Project

General

Profile

Bug #2430 » evelog.txt

eve log - Jason Taylor, 02/01/2018 08:35 AM

 
1
http EVE log:
2
{"timestamp":"2018-01-30T14:28:03.654946-0500","flow_id":1848866504903482,"event_type":"http","src_ip":"10.123.173.114","src_port":8080,"dest_ip":"10.120.128.236","dest_port":53909,"proto":"TCP","tx_id":0,"http":{"hostname":"qagpublic.qg1.apps.qualys.com","url":"qagpublic.qg1.apps.qualys.com:443"}}
3

    
4
tls EVE log:
5
{"timestamp":"2018-01-30T14:28:03.745300-0500","flow_id":1848866504903482,"pcap_cnt":14,"event_type":"tls","src_ip":"10.120.128.236","src_port":53909,"dest_ip":"10.123.173.114","dest_port":8080,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Redwood City, O=Qualys, Inc., OU=Production, CN=qagpublic.qg1.apps.qualys.com","issuerdn":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server SHA256 SSL CA","serial":"53:69:DA:29:E6:0B:BD:EE:C5:B1:5A:12:C1:30:4C:1B","fingerprint":"4a:33:62:1b:07:58:d5:78:0f:fb:f4:fc:88:eb:81:f4:e1:c0:8c:2d","sni":"qagpublic.qg1.apps.qualys.com","version":"TLS 1.2","notbefore":"2017-04-26T00:00:00","notafter":"2019-04-27T23:59:59","from_proto":"http"}}
6

    
7
flow EVE log:
8
{"timestamp":"2018-01-30T14:29:04.078794-0500","flow_id":1848866504903482,"event_type":"flow","src_ip":"10.120.128.236","src_port":53909,"dest_ip":"10.123.173.114","dest_port":8080,"proto":"TCP","app_proto":"tls","app_proto_orig":"http","flow":{"pkts_toserver":12,"pkts_toclient":16,"bytes_toserver":2377,"bytes_toclient":5185,"start":"2018-01-30T14:28:03.592698-0500","end":"2018-01-30T14:29:04.078794-0500","age":61,"state":"closed","reason":"shutdown","alerted":false},"tcp":{"tcp_flags":"db","tcp_flags_ts":"db","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"ecn":true,"cwr":true,"state":"closed"}}
9

    
10
stats EVE log:
11
{"timestamp":"2018-01-31T09:22:26.419520-0500","event_type":"stats","stats":{"uptime":0,"decoder":{"pkts":28,"bytes":7562,"invalid":0,"ipv4":28,"ipv6":0,"ethernet":28,"raw":0,"null":0,"sll":0,"tcp":28,"udp":0,"sctp":0,"icmpv4":0,"icmpv6":0,"ppp":0,"pppoe":0,"gre":0,"vlan":0,"vlan_qinq":0,"teredo":0,"ipv4_in_ipv6":0,"ipv6_in_ipv6":0,"mpls":0,"avg_pkt_size":270,"max_pkt_size":1384,"erspan":0,"ipraw":{"invalid_ip_version":0},"ltnull":{"pkt_too_small":0,"unsupported_type":0},"dce":{"pkt_too_small":0}},"flow":{"memcap":0,"tcp":1,"udp":0,"icmpv4":0,"icmpv6":0,"spare":10000,"emerg_mode_entered":0,"emerg_mode_over":0,"tcp_reuse":0,"memuse":7074592},"defrag":{"ipv4":{"fragments":0,"reassembled":0,"timeouts":0},"ipv6":{"fragments":0,"reassembled":0,"timeouts":0},"max_frag_hits":0},"tcp":{"sessions":1,"ssn_memcap_drop":0,"pseudo":2,"pseudo_failed":0,"invalid_checksum":0,"no_flow":0,"syn":1,"synack":1,"rst":0,"segment_memcap_drop":0,"stream_depth_reached":0,"reassembly_gap":0,"overlap":0,"overlap_diff_data":0,"insert_data_normal_fail":0,"insert_data_overlap_fail":0,"insert_list_fail":0,"memuse":1146880,"reassembly_memuse":163840},"detect":{"alert":0},"app_layer":{"flow":{"http":1,"ftp":0,"smtp":0,"tls":0,"ssh":0,"imap":0,"msn":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"failed_tcp":0,"dcerpc_udp":0,"dns_udp":0,"failed_udp":0},"tx":{"http":1,"ftp":0,"smtp":0,"tls":0,"ssh":0,"smb":0,"dcerpc_tcp":0,"dns_tcp":0,"dcerpc_udp":0,"dns_udp":0}},"flow_mgr":{"closed_pruned":0,"new_pruned":0,"est_pruned":0,"bypassed_pruned":0,"flows_checked":1,"flows_notimeout":1,"flows_timeout":0,"flows_timeout_inuse":0,"flows_removed":0,"rows_checked":65536,"rows_skipped":65535,"rows_empty":0,"rows_busy":0,"rows_maxlen":1},"file_store":{"open_files":0},"dns":{"memuse":0,"memcap_state":0,"memcap_global":0},"http":{"memuse":0,"memcap":0}}}
12

    
(1-1/3)