diff options
Diffstat (limited to 'test/results/syslog.pcap.out')
| -rw-r--r-- | test/results/syslog.pcap.out | 98 |
1 files changed, 49 insertions, 49 deletions
diff --git a/test/results/syslog.pcap.out b/test/results/syslog.pcap.out index 6b56a6b56..5c7575dfa 100644 --- a/test/results/syslog.pcap.out +++ b/test/results/syslog.pcap.out @@ -6,29 +6,29 @@ 00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1377043331844398,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} -00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1377043331884737,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1377043331884737,"pkt":"vDBb56YVAASWJ4vKCABFAAChJ0gAADwRXXKsFDM2rB9uKAICAgIAjZRnPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBCdWlsZExvb3BNYXAgZmNwVHJhbnNwb3J0TG9jYWxQb3J0LmNwcCAxOTg5CjAgTG9vcE1hcDogMDE5ZDlmOWU5YjhmOTg5MDk3YWJhYWE5YWNhNWE3YTZhMwoKAA=="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1377043331893307,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043331893307,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1388653792914155} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653792914155,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} -00860{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00903{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00903{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} -00902{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00945{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1488571038380901} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} -00867{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1488571038381406,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":165,"pkt_l4_len":127,"thread_ts_usec":1488571038381406,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAkwBHAAD\/EUitwKh5CsCoeArDoAICAH\/o6TwxODk+NzM6IE1hciAgMyAxOTo1NzoxOC4zNzc6ICVMSU5FUFJPVE8tNS1VUERPV046IExpbmUgcHJvdG9jb2wgb24gSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBkb3du"} -00900{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038381406,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038381406,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1488571187162253,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":141,"pkt_l4_len":103,"thread_ts_usec":1488571187162253,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAewBIAAD\/EUjEwKh5CsCoeArDoAICAGcZkzwxODc+NzQ6IE1hciAgMyAxOTo1OTo0Ni4xNTI6ICVMSU5LLTMtVVBET1dOOiBJbnRlcmZhY2UgR2lnYWJpdEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00907{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571189276080,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571189276080,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":184,"pkt_l4_len":146,"thread_ts_usec":1488571330521769,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAApgA+AAD\/EUirwKh5AsCoeArEsAICAJJuQTwxOTA+NjM6IE1hciAgMyAyMDowMjowOS40NjQ6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gOjooMjIpLCAxIHBhY2tldA=="} -00866{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} -00907{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00950{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1557406267494812} 00723{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} @@ -36,82 +36,82 @@ 01078{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267510571,"pkt":"ABRpnhFAABDb\/xAACABFAAHSqgRAAPspB3jYQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1557406275495866,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406275495866,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd7gAAIAp7nLBGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01079{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1557406275511725,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406275511725,"pkt":"ABRpnhFAABDb\/xAACABFAAHSru1AAPspAo\/YQlAewRjjDGAAAAABlhE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZYwyTwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTYiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTU1Njg3IGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD01NTY4NyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDU5IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":293,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_oversize":false,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1600781689297122} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1600781689297122,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} -00862{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"thread_ts_usec":1600781690282270,"pkt":"qrvMbk9eqrvMlgwFCABFAACSAAEAAP8RpACsFfskrBPEC\/TXAgIAfpjBPDE5MD4zMTogKlNlcCAyMiAxMzozNDo0OS4yMjA6ICVTWVMtNi1MT0dHSU5HSE9TVF9TVEFSVFNUT1A6IExvZ2dpbmcgdG8gaG9zdCAxMC4xLjIuMiBwb3J0IDUxNCBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZA=="} -00768{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}} +00811{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00724{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} -00769{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}} +00812{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00725{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":503,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781690282270,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781776117552,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781776117552,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1600781776117552,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1600781776117552,"pkt":"qrvMXnUpqrvMO4StCABFAACQAAMAAP8RPujAqEiMwKiylPTXAgIAfAzhPDE0PjMzOiAqU2VwIDIyIDEzOjM2OjE1LjMwODogJVNZUy02LUxPR0dJTkdIT1NUX1NUQVJUU1RPUDogTG9nZ2luZyB0byBob3N0IDEwLjEuMi4yIHBvcnQgNTE0IHJlc3RvcmVkIENMSSBpbml0aWF0ZWQ="} -00868{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781776117552,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781776117552,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00911{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781776117552,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781776117552,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1600781777157257,"pkt":"qrvMXnUpqrvMO4StCABFAABtAAQAAP8RPwrAqEiMwKiylPTXAgIAWZ\/\/PDEzPjM0OiAqU2VwIDIyIDEzOjM2OjE2LjA5MTogJVNZUy01LUNPTkZJR19JOiBDb25maWd1cmVkIGZyb20gY29uc29sZSBieSBjb25zb2xl"} -00905{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781777157257,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00948{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781777157257,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293359,"flow_src_last_pkt_time":1600781952293359,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293359,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1600781952293359,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1600781952293359,"pkt":"qrvMySBnqrvMPDqhCABFAAB5AAgAAP8RdwvAqEPxCsE1BvTXAgIAZVTQPDE4Nz4zODogUjE6ICpTZXAgMjIgMTM6Mzk6MTEuMjUwOiAlTElOSy0zLVVQRE9XTjogSW50ZXJmYWNlIEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"} -00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293359,"flow_src_last_pkt_time":1600781952293359,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293359,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293359,"flow_src_last_pkt_time":1600781952293359,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293359,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1600781952293713,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} -00903{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00908{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1600782411853866} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1600782411853866,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} -00869{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00906{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00902{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293359,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781952293359,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1600782437280900,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1600782437280900,"pkt":"qrvMCetCqrvMS9ZJCABFAAD+AAEAAP8RHeXAqH5mrBOx5t9OAgIA6uDbPDE4Nz44MzogUjE6IFtzeXNsb2dAOSBzX3NuPSIyIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElOSzwvZmFjaWxpdHk+PHNldmVyaXR5PjM8L3NldmVyaXR5Pjxtc2ctaWQ+VVBET1dOPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo0NzoxNi40MDQ8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+RXRoZXJuZXQwLzM8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00798{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1600782437466689,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1600782437466689,"pkt":"qrvMCetCqrvMS9ZJCABFAAEAAAIAAP8RHeLAqH5mrBOx5t9OAgIA7NFUPDE4OT44NDogUjE6IFtzeXNsb2dAOSBzX3NuPSIzIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDc6MTcuMTk2PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782466695334,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782466695334,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1600782466695334,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1600782466695334,"pkt":"qrvMdK0EqrvMag4ECABFAACHAAQAAP8RGw4KFrPXrBo2TN9OAgIAcw8OPDE4OT44NTogUjE6IFtzeXNsb2dAOSBzX3NuPSI1Il06ICpTZXAgMjIgMTM6NDc6NDUuNjcyOiAlU1lTLTUtQ09ORklHX0k6IENvbmZpZ3VyZWQgZnJvbSBjb25zb2xlIGJ5IGNvbnNvbGU="} -00865{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782466695334,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782466695334,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00908{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782466695334,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782466695334,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1600782475311083,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1600782475311083,"pkt":"qrvMdK0EqrvMag4ECABFAACrAAUAAP8RGukKFrPXrBo2TN9OAgIAl+OwPDE5MD44NjogUjE6IFtzeXNsb2dAOSBzX3NuPSI2Il06ICpTZXAgMjIgMTM6NDc6NTQuMzAzOiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgc3RvcHBlZCAtIENMSSBpbml0aWF0ZWQ="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1600782476392240,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1600782476392240,"pkt":"qrvMdK0EqrvMag4ECABFAACqAAYAAP8RGukKFrPXrBo2TN9OAgIAlm33PDE5MD44NzogUjE6IFtzeXNsb2dAOSBzX3NuPSI3Il06ICpTZXAgMjIgMTM6NDc6NTUuNjk5OiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgcmVzdG9yZWQgQ0xJIGluaXRpYXRlZA=="} -00910{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782476392240,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00953{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":45,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782476392240,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782514222729,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782514222729,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1600782514222729,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"thread_ts_usec":1600782514222729,"pkt":"qrvMkvyHqrvMTZFeCABFAADrAAkAAP8RSX\/AqC2iCtB4X99OAgIA1wa4PDE4OT45MjogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDg6MzMuOTc4PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} -00867{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782514222729,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782514222729,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00910{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782514222729,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":207,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782514222729,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1600782515213099,"pkt":"qrvMkvyHqrvMTZFeCABFAADsAAoAAP8RSX3AqC2iCtB4X99OAgIA2PlAPDE4OT45MzogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElORVBST1RPPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5VUERPV048L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ4OjM0LjIwMDwvdGltZT48YXJncz48YXJnIGlkPSIwIj5Mb29wYmFjazE8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} -00906{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782515213099,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782515213099,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782647886375,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782647886375,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1600782647886375,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_usec":1600782647886375,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAAsAAP8R5RQK4CuVrBfzWd9OAgIA0\/DmPDE4OT45NDogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo0Ni43Nzc8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00866{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782647886375,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782647886375,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782647886375,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782647886375,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1600782652384214,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"thread_ts_usec":1600782652384214,"pkt":"qrvMj6IeqrvMSxtwCABFAADoAAwAAP8R5RIK4CuVrBfzWd9OAgIA1N5pPDE4OT45NTogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5MSU5FUFJPVE88L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPlVQRE9XTjwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NTA6NTEuNzUyPC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPkxvb3BiYWNrMjwvYXJnPjxhcmcgaWQ9IjEiPnVwPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"} 00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1600782653380844,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"thread_ts_usec":1600782653380844,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAA0AAP8R5RIK4CuVrBfzWd9OAgIA0\/vrPDE4OT45NjogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo1Mi4zMTI8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="} -00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00906{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00908{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00951{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1618744015613076} 00755{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015613076,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00862{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1618744015638101,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1618744015638101,"pkt":"AAAAAAAAAAgA5occCABFAABiAABAADwRr9asGuW+rBdQxAICAgIATjrrPDMwPnNubXBkWzY5NTZdOiBSZWNlaXZlZCBTTk1QIHBhY2tldChzKSBmcm9tIFVEUDogWzEyNy4wLjAuMV06MjEzMTEgCg=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1618744015652110,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015652110,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} -00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782653380844,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00904{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00906{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1600782647886375,"flow_src_last_pkt_time":1600782653380844,"flow_dst_last_pkt_time":1600782647886375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":203,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":204,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00949{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015724115,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744117704164,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1618744117704164,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744117704164,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEPOQAA\/BnudCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/r2sAAAIEBbQBAwMFAQEICgVJ71MAAAAABAIAAA=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1618744118712110,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744118712110,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQEydQAA\/BnLOCrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/q4MAAAIEBbQBAwMFAQEICgVJ8zsAAAAABAIAAA=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1618744119704155,"flow_dst_last_pkt_time":1618744117704164,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1618744119704155,"pkt":"AAAAAAAAAAcAAAAGgQAF4ggARQAAQKarQAA\/BhjACrp1wqkuUqLDHMvNLulY1AAAAACwAv\/\/p5sAAAIEBbQBAwMFAQEICgVJ9yMAAAAABAIAAA=="} -00906{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744124714186,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744129233154,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744129233154,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00904{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744314014150,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00949{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744124714186,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744129233154,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744129233154,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00947{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744046789343,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1244,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744314014150,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} -00869{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00912{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1639052948178444} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} -00863{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00908{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00951{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1646228387732435} 00287{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435} 00974{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"syslog.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} @@ -124,15 +124,15 @@ 00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1646781267422628} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} -00861{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00904{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1646781267424794,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":142,"pkt_l4_len":104,"thread_ts_usec":1646781267424794,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAfIN0QAA+ESYWCl7oFQpelhXgHgICAGj66Tw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IGV0aDA6IGxpbmsgYmVjb21lcyByZWFkeQ=="} 00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1646781267424923,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":149,"pkt_l4_len":111,"thread_ts_usec":1646781267424923,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAg4N1QAA+ESYOCl7oFQpelhXgHgICAG\/wdjw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX0NIQU5HRSk6IHZldGhhNWZhMTNmOiBsaW5rIGJlY29tZXMgcmVhZHk="} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1316,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1316,"pkt_l4_len":1278,"thread_ts_usec":1646781268509996,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAFEpBvQAA+EaxdCl5QPApelhaaDgICBP4qVzwzMD5NYXIgIDkgMDQ6NDQ6MjggbmRjM2x2bXNkcHRkMiBmaWxlYmVhdDogMjAyMi0wMy0wOVQwNDo0NDoyOC41MDIrMDUzMCMwMTFJTkZPIzAxMVttb25pdG9yaW5nXSMwMTFsb2cvbG9nLmdvOjE0NSMwMTFOb24temVybyBtZXRyaWNzIGluIHRoZSBsYXN0IDMwcyMwMTF7Im1vbml0b3JpbmciOiB7Im1ldHJpY3MiOiB7ImJlYXQiOnsiY3B1Ijp7InN5c3RlbSI6eyJ0aWNrcyI6MzQyNzY1MCwidGltZSI6eyJtcyI6M319LCJ0b3RhbCI6eyJ0aWNrcyI6NjA2MDIxMCwidGltZSI6eyJtcyI6OH0sInZhbHVlIjo2MDYwMjEwfSwidXNlciI6eyJ0aWNrcyI6MjYzMjU2MCwidGltZSI6eyJtcyI6NX19fSwiaGFuZGxlcyI6eyJsaW1pdCI6eyJoYXJkIjo0MDk2LCJzb2Z0IjoxMDI0fSwib3BlbiI6MTB9LCJpbmZvIjp7ImVwaGVtZXJhbF9pZCI6ImI0MDc3MDU1LTNlZmUtNDk4Yi04ZDUwLWQ5MTZmMWYzMTllYSIsInVwdGltZSI6eyJtcyI6ODkyNzYxMjYxM319LCJtZW1zdGF0cyI6eyJnY19uZXh0IjoyNTIwNDQ0OCwibWVtb3J5X2FsbG9jIjoxNjQzMjM5MiwibWVtb3J5X3RvdGFsIjo0NzA1MTM5NDgyNDh9LCJydW50aW1lIjp7Imdvcm91dGluZXMiOjM0fX0sImZpbGViZWF0Ijp7ImV2ZW50cyI6eyJhZGRlZCI6MiwiZG9uZSI6Mn0sImhhcnZlc3RlciI6eyJmaWxlcyI6eyJhYmY2ZWIzOC02NGFjLTRjY2UtOWQyNy1hZjlmNjg0MzAwYmIiOnsibGFzdF9ldmVudF9wdWJsaXNoZWRfdGltZSI6IjIwMjItMDMtMDlUMDQ6NDM6NTkuNTQ0WiIsImxhc3RfZXZlbnRfdGltZXN0YW1wIjoiMjAyMi0wMy0wOVQwNDo0Mzo1OS41NDRaIiwicmVhZF9vZmZzZXQiOjI1MzIsInNpemUiOjI1MzJ9fSwib3Blbl9maWxlcyI6MiwicnVubmluZyI6Mn19LCJsaWJiZWF0Ijp7ImNvbmZpZyI6eyJtb2R1bGUiOnsicnVubmluZyI6MH19LCJvdXRwdXQiOnsiZXZlbnRzIjp7ImFja2VkIjoyLCJiYXRjaGVzIjoxLCJ0b3RhbCI6Mn0sInJlYWQiOnsiYnl0ZXMiOjEyfSwid3JpdGUiOnsiYnl0ZXMiOjEyMzR9fSwicGlwZWxpbmUiOnsiY2xpZW50cyI6MSwiZXZlbnRzIjp7ImFjdGl2ZSI6MCwicHVibGlzaGVkIjoyLCJ0b3RhbCI6Mn0sInF1ZXVlIjp7ImFja2VkIjoyfX19LCJyZWdpc3RyYXIiOnsic3RhdGVzIjp7ImN1cnJlbnQiOjMsInVwZGF0ZSI6Mn0sIndyaXRlcyI6eyJzdWNjZXNzIjoxLCJ0b3RhbCI6MX19LCJzeXN0ZW0iOnsibG9hZCI6eyIxIjowLCIxNSI6MC4wNSwiNSI6MC4wMSwibm9ybSI6eyIxIjowLCIxNSI6MC4wMTI1LCI1IjowLjAwMjV9fX19fX0="} -00866{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00905{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00902{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00902{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00909{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00948{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} +00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"syslog.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":136,"global_ts_usec":1646781268509996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 @@ -142,9 +142,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6072253 bytes -~~ total memory freed........: 6072253 bytes -~~ total allocations/frees...: 121782/121782 +~~ total memory allocated....: 6448942 bytes +~~ total memory freed........: 6448942 bytes +~~ total allocations/frees...: 122730/122730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 277 chars ~~ json string max len.......: 2202 chars |