diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-13 20:33:15 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-13 22:05:08 +0200 |
| commit | d4633c11927683865d8b7bec5e0e4162bae82a60 (patch) | |
| tree | 12e0d78562254e297b7ef9c0f9d4cc3c8fa53874 /schema/packet_event_schema.json | |
| parent | aca1615dc13bac949d507c493e9cef80fd2402ef (diff) | |
New flow event: 'analysis'.
* The goal was to provide a separate event for extracted feature that are not required
and only useful for a few (e.g. someone who wants do ML).
* Increased network buffer size to 32kB (8192 * 4).
* Switched timestamp precision from ms to us for *ALL* timestamps.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'schema/packet_event_schema.json')
| -rw-r--r-- | schema/packet_event_schema.json | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json index e0e549d71..f38d8aa58 100644 --- a/schema/packet_event_schema.json +++ b/schema/packet_event_schema.json @@ -13,21 +13,21 @@ "pkt_l4_offset", "pkt_len", "pkt_l4_len", - "thread_ts_msec" + "thread_ts_usec" ], "dependencies" : { - "flow_id" : [ "flow_packet_id", "flow_last_seen", "flow_idle_time" ] + "flow_id" : [ "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] }, "if": { "properties": { "packet_event_name": { "enum": ["packet-flow"] } } }, "then": { - "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ] + "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] }, "else": { - "not": { "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ] } + "not": { "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] } }, "properties": { @@ -64,7 +64,11 @@ "flow_packet_id": { "type": "number" }, - "flow_last_seen": { + "flow_src_last_pkt_time": { + "type": "number", + "minimum": 0 + }, + "flow_dst_last_pkt_time": { "type": "number", "minimum": 0 }, @@ -95,7 +99,7 @@ "minimum": 0, "maximum": 65535 }, - "thread_ts_msec": { + "thread_ts_usec": { "type": "number", "minimum": 0 }, |