eve.json - Suricata - Open Information Security Foundation

Support #1890 » eve.json

Roman Gavrilchenko, 09/19/2016 08:38 AM

    
    {"timestamp":"2016-09-14T18:19:04.752237+0300","flow_id":1472623664406443,"event_type":"flow","src_ip":"10.1.1.1","src_port":53455,"dest_ip":"10.1.1.2","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":7,"pkts_toclient":4,"bytes_toserver":3242,"bytes_toclient":5081,"start":"2016-09-14T18:19:03.696235+0300","end":"2016-09-14T18:19:04.752237+0300","age":1,"state":"new","reason":"shutdown"},"tcp":{"tcp_flags":"13","tcp_flags_ts":"13","tcp_flags_tc":"00","syn":true,"fin":true,"ack":true,"state":"syn_sent"}}

    {"timestamp":"2016-09-19T16:31:28.875464+0300","event_type":"stats","stats":{"uptime":0,"decoder":{"pkts":11,"bytes":8323,"invalid":0,"ipv4":11,"ipv6":0,"ethernet":11,"raw":0,"null":0,"sll":0,"tcp":11,"udp":0,"sctp":0,"icmpv4":0,"icmpv6":0,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":756,"max_pkt_size":4907,"erspan":0,"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"dce":{"pkt_too_small":0}},"flow":{"memcap":0,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":7154600},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"stream":{"3whs_ack_in_wrong_dir":0,"3whs_async_wrong_seq":0,"3whs_right_seq_wrong_ack_evasion":0},"tcp":{"sessions":1,"ssn_memcap_drop":0,"pseudo":0,"pseudo_failed":0,"invalid_checksum":5,"no_flow":0,"syn":1,"synack":0,"rst":0,"segment_memcap_drop":0,"stream_depth_reached":0,"reassembly_gap":0,"memuse":786432,"reassembly_memuse":12320544},"detect":{"alert":0},"flow_mgr":{"closed_pruned":0,"new_pruned":0,"est_pruned":0},"dns":{"memuse":0,"memcap_state":0,"memcap_global":0},"http":{"memuse":0,"memcap":0}}}

(2-2/4)

Project

General

Profile

Suricata

Support #1890 » eve.json