 --timeout-request 300000 --timeout 3600000 --insecure --verbose --ignore-redirects --env-var "hos_ip=127.0.0.1" --folder files
# -folder logs对日志进行故障诊断通过表情形式输出测试结果
# -folder files对文件进行故障诊断通过表情形式输出测试结果
newman run ./tsg-olap-e2e-test-collection.json -n 1 --delay-request 500 -e ./environment.json --env-var "data_center=tsg_olap" --ignore-redirects --folder logs -r emojitrain
newman run ./tsg-olap-e2e-test-collection.json -n 1 --delay-request 500 -e ./environment.json --env-var "hos_ip=127.0.0.1" --ignore-redirects --folder files -r emojitrain
#清除测试数据(暂支持对文件的删除)
newman run ./tsg-olap-e2e-test-collection.json -n 1 --delay-request 500 -e ./environment.json --ignore-redirects --folder clear_test_data -r emojitrain
```

251
24.05/bin/e2e_test.sh Executable file
View File

@@ -0,0 +1,251 @@
#!/bin/bash
#BASE_DIR=$(cd $(dirname $0) && pwd)
BASE_DIR="$(dirname "$(pwd)")"
# Check if required tools are installed
if ! command -v java &> /dev/null; then
echo "Error: Java is not installed."
exit 1
fi
# Define common variables
E2E_MOCKDATA_GENERATOR_PATH="$BASE_DIR/e2e-mockdata-generator"
CONFIG_PATH="$BASE_DIR/config"
COLLECTION="tsg-olap-e2e-test-collection.json"
ENVIRONMENT="$BASE_DIR/environment.json"
DATA_CENTER="tsg_olap_dc_a" # Default Data Center
OTHER_VAR=""
# data_center_name:kafka_server
declare -A KAFKA_SERVERS=(
["tsg_olap_dc_a"]="192.168.44.11:9092"
["tsg_olap_dc_b"]="192.168.44.11:9092"
)
# data_center_name:hos_endpoint
declare -A HOS_ENDPOINTS=(
["tsg_olap_dc_a"]="192.168.44.11"
["tsg_olap_dc_b"]="192.168.44.11"
)
log_message() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1"
}
generate_logs() {
log_message "Generating logs for $1 $2 ..."
local data_center=$1
local bootstrap_server=$2
cd $E2E_MOCKDATA_GENERATOR_PATH || { echo "Error: Cannot change directory to $E2E_MOCKDATA_GENERATOR_PATH"; exit 1; }
declare -A LOGS=(
["SESSION-RECORD"]="session_record.dat"
["VOIP-RECORD"]="voip_record.dat"
["PROXY-EVENT"]="proxy_event.dat"
)
for topic in "${!LOGS[@]}"; do
# Replace the "data_center" value in the file
sed -i "s/\"data_center\":\"[^\"]*\"/\"data_center\":\"$data_center\"/g" ./datasets/logs/${LOGS[$topic]}
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --bootstrap_server $bootstrap_server --topic $topic -f ./datasets/logs/${LOGS[$topic]}
done
}
generate_metrics() {
log_message "Generating metrics for $1 $2..."
local data_center=$1
local bootstrap_server=$2
cd $E2E_MOCKDATA_GENERATOR_PATH || { echo "Error: Cannot change directory to $E2E_MOCKDATA_GENERATOR_PATH"; exit 1; }
declare -A METRICS=(
["NETWORK-TRAFFIC-METRIC"]="network_traffic_metric.dat"
["POLICY-RULE-METRIC"]="policy_rule_metric.dat"
["OBJECT-STATISTICS-METRIC"]="object_statistics_metric.dat"
["STATISTICS-RULE-METRIC"]="statistics_rule_metric.dat"
)
for topic in "${!METRICS[@]}"; do
# Replace the "data_center" value in the file
sed -i "s/\"data_center\":\"[^\"]*\"/\"data_center\":\"$data_center\"/g" ./datasets/metrics/${METRICS[$topic]}
java -cp e2e-mockdata-generator.jar com.geedgenetworks.LogGenerator --bootstrap_server $bootstrap_server --topic $topic -f ./datasets/metrics/${METRICS[$topic]}
done
}
generate_files() {
log_message "Generating files for $1 $2 ..."
local data_center=$1
local bootstrap_server=$2
cd $E2E_MOCKDATA_GENERATOR_PATH || { echo "Error: Cannot change directory to $E2E_MOCKDATA_GENERATOR_PATH"; exit 1; }
# 123e4567-e89b-12d3-a456-426614174006 troubleshooting_pcapng
# 123e4567-e89b-12d3-a456-426614174007 datapath_telemetry_pcapng
declare -A FILES=(
["123e4567-e89b-12d3-a456-426614174001"]="traffic_pcapng"
["123e4567-e89b-12d3-a456-426614174002"]="html"
["123e4567-e89b-12d3-a456-426614174003"]="html"
["123e4567-e89b-12d3-a456-426614174004"]="eml"
["123e4567-e89b-12d3-a456-426614174005"]="traffic_pcapng"
)
for uuid in "${!FILES[@]}"; do
java -cp e2e-mockdata-generator.jar com.geedgenetworks.FileChunkGenerator --bootstrap_server $bootstrap_server --topic TRAFFIC-FILE-STREAM-RECORD -n $uuid --file_type ${FILES[$uuid]}
done
}
# Define function to run diagnostic report
# -folder logs 对日志进行故障诊断输出诊断明细指定data_center。
# -folder metrics对Metrics进行故障诊断输出诊断明细指定data_center。
# -folder files对文件进行故障诊断输出诊断明细指定分中心HOS访问地址。
# -folder logs对日志进行故障诊断通过表情形式输出测试结果
# -folder files对文件进行故障诊断通过表情形式输出测试结果
# newman run ./tsg-olap-e2e-test-collection.json -n 1 --delay-request 500 -e $ENVIRONMENT --env-var "data_center=$DATA_CENTER" --ignore-redirects --folder logs -r emojitrain
# newman run ./tsg-olap-e2e-test-collection.json -n 1 --delay-request 500 -e $ENVIRONMENT --env-var "hos_ip=$HOS_IP" --ignore-redirects --folder files -r emojitrain
run_diagnostic() {
log_message "Running diagnostic for $1..."
cd $BASE_DIR || { echo "Error: Cannot change directory to $BASE_DIR"; exit 1; }
local folder=$1
local env_var=$2
local verbose=""
local emojitrain=""
if $verbose_flag; then
verbose="--verbose"
fi
if $emojitrain_flag; then
emojitrain="-r emojitrain"
fi
newman run $CONFIG_PATH/tsg-olap-e2e-test-collection.json -g $CONFIG_PATH/globals.json -n 1 -e $CONFIG_PATH/environment.json --delay-request 500 --timeout-script 10000 --timeout-request 300000 --timeout 3600000 --insecure $verbose --ignore-redirects --env-var $env_var --folder $folder $emojitrain
}
clear_data() {
log_message "Clearing test data..."
newman run $CONFIG_PATH/tsg-olap-e2e-test-collection.json -g $CONFIG_PATH/globals.json -n 1 --delay-request 500 -e $CONFIG_PATH/environment.json --ignore-redirects --folder clear_test_data -r emojitrain
}
# Help message
show_help() {
echo ""
echo "Usage: $0 [options]"
echo ""
echo "Options:"
echo " -g <type> Generate data (logs, metrics, files)"
echo " -d <type> Run diagnostic report (logs, metrics, files)"
echo " -c Clear test data"
echo " -a Perform all operations: generate data, run diagnostics, and clear data"
echo " -i <key=value,...>"
echo " Set environment variable (data_center, hos_ip)"
echo " -v Enable verbose reporting"
echo " -e Enable emojitrain reporting"
echo " -h Show this help message"
echo ""
echo "Examples:"
echo " $0 -a Perform all operations"
echo " $0 -g logs Generate log data"
echo " $0 -d metrics -v Run diagnostics on metrics data with verbose reporting"
echo " $0 -c Clear test data"
echo " $0 -g logs -i data_center=my_data_center Generate log data in my_data_center"
echo ""
}
# Initialize flags
generate_flag=false
diagnostic_flag=false
verbose_flag=false
emojitrain_flag=false
clear_flag=false
all_flag=false
generate_type=""
diagnostic_type=""
# Parse command-line arguments
while getopts ":g:d:i:acveh" opt; do
case $opt in
g)
generate_type=$OPTARG
generate_flag=true
;;
d)
diagnostic_type=$OPTARG
diagnostic_flag=true
;;
c)
clear_flag=true
;;
a)
all_flag=true
;;
i)
# Split the input based on whitespace, then further split by '=' to assign key-value pairs
IFS=',' read -ra vars <<< "$OPTARG"
for var in "${vars[@]}"; do
# Remove leading and trailing whitespaces
var=$(echo "$var" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
IFS='=' read -r key value <<< "$var"
case $key in
data_center) DATA_CENTER=$value ;;
other_var) OTHER_VAR=$value ;;
*) echo "Invalid environment variable: $key"; show_help; exit 1 ;;
esac
done
;;
v)
verbose_flag=true
;;
e)
emojitrain_flag=true
;;
h)
show_help
exit 0
;;
\?)
echo "Invalid option: -$OPTARG" >&2
show_help
exit 1
;;
esac
done
if $generate_flag; then
case $generate_type in
logs) generate_logs "$DATA_CENTER" "${KAFKA_SERVERS[$DATA_CENTER]}" ;;
metrics) generate_metrics "$DATA_CENTER" "${KAFKA_SERVERS[$DATA_CENTER]}" ;;
files) generate_files "$DATA_CENTER" "${KAFKA_SERVERS[$DATA_CENTER]}" ;;
*) echo "Invalid generate type"; show_help; exit 1 ;;
esac
fi
if $diagnostic_flag; then
case $diagnostic_type in
logs) run_diagnostic "logs" "data_center=$DATA_CENTER" ;;
metrics) run_diagnostic "metrics" "data_center=$DATA_CENTER" ;;
files) run_diagnostic "files" "data_center=$DATA_CENTER,hos_ip=${HOS_ENDPOINTS[$DATA_CENTER]}" ;;
*) echo "Invalid diagnostic type"; show_help; exit 1 ;;
esac
fi
if $clear_flag; then
clear_data
fi
if $all_flag; then
for data_center_var in "${!KAFKA_SERVERS[@]}"; do
generate_logs "$data_center_var" "${KAFKA_SERVERS[$data_center_var]}"
generate_metrics "$data_center_var" "${KAFKA_SERVERS[$data_center_var]}"
generate_files "$data_center_var" "${KAFKA_SERVERS[$data_center_var]}"
echo "Wait 30 Seconds..."
sleep 30
run_diagnostic "logs" "data_center=$data_center_var"
run_diagnostic "metrics" "data_center=$data_center_var"
run_diagnostic "files" "data_center=$data_center_var,hos_ip=${HOS_ENDPOINTS[$data_center_var]}"
clear_data
done
fi
# Display help message if no arguments are passed
if ! $generate_flag && ! $diagnostic_flag && ! $clear_flag && ! $all_flag; then
show_help
exit 1
fi
log_message "E2E test execution completed."

118
24.05/bin/function_test.sh Executable file
View File

@@ -0,0 +1,118 @@
#!/bin/bash
show_help() {
echo "
Usage: $(basename "$0") [-f FOLDER_NUMBER] [-a] [-v] [-e]
Options:
-f FOLDER_NUMBER Specify a single folder to run from a collection:
1. Query
2. Dataset
3. Database
4. Util
5. Troubleshooting
6. HOS
7. Knowledge Base File
-a Run all options [1-7]
-v Enable verbose reporting
-e Enable emojitrain reporting
-h, --help Show this help message and exit
"
}
BASE_DIR="$(dirname "$(pwd)")"
CONFIG_PATH="$BASE_DIR/config"
FOLDER=""
ALL=false
VERBOSE_FLAG=false
EMOJITRAIN_FLAG=false
# Flag to check if any valid option is provided
VALID_OPTION_PROVIDED=false
# Parse command-line arguments
while [[ $# -gt 0 ]]; do
case $1 in
-f)
VALID_OPTION_PROVIDED=true
if [[ -n $2 && $2 =~ ^[1-7]$ ]]; then
case $2 in
1) FOLDER="--folder Query" ;;
2) FOLDER="--folder Dataset" ;;
3) FOLDER="--folder Database" ;;
4) FOLDER="--folder Util" ;;
5) FOLDER="--folder Troubleshooting" ;;
6) FOLDER="--folder HOS" ;;
7) FOLDER="--folder Knowledge Base File" ;;
esac
shift 2
else
echo "Error: Invalid folder number."
show_help
exit 1
fi
;;
-a)
VALID_OPTION_PROVIDED=true
ALL=true
shift
;;
-v)
VERBOSE_FLAG=true
shift
;;
-e)
EMOJITRAIN_FLAG=true
shift
;;
-h|--help)
show_help
exit 0
;;
*)
echo "Error: Unknown option $1"
show_help
exit 1
;;
esac
done
if ! $VALID_OPTION_PROVIDED; then
show_help
exit 1
fi
if $ALL; then
FOLDER=""
fi
NEW_MAN_OPTS=(
"$CONFIG_PATH/tsg-olap-function-test-collection.json"
-n 1
-e "$CONFIG_PATH/environment.json"
-g "$CONFIG_PATH/globals.json"
--delay-request 200
--timeout-script 10000
--timeout-request 300000
--timeout 3600000
--insecure
)
# Add verbose reporting option if enabled
if $VERBOSE_FLAG; then
NEW_MAN_OPTS+=(--verbose)
fi
# Add folder option if set
if [[ -n $FOLDER ]]; then
NEW_MAN_OPTS+=($FOLDER)
fi
# Add emojitrain reporting option if enabled
if $EMOJITRAIN_FLAG; then
NEW_MAN_OPTS+=(-r emojitrain)
fi
# Run the newman command
newman run "${NEW_MAN_OPTS[@]}"

0
24.05/environment.json → 24.05/config/environment.json
View File

39
24.05/config/globals.json Normal file
View File

@@ -0,0 +1,39 @@
{
"id": "0083244f-f7da-4ec8-8c09-317c1121d3ad",
"values": [
{
"key": "start_time",
"value": "",
"type": "any",
"enabled": true
},
{
"key": "end_time",
"value": "",
"type": "any",
"enabled": true
},
{
"key": "domain",
"value": "",
"type": "any",
"enabled": true
},
{
"key": "client_ip",
"value": "",
"type": "any",
"enabled": true
},
{
"key": "server_ip",
"value": "",
"type": "any",
"enabled": true
}
],
"name": "Globals",
"_postman_variable_scope": "globals",
"_postman_exported_at": "2024-05-21T02:39:11.566Z",
"_postman_exported_using": "Postman/11.1.3"
}

0
24.05/tsg-olap-e2e-test-collection.json → 24.05/config/tsg-olap-e2e-test-collection.json
View File

0
24.05/tsg-olap-function-test-collection.json → 24.05/config/tsg-olap-function-test-collection.json
View File

4
24.05/e2e-mockdata-generator/config.properties
View File

@@ -1,5 +1,3 @@
#####9092-Plaintext 9094-SASL
kafka.server=192.168.44.11:9092
#####kafka SASL username/password
#kafka.user=admin
#kafka.pin=galaxy2019
#kafka.pin=galaxy2019

2
24.05/e2e-mockdata-generator/datasets/logs/proxy_event.dat
View File

@@ -1 +1 @@
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240001,"decoded_as":"HTTP","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.1","server_ip":"192.0.2.1","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.HTTP","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"http_version":"http1","http_request_line":"GET www.google.com/ HTTP/1.1","http_response_line":"HTTP/1.1 200 OK","http_status_code":200,"http_url":"www.google.com/","http_host":"www.google.com","http_cookie":"NID=513","http_user_agent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","http_response_content_type":"text/html; charset=UTF-8","proxy_rule_list":[4450],"proxy_action":"insert","http_action_file_size":35}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240001,"decoded_as":"HTTP","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.1","server_ip":"192.0.2.1","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.HTTP","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"http_version":"http1","http_request_line":"GET www.google.com/ HTTP/1.1","http_response_line":"HTTP/1.1 200 OK","http_status_code":200,"http_url":"www.google.com/","http_host":"www.google.com","http_cookie":"NID=513","http_user_agent":"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)","http_response_content_type":"text/html; charset=UTF-8","proxy_rule_list":[4450],"proxy_action":"insert","http_action_file_size":35}

19
24.05/e2e-mockdata-generator/datasets/logs/session_record.dat
View File

@@ -1,12 +1,7 @@
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240001,"decoded_as":"BASE","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.1","server_ip":"192.0.2.1","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240002,"decoded_as":"HTTP","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.2","server_ip":"192.0.2.2","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.HTTP","server_fqdn":"static-pcs-sdk-server.test.com","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","packet_capture_file":"123e4567-e89b-12d3-a456-426614174001","http_request_body":"123e4567-e89b-12d3-a456-426614174002","http_response_body":"123e4567-e89b-12d3-a456-426614174003","http_version":"http1","http_request_line":"POST /a HTTP/1.1","http_user_agent":"WinHttpClient","http_request_content_length":0,"http_host":"static-pcs-sdk-server.test.com","http_url":"static-pcs-sdk-server.test.com/a","http_status_code":200,"http_response_line":"HTTP/1.1 200 OK","http_response_content_type":"application/json;charset=UTF-8","http_response_content_length":0,"http_response_latency_ms":0,"http_session_duration_ms":0,"http_sequence":1}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240003,"decoded_as":"SSL","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.3","server_ip":"192.0.2.3","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.ssl","server_fqdn":"storeedgefd.dsx.mp.microsoft.com","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","ssl_ja3_hash":"","ssl_esni_flag":0,"ssl_ech_flag":0,"ssl_sni":"storeedgefd.dsx.mp.microsoft.com","ssl_ja3s_hash":"","ssl_version":"v3","ssl_cn":"sfdataservice.microsoft.com","ssl_cert_issuer":"","ssl_cert_subject":"","ssl_san":"","ssl_handshake_latency_ms":0}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240004,"decoded_as":"DNS","ip_protocol":"udp","address_type":4,"client_ip":"10.0.0.4","server_ip":"192.0.2.4","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.UDP.dns","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","dns_response_latency_ms":0,"dns_qr":1,"dns_aa":0,"dns_message_id":47610,"dns_opcode":0,"dns_ra":1,"dns_rcode":0,"dns_rd":1,"dns_tc":0,"dns_qdcount":1,"dns_ancount":1,"dns_nscount":6,"dns_arcount":13,"dns_qname":"","dns_qtype":1,"dns_qclass":1}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240005,"decoded_as":"QUIC","ip_protocol":"udp","address_type":4,"client_ip":"10.0.0.5","server_ip":"192.0.2.5","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.UDP.quic","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","quic_version":"IETF QUIC RFC9000"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240006,"decoded_as":"MAIL","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.6","server_ip":"192.0.2.6","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.mail.imap","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","mail_protocol_type":"IMAP","mail_eml_file":"123e4567-e89b-12d3-a456-426614174004"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240007,"decoded_as":"SSH","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.7","server_ip":"192.0.2.7","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.ssh","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","device_tag":"{\"tags\":[{\"tag\":\"data_center\",\"value\":\"tsg_olap\"},{\"tag\":\"device_group\",\"value\":\"tsg_olap\"}]}","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","ssh_server_version":"SSH-2.0-OpenSSH_7.4","ssh_client_version":"SSH-2.0-OpenSSH_9.0","ssh_version":2,"ssh_hassh":"0","ssh_kex_alg":"curve25519-sha256","ssh_host_key_alg":"ssh-ed25519","ssh_cipher_alg":"chacha20-poly1305@openssh.com","ssh_mac_alg":"umac-64-etm@openssh.com","ssh_compression_alg":"none","ssh_host_key":"0"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240001,"decoded_as":"BASE","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.1","server_ip":"192.0.2.1","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240002,"decoded_as":"HTTP","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.2","server_ip":"192.0.2.2","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.HTTP","server_fqdn":"static-pcs-sdk-server.test.com","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","packet_capture_file":"123e4567-e89b-12d3-a456-426614174001","http_request_body":"123e4567-e89b-12d3-a456-426614174002","http_response_body":"123e4567-e89b-12d3-a456-426614174003","http_version":"http1","http_request_line":"POST /a HTTP/1.1","http_user_agent":"WinHttpClient","http_request_content_length":0,"http_host":"static-pcs-sdk-server.test.com","http_url":"static-pcs-sdk-server.test.com/a","http_status_code":200,"http_response_line":"HTTP/1.1 200 OK","http_response_content_type":"application/json;charset=UTF-8","http_response_content_length":0,"http_response_latency_ms":0,"http_session_duration_ms":0,"http_sequence":1}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240003,"decoded_as":"SSL","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.3","server_ip":"192.0.2.3","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.ssl","server_fqdn":"storeedgefd.dsx.mp.microsoft.com","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","ssl_ja3_hash":"","ssl_esni_flag":0,"ssl_ech_flag":0,"ssl_sni":"storeedgefd.dsx.mp.microsoft.com","ssl_ja3s_hash":"","ssl_version":"v3","ssl_cn":"sfdataservice.microsoft.com","ssl_cert_issuer":"","ssl_cert_subject":"","ssl_san":"","ssl_handshake_latency_ms":0}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240004,"decoded_as":"DNS","ip_protocol":"udp","address_type":4,"client_ip":"10.0.0.4","server_ip":"192.0.2.4","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.UDP.dns","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","dns_response_latency_ms":0,"dns_qr":1,"dns_aa":0,"dns_message_id":47610,"dns_opcode":0,"dns_ra":1,"dns_rcode":0,"dns_rd":1,"dns_tc":0,"dns_qdcount":1,"dns_ancount":1,"dns_nscount":6,"dns_arcount":13,"dns_qname":"","dns_qtype":1,"dns_qclass":1}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240005,"decoded_as":"QUIC","ip_protocol":"udp","address_type":4,"client_ip":"10.0.0.5","server_ip":"192.0.2.5","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.UDP.quic","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","quic_version":"IETF QUIC RFC9000"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240006,"decoded_as":"MAIL","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.6","server_ip":"192.0.2.6","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.mail.imap","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","mail_protocol_type":"IMAP","mail_eml_file":"123e4567-e89b-12d3-a456-426614174004"}
{"__timestamp":946681200,"__inputid":"tsg_olap","session_id":10240007,"decoded_as":"SSH","ip_protocol":"tcp","address_type":4,"client_ip":"10.0.0.7","server_ip":"192.0.2.7","client_port":1000,"server_port":60000,"t_vsys_id":0,"vsys_id":1024,"data_center":"tsg_olap","device_group":"tsg_olap","device_id":"0000000000000000","sled_ip":"127.0.0.1","app":"unknown","app_transition":"","client_geolocation":"unknown","server_geolocation":"unknown","decoded_path":"ETHERNET.IPv4.TCP.ssh","server_fqdn":"","out_src_mac":"00:1A:2B:3C:4D:5E","out_dest_mac":"5E:4D:3C:2B:1A:00","start_timestamp_ms":946681200000,"end_timestamp_ms":946681200000,"tcp_rtt_ms":0,"tcp_client_isn":0,"tcp_server_isn":0,"tcp_handshake_latency_ms":0,"in_link_id":0,"out_link_id":0,"duration_ms":0,"sent_pkts":0,"sent_bytes":0,"received_pkts":0,"received_bytes":0,"tcp_c2s_ip_fragments":0,"tcp_s2c_ip_fragments":0,"tcp_c2s_rtx_pkts":0,"tcp_c2s_rtx_bytes":0,"tcp_s2c_rtx_pkts":0,"tcp_s2c_rtx_bytes":0,"tcp_c2s_o3_pkts":0,"tcp_s2c_o3_pkts":0,"tcp_c2s_lost_bytes":0,"tcp_s2c_lost_bytes":0,"flags":0,"flags_identify_info":[1,1],"fqdn_category_list":[0],"monitor_rule_list":[0],"security_rule_list":[0],"sc_rule_list":[0],"shaping_rule_list":[0],"proxy_rule_list":[0],"statistics_rule_list":[0],"monitor_mirrored_pkts":0,"monitor_mirrored_bytes":0,"client_os_desc":"Windows","server_os_desc":"Linux","dup_traffic_flag":0,"sc_rsp_raw":[0],"encapsulation":"[{\"tunnels_schema_type\":\"ETHERNET\",\"source_mac\":\"00:1A:2B:3C:4D:5E\",\"destination_mac\":\"5E:4D:3C:2B:1A:00\"}]","ssh_server_version":"SSH-2.0-OpenSSH_7.4","ssh_client_version":"SSH-2.0-OpenSSH_9.0","ssh_version":2,"ssh_hassh":"0","ssh_kex_alg":"curve25519-sha256","ssh_host_key_alg":"ssh-ed25519","ssh_cipher_alg":"chacha20-poly1305@openssh.com","ssh_mac_alg":"umac-64-etm@openssh.com","ssh_compression_alg":"none","ssh_host_key":"0"}

BIN
24.05/e2e-mockdata-generator/e2e-mockdata-generator.jar
View File

Binary file not shown.