diff options
Diffstat (limited to 'test/results/syslog.pcap.out')
| -rw-r--r-- | test/results/syslog.pcap.out | 122 |
1 files changed, 61 insertions, 61 deletions
diff --git a/test/results/syslog.pcap.out b/test/results/syslog.pcap.out index 6c5259412..395c632f6 100644 --- a/test/results/syslog.pcap.out +++ b/test/results/syslog.pcap.out @@ -4,106 +4,106 @@ 00176{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_msec":113756} 00766{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="} 00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1377043331844} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1377043331844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1377043331844,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043331844,"flow_idle_time":200000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1377043331844,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1377043331884,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1377043331884,"pkt":"vDBb56YVAASWJ4vKCABFAAChJ0gAADwRXXKsFDM2rB9uKAICAgIAjZRnPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBCdWlsZExvb3BNYXAgZmNwVHJhbnNwb3J0TG9jYWxQb3J0LmNwcCAxOTg5CjAgTG9vcE1hcDogMDE5ZDlmOWU5YjhmOTg5MDk3YWJhYWE5YWNhNWE3YTZhMwoKAA=="} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1377043331893,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_msec":1377043331893,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1388653792914} -00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00691{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1388653792914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1388653792914,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} -00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043354299,"flow_idle_time":200000,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":2295,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00751{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653792914,"flow_idle_time":200000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844,"flow_last_seen":1377043354299,"flow_idle_time":200000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388653792914,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1388653841215,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":1388653841215,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1488571038380} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1488571038380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_msec":1488571038380,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571038380,"flow_idle_time":200000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571038380,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1488571038381,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":165,"pkt_l4_len":127,"thread_ts_msec":1488571038381,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkwBHAAD\/EUitwKh5CsCoeArDoAICAH\/o6TwxODk+NzM6IE1hciAgMyAxOTo1NzoxOC4zNzc6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBkb3du"} -00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653841215,"flow_idle_time":200000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":152,"midstream":0,"thread_ts_msec":1488571038381,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914,"flow_last_seen":1388653841215,"flow_idle_time":200000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571038381,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1488571187162,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":141,"pkt_l4_len":103,"thread_ts_msec":1488571187162,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAewBIAAD\/EUjEwKh5CsCoeArDoAICAGcZkzwxODc+NzQ6IE1hciAgMyAxOTo1OTo0Ni4xNTI6ICVMSU5LLTMtVVBET1dOOiBJbnRlcmZhY2UgR2lnYWJpdEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1488571330521,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":184,"pkt_l4_len":146,"thread_ts_msec":1488571330521,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAApgA+AAD\/EUirwKh5AsCoeArEsAICAJJuQTwxOTA+NjM6IE1hciAgMyAyMDowMjowOS40NjQ6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gOjooMjIpLCAxIHBhY2tldA=="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330521,"flow_idle_time":200000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571330521,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1488571330522,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_msec":1488571330522,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} -00690{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"midstream":0,"thread_ts_msec":1488571330522,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1488571330522,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_msec":1557406267494} -00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406267494,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"midstream":0,"thread_ts_msec":1557406267494,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} +00661{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406267494,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557406267494,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1557406267494,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406267494,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406267510,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"midstream":0,"thread_ts_msec":1557406267510,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} +00660{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406267510,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557406267510,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 01019{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1557406267510,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406267510,"pkt":"ABRpnhFAABDb\/xAACABFAAHSqgRAAPspB3jYQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1557406275495,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406275495,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd7gAAIAp7nLBGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01020{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1557406275511,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_msec":1557406275511,"pkt":"ABRpnhFAABDb\/xAACABFAAHSru1AAPspAo\/YQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330522,"flow_idle_time":200000,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":293,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":446,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521,"flow_last_seen":1488571330522,"flow_idle_time":200000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380,"flow_last_seen":1488571189276,"flow_idle_time":200000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1557406275511,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1557406279481,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1557406279481,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01095{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1557406279497,"flow_idle_time":620000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_msec":1557406279497,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_msec":1600781689297} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1600781689297,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1600781689297,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":200000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1600781690282,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_msec":1600781690282,"pkt":"qrvMbk9eqrvMlgwFCABFAACSAAEAAP8RpACsFfskrBPEC\/TXAgIAfpjBPDE5MD4zMTogKlNlcCAyMiAxMzozNDo0OS4yMjA6ICVTWVMtNi1MT0dHSU5HSE9TVF9TVEFSVFNUT1A6IExvZ2dpbmcgdG8gaG9zdCAxMC4xLjIuMiBwb3J0IDUxNCBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZA=="} -00569{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} -00570{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406279481,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406279481,"flow_idle_time":620000,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1395,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} -00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00677{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00662{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510,"flow_last_seen":1557406279497,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} +00678{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406279481,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} +00663{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494,"flow_last_seen":1557406279481,"flow_idle_time":620000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781690282,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} +00699{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1600781776117,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1600781776117,"pkt":"qrvMXnUpqrvMO4StCABFAACQAAMAAP8RPujAqEiMwKiylPTXAgIAfAzhPDE0PjMzOiAqU2VwIDIyIDEzOjM2OjE1LjMwODogJVNZUy02LUxPR0dJTkdIT1NUX1NUQVJUU1RPUDogTG9nZ2luZyB0byBob3N0IDEwLjEuMi4yIHBvcnQgNTE0IHJlc3RvcmVkIENMSSBpbml0aWF0ZWQ="} -00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":200000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1600781777157,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1600781777157,"pkt":"qrvMXnUpqrvMO4StCABFAABtAAQAAP8RPwrAqEiMwKiylPTXAgIAWZ\/\/PDEzPjM0OiAqU2VwIDIyIDEzOjM2OjE2LjA5MTogJVNZUy01LUNPTkZJR19JOiBDb25maWd1cmVkIGZyb20gY29uc29sZSBieSBjb25zb2xl"} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1600781952293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAAB5AAgAAP8RdwvAqEPxCsE1BvTXAgIAZVTQPDE4Nz4zODogUjE6ICpTZXAgMjIgMTM6Mzk6MTEuMjUwOiAlTElOSy0zLVVQRE9XTjogSW50ZXJmYWNlIEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1600781952293,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} -00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":200000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":200000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1600782411853} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00700{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1600782411853,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1600782411853,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":200000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":200000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":200000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":200000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1600782437280,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":1600782437280,"pkt":"qrvMCetCqrvMS9ZJCABFAAD+AAEAAP8RHeXAqH5mrBOx5t9OAgIA6uDbPDE4Nz44MzogUjE6IFtzeXNsb2dAOSBzX3NuPSIyIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElOSzwvZmFjaWxpdHk+PHNldmVyaXR5PjM8L3NldmVyaXR5Pjxtc2ctaWQ+VVBET1dOPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo0NzoxNi40MDQ8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+RXRoZXJuZXQwLzM8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1600782437466,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_msec":1600782437466,"pkt":"qrvMCetCqrvMS9ZJCABFAAEAAAIAAP8RHeLAqH5mrBOx5t9OAgIA7NFUPDE4OT44NDogUjE6IFtzeXNsb2dAOSBzX3NuPSIzIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDc6MTcuMTk2PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} -00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00696{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1600782466695,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1600782466695,"pkt":"qrvMdK0EqrvMag4ECABFAACHAAQAAP8RGw4KFrPXrBo2TN9OAgIAcw8OPDE4OT44NTogUjE6IFtzeXNsb2dAOSBzX3NuPSI1Il06ICpTZXAgMjIgMTM6NDc6NDUuNjcyOiAlU1lTLTUtQ09ORklHX0k6IENvbmZpZ3VyZWQgZnJvbSBjb25zb2xlIGJ5IGNvbnNvbGU="} -00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00756{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":200000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1600782475311,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1600782475311,"pkt":"qrvMdK0EqrvMag4ECABFAACrAAUAAP8RGukKFrPXrBo2TN9OAgIAl+OwPDE5MD44NjogUjE6IFtzeXNsb2dAOSBzX3NuPSI2Il06ICpTZXAgMjIgMTM6NDc6NTQuMzAzOiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgc3RvcHBlZCAtIENMSSBpbml0aWF0ZWQ="} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1600782476392,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_msec":1600782476392,"pkt":"qrvMdK0EqrvMag4ECABFAACqAAYAAP8RGukKFrPXrBo2TN9OAgIAlm33PDE5MD44NzogUjE6IFtzeXNsb2dAOSBzX3NuPSI3Il06ICpTZXAgMjIgMTM6NDc6NTUuNjk5OiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgcmVzdG9yZWQgQ0xJIGluaXRpYXRlZA=="} -00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00698{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1600782514222,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_msec":1600782514222,"pkt":"qrvMkvyHqrvMTZFeCABFAADrAAkAAP8RSX\/AqC2iCtB4X99OAgIA1wa4PDE4OT45MjogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDg6MzMuOTc4PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} -00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00758{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":200000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1600782515213,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_msec":1600782515213,"pkt":"qrvMkvyHqrvMTZFeCABFAADsAAoAAP8RSX3AqC2iCtB4X99OAgIA2PlAPDE4OT45MzogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElORVBST1RPPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5VUERPV048L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ4OjM0LjIwMDwvdGltZT48YXJncz48YXJnIGlkPSIwIj5Mb29wYmFjazE8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1600782647886,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1600782647886,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAAsAAP8R5RQK4CuVrBfzWd9OAgIA0\/DmPDE4OT45NDogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo0Ni43Nzc8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":200000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1600782652384,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_msec":1600782652384,"pkt":"qrvMj6IeqrvMSxtwCABFAADoAAwAAP8R5RIK4CuVrBfzWd9OAgIA1N5pPDE4OT45NTogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5MSU5FUFJPVE88L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPlVQRE9XTjwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NTA6NTEuNzUyPC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPkxvb3BiYWNrMjwvYXJnPjxhcmcgaWQ9IjEiPnVwPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1600782653380,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_msec":1600782653380,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAA0AAP8R5RIK4CuVrBfzWd9OAgIA0\/vrPDE4OT45NjogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo1Mi4zMTI8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":200000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":200000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_msec":1618744015613} -00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00693{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1618744015613,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1618744015613,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00753{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744015613,"flow_idle_time":200000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744015613,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1618744015638,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1618744015638,"pkt":"AAAAAAAAAAgA5occCABFAABiAABAADwRr9asGuW+rBdQxAICAgIATjrrPDMwPnNubXBkWzY5NTZdOiBSZWNlaXZlZCBTTk1QIHBhY2tldChzKSBmcm9tIFVEUDogWzEyNy4wLjAuMV06MjEzMTEgCg=="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1618744015652,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_msec":1618744015652,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":200000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":200000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704,"flow_last_seen":1618744117704,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744117704,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":200000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":200000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":200000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744015724,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00695{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704,"flow_last_seen":1618744117704,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744117704,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1618744117704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744117704,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEPOQAA\/BnudCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/r2sAAAIEBbQBAwMFAQEICgVJ71MAAAAABAIAAA=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1618744118712,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744118712,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEydQAA\/BnLOCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/q4MAAAIEBbQBAwMFAQEICgVJ8zsAAAAABAIAAA=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1618744119704,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1618744119704,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQKarQAA\/BhjACrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/p5sAAAIEBbQBAwMFAQEICgVJ9yMAAAAABAIAAA=="} -00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704,"flow_last_seen":1618744129233,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":0,"thread_ts_msec":1618744129233,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744046789,"flow_idle_time":200000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":1244,"midstream":0,"thread_ts_msec":1618744314014,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00891{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704,"flow_last_seen":1618744129233,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744129233,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613,"flow_last_seen":1618744046789,"flow_idle_time":200000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744314014,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00700{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1618744358191,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":1618744358191,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} -00652{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744358191,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_msec":1639052948178} -00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00694{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1639052948178,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_msec":1639052948178,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} -00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00822{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704,"flow_last_seen":1618744314014,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191,"flow_last_seen":1618744358191,"flow_idle_time":200000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00930{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704,"flow_last_seen":1618744314014,"flow_idle_time":7580000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639052948178,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_msec":1646228387732} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_msec":1646228387732} 00971{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_msec":1639052948178,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} @@ -114,17 +114,17 @@ 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_msec":1646228388765} 00979{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_msec":1639052948178,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="} 00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1646781267422} -00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00692{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1646781267422,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_msec":1646781267422,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} -00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267422,"flow_idle_time":200000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781267422,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1646781267424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_msec":1646781267424,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAfIN0QAA+ESYWCl7oFQpelhXgHgICAGj66Tw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IGV0aDA6IGxpbmsgYmVjb21lcyByZWFkeQ=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1646781267424,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":149,"pkt_l4_len":111,"thread_ts_msec":1646781267424,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAg4N1QAA+ESYOCl7oFQpelhXgHgICAG\/wdjw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IHZldGhhNWZhMTNmOiBsaW5rIGJlY29tZXMgcmVhZHk="} -00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} +00697{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1646781268509,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":1316,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1316,"pkt_l4_len":1278,"thread_ts_msec":1646781268509,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAFEpBvQAA+EaxdCl5QPApelhaaDgICBP4qVzwzMD5NYXIgIDkgMDQ6NDQ6MjggbmRjM2x2bXNkcHRkMiBmaWxlYmVhdDogMjAyMi0wMy0wOVQwNDo0NDoyOC41MDIrMDUzMCMwMTFJTkZPIzAxMVttb25pdG9yaW5nXSMwMTFsb2cvbG9nLmdvOjE0NSMwMTFOb24temVybyBtZXRyaWNzIGluIHRoZSBsYXN0IDMwcyMwMTF7Im1vbml0b3JpbmciOiB7Im1ldHJpY3MiOiB7ImJlYXQiOnsiY3B1Ijp7InN5c3RlbSI6eyJ0aWNrcyI6MzQyNzY1MCwidGltZSI6eyJtcyI6M319LCJ0b3RhbCI6eyJ0aWNrcyI6NjA2MDIxMCwidGltZSI6eyJtcyI6OH0sInZhbHVlIjo2MDYwMjEwfSwidXNlciI6eyJ0aWNrcyI6MjYzMjU2MCwidGltZSI6eyJtcyI6NX19fSwiaGFuZGxlcyI6eyJsaW1pdCI6eyJoYXJkIjo0MDk2LCJzb2Z0IjoxMDI0fSwib3BlbiI6MTB9LCJpbmZvIjp7ImVwaGVtZXJhbF9pZCI6ImI0MDc3MDU1LTNlZmUtNDk4Yi04ZDUwLWQ5MTZmMWYzMTllYSIsInVwdGltZSI6eyJtcyI6ODkyNzYxMjYxM319LCJtZW1zdGF0cyI6eyJnY19uZXh0IjoyNTIwNDQ0OCwibWVtb3J5X2FsbG9jIjoxNjQzMjM5MiwibWVtb3J5X3RvdGFsIjo0NzA1MTM5NDgyNDh9LCJydW50aW1lIjp7Imdvcm91dGluZXMiOjM0fX0sImZpbGViZWF0Ijp7ImV2ZW50cyI6eyJhZGRlZCI6MiwiZG9uZSI6Mn0sImhhcnZlc3RlciI6eyJmaWxlcyI6eyJhYmY2ZWIzOC02NGFjLTRjY2UtOWQyNy1hZjlmNjg0MzAwYmIiOnsibGFzdF9ldmVudF9wdWJsaXNoZWRfdGltZSI6IjIwMjItMDMtMDlUMDQ6NDM6NTkuNTQ0WiIsImxhc3RfZXZlbnRfdGltZXN0YW1wIjoiMjAyMi0wMy0wOVQwNDo0Mzo1OS41NDRaIiwicmVhZF9vZmZzZXQiOjI1MzIsInNpemUiOjI1MzJ9fSwib3Blbl9maWxlcyI6MiwicnVubmluZyI6Mn19LCJsaWJiZWF0Ijp7ImNvbmZpZyI6eyJtb2R1bGUiOnsicnVubmluZyI6MH19LCJvdXRwdXQiOnsiZXZlbnRzIjp7ImFja2VkIjoyLCJiYXRjaGVzIjoxLCJ0b3RhbCI6Mn0sInJlYWQiOnsiYnl0ZXMiOjEyfSwid3JpdGUiOnsiYnl0ZXMiOjEyMzR9fSwicGlwZWxpbmUiOnsiY2xpZW50cyI6MSwiZXZlbnRzIjp7ImFjdGl2ZSI6MCwicHVibGlzaGVkIjoyLCJ0b3RhbCI6Mn0sInF1ZXVlIjp7ImFja2VkIjoyfX19LCJyZWdpc3RyYXIiOnsic3RhdGVzIjp7ImN1cnJlbnQiOjMsInVwZGF0ZSI6Mn0sIndyaXRlcyI6eyJzdWNjZXNzIjoxLCJ0b3RhbCI6MX19LCJzeXN0ZW0iOnsibG9hZCI6eyIxIjowLCIxNSI6MC4wNSwiNSI6MC4wMSwibm9ybSI6eyIxIjowLCIxNSI6MC4wMTI1LCI1IjowLjAwMjV9fX19fX0="} -00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_min_l4_payload_len":1270,"flow_max_l4_payload_len":1270,"flow_tot_l4_payload_len":1270,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267427,"flow_idle_time":200000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":510,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509,"flow_last_seen":1646781268509,"flow_idle_time":200000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178,"flow_last_seen":1639052948178,"flow_idle_time":200000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} +00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422,"flow_last_seen":1646781267427,"flow_idle_time":200000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_msec":1646781268509,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_msec":1646781268509} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 @@ -134,8 +134,8 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6027105 bytes -~~ total memory freed........: 6027105 bytes +~~ total memory allocated....: 6027257 bytes +~~ total memory freed........: 6027257 bytes ~~ total allocations/frees...: 121044/121044 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 181 chars |