File Log Output Format¶

The file-log module uses a line based log format. Each line represents a JSON record.

Example (this is normally a single line):

{ "id": 8121,
  "timestamp": "11\/24\/2011-14:19:28.686245",
  "ipver": 4,
  "srcip": "204.27.xx.xx",
  "dstip": "192.168.1.23",
  "protocol": 6,
  "sp": 80,
  "dp": 1101,
  "http_uri": "\/p1023\/2.0\/w.bin?24016",
  "http_host": "204.27.xx.xx",
  "http_referer": "<unknown>",
  "filename": "\/p1023\/2.0\/w.bin",
  "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
  "state": "CLOSED",
  "md5": "81accd5cf664d0e7f03751f5aff3626b",
  "stored": true,
  "size": 87552
}

Files (0)

Project

General

Profile

Suricata

Wiki

File Log Output Format¶