Google Git
Sign in
apache / metron / 1304582ed5aac68fa679e16b7df41dc064f7f93d / . / metron-platform / metron-integration-test / src / main / sample / data / bro / raw / BroExampleOutput
blob: e75c6b9645a83f357bc41826880527d4fb7170af [file] [log] [blame]
{"http":{"ts":1402307733.473,"uid":"CTo78A11g7CYbbOHvj","id.orig_h":"192.249.113.37","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"dns":{"ts":1402308259.609,"uid":"CuJT272SKaJSuqO0Ia","id.orig_h":"10.122.196.204","id.orig_p":33976,"id.resp_h":"144.254.71.184","id.resp_p":53,"proto":"udp","trans_id":62418,"query":"www.cisco.com","qclass":1,"qclass_name":"C_INTERNET","qtype":28,"qtype_name":"AAAA","rcode":0,"rcode_name":"NOERROR","AA":true,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"TTLs":[3600.0,289.0,14.0],"rejected":false}}
{"http":{"ts":1402307733.473,"uid":"KIRAN","id.orig_h":"10.122.196.204","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"http":{"ts":1402307733.473,"uid":"KIRAN12312312","id.orig_h":"192.249.113.37","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"http":{"ts":1402307733.473,"uid":"KIRAN12312312","id.orig_h":"192.249.113.37","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"http":{"ts":1402307733.473,"uid":"CTo78A11g7CYbbOHvj","id.orig_h":"10.122.196.204","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"email":"abullis@mail.csuchico.edu","method":"GET","host":"gabacentre.pw","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"dns":{"ts":1402308259.609,"uid":"CYbbOHvj","id.orig_h":"93.188.160.43","id.orig_p":33976,"id.resp_h":"144.254.71.184","id.resp_p":53,"proto":"udp","trans_id":62418,"query":"www.cisco.com","qclass":1,"qclass_name":"C_INTERNET","qtype":28,"qtype_name":"AAAA","rcode":0,"rcode_name":"NOERROR","AA":true,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["gabacentre.pw","www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"TTLs":[3600.0,289.0,14.0],"rejected":false}}
{"http":{"ts":1402307733.473,"uid":"CTo78A11g7CYbbOHvj","id.orig_h":"192.249.113.37","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"dns":{"ts":1402308259.609,"uid":"CuJT272SKaJSuqO0Ia","id.orig_h":"10.122.196.204","id.orig_p":33976,"id.resp_h":"144.254.71.184","id.resp_p":53,"proto":"udp","trans_id":62418,"query":"www.cisco.com","qclass":1,"qclass_name":"C_INTERNET","qtype":28,"qtype_name":"AAAA","rcode":0,"rcode_name":"NOERROR","AA":true,"TC":false,"RD":true,"RA":true,"Z":0,"answers":["www.cisco.com.akadns.net","origin-www.cisco.com","2001:420:1201:2::a"],"TTLs":[3600.0,289.0,14.0],"rejected":false}}
{"http":{"ts":1402307733.473,"uid":"KIRAN","id.orig_h":"10.122.196.204","id.orig_p":58808,"id.resp_h":"72.163.4.161","id.resp_p":80,"trans_depth":1,"method":"GET","host":"www.cisco.com","uri":"/","user_agent":"curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3","request_body_len":0,"response_body_len":25523,"status_code":200,"status_msg":"OK","tags":[],"resp_fuids":["FJDyMC15lxUn5ngPfd"],"resp_mime_types":["text/html"]}}
{"conn": {"ts":1440447880.931272,"uid":"CWxtRHnBTbldHnmGh","id.orig_h":"127.0.0.1","id.orig_p":52178,"id.resp_h":"127.0.0.1","id.resp_p":1812,"proto":"udp","service":"radius","duration":1.001459,"orig_bytes":75,"resp_bytes":20,"conn_state":"SF","missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":48,"tunnel_parents":[]}}
{"conn": {"ts":1440447904.122012,"uid":"CK2Oivhlh0ovRcYx","id.orig_h":"127.0.0.1","id.orig_p":62956,"id.resp_h":"127.0.0.1","id.resp_p":1812,"proto":"udp","service":"radius","duration":10.008839,"orig_bytes":225,"resp_bytes":0,"conn_state":"S0","missed_bytes":0,"history":"D","orig_pkts":3,"orig_ip_bytes":309,"resp_pkts":0,"resp_ip_bytes":0,"tunnel_parents":[]}}
{"conn": {"ts":1440448190.335333,"uid":"CX6mcO38sO7dkDxK55","id.orig_h":"127.0.0.1","id.orig_p":53127,"id.resp_h":"127.0.0.1","id.resp_p":1812,"proto":"udp","service":"radius","duration":0.000517,"orig_bytes":75,"resp_bytes":71,"conn_state":"SF","missed_bytes":0,"history":"Dd","orig_pkts":1,"orig_ip_bytes":103,"resp_pkts":1,"resp_ip_bytes":99,"tunnel_parents":[]}}
{"dpd": {"ts":1216702277.477596,"uid":"C4O50B3WAUCb2Yw29j","id.orig_h":"192.168.15.4","id.orig_p":33348,"id.resp_h":"66.33.212.43","id.resp_p":80,"proto":"tcp","analyzer":"HTTP","failure_reason":"not a http reply line"}}
{"ftp": {"ts":1166289883.160785,"uid":"ClOsCM3BUs3saPsD2c","id.orig_h":"192.168.0.114","id.orig_p":1137,"id.resp_h":"192.168.0.193","id.resp_p":21,"user":"csanders","password":"<hidden>","command":"PASV","reply_code":227,"reply_msg":"Entering Passive Mode (192,168,0,193,28,86)","data_channel.passive":true,"data_channel.orig_h":"192.168.0.114","data_channel.resp_h":"192.168.0.193","data_channel.resp_p":7254}}
{"files": {"ts":1216706983.387664,"fuid":"FnEYba9VPOcC41c1","tx_hosts":["216.113.185.92"],"rx_hosts":["192.168.15.4"],"conn_uids":["CLWqoN1IA9MB8Ru9i3"],"source":"HTTP","depth":0,"analyzers":["MD5","SHA1"],"duration":30.701792,"is_orig":false,"seen_bytes":0,"missing_bytes":3384,"overflow_bytes":0,"timedout":true}}
{"known_certs": {"ts":1216706999.34818,"host":"65.54.179.216","port_num":443,"subject":"CN=nexus.passport.com,OU=MSN Passport,O=Microsoft,L=Redmond,ST=Washington,C=US","issuer_subject":"CN=VeriSign Class 3 Secure Server CA,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign\u005c, Inc.,C=US","serial":"24A2DD82DC52358E7F0C6AF6135F3B32"}}
{"smtp": {"ts":1258568036.57884,"uid":"ChR6254RrWbrxiGsd7","id.orig_h":"192.168.1.105","id.orig_p":49353,"id.resp_h":"192.168.1.1","id.resp_p":25,"trans_depth":1,"helo":"M57Terry","last_reply":"220 2.0.0 Ready to start TLS","path":["192.168.1.1","192.168.1.105"],"tls":true,"fuids":[],"is_webmail":false}}
{"ssl": {"ts":1216706999.444925,"uid":"CVrS2IBW8gukBClA8","id.orig_h":"192.168.15.4","id.orig_p":36532,"id.resp_h":"65.54.186.47","id.resp_p":443,"version":"TLSv10","cipher":"TLS_RSA_WITH_RC4_128_MD5","server_name":"login.live.com","resumed":false,"established":true,"cert_chain_fuids":["FkYBO41LPAXxh44KFk","FPrzYN1SuBqHflXZId","FZ71xF13r5XVSam1z1"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com,OU=MSN-Passport,O=Microsoft Corporation,street=One Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=V1.0\u005c, Clause 5.(b),1.3.6.1.4.1.311.60.2.1.2=#130A57617368696E67746F6E,1.3.6.1.4.1.311.60.2.1.3=#13025553","issuer":"CN=VeriSign Class 3 Extended Validation SSL CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\u005c, Inc.,C=US","validation_status":"unable to get local issuer certificate"}}
{"weird": {"ts":1216706981.177382,"uid":"Cfxxnt3m0v9SEf5XQ7","id.orig_h":"192.168.15.4","id.orig_p":36446,"id.resp_h":"66.151.146.194","id.resp_p":80,"name":"unescaped_special_URI_char","notice":false,"peer":"bro"}}
{"notice": {"ts":1216706377.196728,"uid":"CNHQmp1mNiZHdAf5Ce","id.orig_h":"192.168.15.4","id.orig_p":35736,"id.resp_h":"74.125.19.104","id.resp_p":443,"proto":"tcp","note":"SSL::Invalid_Server_Cert","msg":"SSL certificate validation failed with (unable to get local issuer certificate)","sub":"CN=www.google.com,O=Google Inc,L=Mountain View,ST=California,C=US","src":"192.168.15.4","dst":"74.125.19.104","p":443,"peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false}}
{"dhcp": {"ts":1258567562.944638,"uid":"CSiO9f3y8Uyu0XprAi","id.orig_h":"192.168.1.103","id.orig_p":68,"id.resp_h":"192.168.1.1","id.resp_p":67,"mac":"00:0b:db:63:5b:d4","assigned_ip":"192.168.1.103","lease_time":3564.0,"trans_id":418901490}}
{"ssh": {"ts":1320435930.914196,"uid":"CyrWKo1E1rRywjbOAk","id.orig_h":"172.16.238.1","id.orig_p":58435,"id.resp_h":"172.16.238.136","id.resp_p":22,"version":2,"auth_success":false,"client":"SSH-2.0-OpenSSH_5.6","server":"SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1","cipher_alg":"aes128-ctr","mac_alg":"hmac-md5","compression_alg":"none","kex_alg":"diffie-hellman-group-exchange-sha256","host_key_alg":"ssh-rsa","host_key":"87:11:46:da:89:c5:2b:d9:6b:ee:e0:44:7e:73:80:f8"}}
{"software": {"ts":1320435464.768382,"host":"172.16.238.168","host_p":22,"software_type":"SSH::SERVER","name":"OpenSSH","version.major":5,"version.minor":3,"unparsed_version":"OpenSSH_5.3"}}
{"radius": {"ts":1440447766.441298,"uid":"CqF4zGzBOXFjTWqHh","id.orig_h":"127.0.0.1","id.orig_p":53031,"id.resp_h":"127.0.0.1","id.resp_p":1812,"username":"steve","result":"failed"}}
{"x509": {"ts":1216706999.661483,"id":"FkYBO41LPAXxh44KFk","certificate.version":3,"certificate.serial":"6905C4A47CFDBF9DBC98DACE38835FB8","certificate.subject":"CN=login.live.com,OU=MSN-Passport,O=Microsoft Corporation,street=One Microsoft Way,L=Redmond,ST=Washington,postalCode=98052,C=US,serialNumber=600413485,businessCategory=V1.0\u005c, Clause 5.(b),1.3.6.1.4.1.311.60.2.1.2=#130A57617368696E67746F6E,1.3.6.1.4.1.311.60.2.1.3=#13025553","certificate.issuer":"CN=VeriSign Class 3 Extended Validation SSL CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\u005c, Inc.,C=US","certificate.not_valid_before":1213833600.0,"certificate.not_valid_after":1248134399.0,"certificate.key_alg":"rsaEncryption","certificate.sig_alg":"sha1WithRSAEncryption","certificate.key_type":"rsa","certificate.key_length":1024,"certificate.exponent":"65537","basic_constraints.ca":false}}
{"known_devices": {"ts":1258531221.486539,"mac":"00:0b:db:63:58:a6","dhcp_host_name":"m57-jo"}}
{"rfb": {"ts":1328634261.675248,"uid":"CGhHbC1P1kuJYtR4Ul","id.orig_h":"192.168.1.10","id.orig_p":10254,"id.resp_h":"192.168.1.114","id.resp_p":5900,"client_major_version":"003","client_minor_version":"007","server_major_version":"003","server_minor_version":"007","authentication_method":"VNC","auth":true,"share_flag":false,"desktop_name":"aneagles@localhost.localdomain","width":1280,"height":800}}
{"stats": {"ts":1328634261.351352,"peer":"bro","mem":55,"pkts_proc":1,"bytes_recv":62,"events_proc":392,"events_queued":13,"active_tcp_conns":1,"active_udp_conns":0,"active_icmp_conns":0,"tcp_conns":1,"udp_conns":0,"icmp_conns":0,"timers":35,"active_timers":32,"files":0,"active_files":0,"dns_requests":0,"active_dns_requests":0,"reassem_tcp_size":0,"reassem_file_size":0,"reassem_frag_size":0,"reassem_unknown_size":0}}
{"capture_loss": {"ts":1328634276.90953,"ts_delta":15.558178,"peer":"bro","gaps":0,"acks":710,"percent_lost":0.0}}
{"sip": {"ts":1216698600.338338,"uid":"Cl2G2m3bdeE8F9I9ei","id.orig_h":"192.168.1.64","id.orig_p":1033,"id.resp_h":"69.59.232.120","id.resp_p":10000,"trans_depth":0,"method":"REGISTER","uri":"sip:t.voncp.com:10000","request_from":"\u002216178766111\u0022 <sip:16178766111@t.voncp.com:10000>","request_to":"\u002216178766111\u0022 <sip:16178766111@t.voncp.com:10000>","call_id":"7757a70e218b95730dd2daeaac7d20b1@192.168.1.64","seq":"1761527957 REGISTER","request_path":["SIP/2.0/UDP 192.168.1.64:10000","SIP/2.0/UDP 192.168.1.64:10000","SIP/2.0/UDP 192.168.1.64:10000","SIP/2.0/UDP 192.168.1.64:10000"],"response_path":[],"user_agent":"VDV21 001DD92E4F61 2.8.1_1.4.7 LwooEk3GCD/bcm001DD92E4F61.xml","request_body_len":0}}