eve.json - Suricata - Open Information Security Foundation

Support #2180 » eve.json

Anonymous, 07/12/2017 05:20 PM

    
    {"timestamp":"2016-10-21T20:32:14.315067+0200","flow_id":883091970117307,"pcap_cnt":1,"event_type":"alert","src_ip":"134.96.235.150","src_port":52517,"dest_ip":"172.217.16.174","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":102,"rev":0,"signature":"M2","category":"","severity":3},"flow":{"pkts_toserver":1,"pkts_toclient":0,"bytes_toserver":516,"bytes_toclient":0,"start":"2016-10-21T20:32:14.315067+0200"}}

    {"timestamp":"2016-10-21T20:32:14.328748+0200","flow_id":883091970117307,"pcap_cnt":2,"event_type":"alert","src_ip":"172.217.16.174","src_port":80,"dest_ip":"134.96.235.150","dest_port":52517,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":102,"rev":0,"signature":"M2","category":"","severity":3},"flow":{"pkts_toserver":1,"pkts_toclient":1,"bytes_toserver":516,"bytes_toclient":537,"start":"2016-10-21T20:32:14.315067+0200"}}

    {"timestamp":"2016-10-21T20:32:14.328748+0200","flow_id":883091970117307,"event_type":"flow","src_ip":"134.96.235.150","src_port":52517,"dest_ip":"172.217.16.174","dest_port":80,"proto":"TCP","flow":{"pkts_toserver":1,"pkts_toclient":1,"bytes_toserver":516,"bytes_toclient":537,"start":"2016-10-21T20:32:14.315067+0200","end":"2016-10-21T20:32:14.328748+0200","age":0,"state":"new","reason":"shutdown","alerted":true},"tcp":{"tcp_flags":"00","tcp_flags_ts":"00","tcp_flags_tc":"00"}}

    {"timestamp":"2017-07-13T00:15:57.157498+0200","event_type":"stats","stats":{"uptime":0,"decoder":{"pkts":2,"bytes":1053,"invalid":0,"ipv4":2,"ipv6":0,"ethernet":2,"raw":0,"null":0,"sll":0,"tcp":2,"udp":0,"sctp":0,"icmpv4":0,"icmpv6":0,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":526,"max_pkt_size":537,"erspan":0,"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"dce":{"pkt_too_small":0}},"flow":{"memcap":0,"tcp":1,"udp":0,"icmpv4":0,"icmpv6":0,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":7074592},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"tcp":{"sessions":0,"ssn_memcap_drop":0,"pseudo":0,"pseudo_failed":0,"invalid_checksum":0,"no_flow":0,"syn":0,"synack":0,"rst":0,"segment_memcap_drop":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"insert_list_fail":0,"memuse":573440,"reassembly_memuse":81920},"detect":{"alert":2},"app_layer":{"flow":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"msn":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":0,"failed_udp":0},"tx":{"http":0,"ftp":0,"smtp":0,"tls":0,"ssh":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"dcerpc_udp":0,"dns_udp":0}},"flow_mgr":{"closed_pruned":0,"new_pruned":0,"est_pruned":0,"bypassed_pruned":0,"flows_checked":0,"flows_notimeout":0,"flows_timeout":0,"flows_timeout_inuse":0,"flows_removed":0,"rows_checked":65536,"rows_skipped":65536,"rows_empty":0,"rows_busy":0,"rows_maxlen":0},"file_store":{"open_files":0},"dns":{"memuse":0,"memcap_state":0,"memcap_global":0},"http":{"memuse":0,"memcap":0}}}

(6-6/7)

Project

General

Profile

Suricata

Support #2180 » eve.json