aboutsummaryrefslogtreecommitdiff
path: root/test/results/syslog.pcapng.out
blob: fe07c093d8b1f3d639f381158cf0e8eb1cfbcb81 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

00442{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"syslog.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255}
00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600781689297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"ts_msec":1600781689297,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="}
00587{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1600781690282,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"ts_msec":1600781690282,"pkt":"qrvMbk9eqrvMlgwFCABFAACSAAEAAP8RpACsFfskrBPEC\/TXAgIAfpjBPDE5MD4zMTogKlNlcCAyMiAxMzozNDo0OS4yMjA6ICVTWVMtNi1MT0dHSU5HSE9TVF9TVEFSVFNUT1A6IExvZ2dpbmcgdG8gaG9zdCAxMC4xLjIuMiBwb3J0IDUxNCBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZA=="}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1600781776117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"ts_msec":1600781776117,"pkt":"qrvMXnUpqrvMO4StCABFAACQAAMAAP8RPujAqEiMwKiylPTXAgIAfAzhPDE0PjMzOiAqU2VwIDIyIDEzOjM2OjE1LjMwODogJVNZUy02LUxPR0dJTkdIT1NUX1NUQVJUU1RPUDogTG9nZ2luZyB0byBob3N0IDEwLjEuMi4yIHBvcnQgNTE0IHJlc3RvcmVkIENMSSBpbml0aWF0ZWQ="}
00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1600781776117,"flow_last_seen":1600781776117,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"ts_msec":1600781776117,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1600781777157,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"ts_msec":1600781777157,"pkt":"qrvMXnUpqrvMO4StCABFAABtAAQAAP8RPwrAqEiMwKiylPTXAgIAWZ\/\/PDEzPjM0OiAqU2VwIDIyIDEzOjM2OjE2LjA5MTogJVNZUy01LUNPTkZJR19JOiBDb25maWd1cmVkIGZyb20gY29uc29sZSBieSBjb25zb2xl"}
00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00552{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1600781952293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAAB5AAgAAP8RdwvAqEPxCsE1BvTXAgIAZVTQPDE4Nz4zODogUjE6ICpTZXAgMjIgMTM6Mzk6MTEuMjUwOiAlTElOSy0zLVVQRE9XTjogSW50ZXJmYWNlIEV0aGVybmV0MC8yLCBjaGFuZ2VkIHN0YXRlIHRvIHVw"}
00586{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":93,"midstream":0,"ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1600781952293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="}
00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":2,"flow_first_seen":1600781952293,"flow_last_seen":1600781952293,"flow_idle_time":180000,"flow_min_l4_payload_len":93,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":104,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.67.241","dst_ip":"10.193.53.6","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00560{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1600782411853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"ts_msec":1600782411853,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
00594{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1600782437280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"ts_msec":1600782437280,"pkt":"qrvMCetCqrvMS9ZJCABFAAD+AAEAAP8RHeXAqH5mrBOx5t9OAgIA6uDbPDE4Nz44MzogUjE6IFtzeXNsb2dAOSBzX3NuPSIyIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElOSzwvZmFjaWxpdHk+PHNldmVyaXR5PjM8L3NldmVyaXR5Pjxtc2ctaWQ+VVBET1dOPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo0NzoxNi40MDQ8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+RXRoZXJuZXQwLzM8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1600782437466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"ts_msec":1600782437466,"pkt":"qrvMCetCqrvMS9ZJCABFAAEAAAIAAP8RHeLAqH5mrBOx5t9OAgIA7NFUPDE4OT44NDogUjE6IFtzeXNsb2dAOSBzX3NuPSIzIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDc6MTcuMTk2PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1600782466695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"ts_msec":1600782466695,"pkt":"qrvMdK0EqrvMag4ECABFAACHAAQAAP8RGw4KFrPXrBo2TN9OAgIAcw8OPDE4OT44NTogUjE6IFtzeXNsb2dAOSBzX3NuPSI1Il06ICpTZXAgMjIgMTM6NDc6NDUuNjcyOiAlU1lTLTUtQ09ORklHX0k6IENvbmZpZ3VyZWQgZnJvbSBjb25zb2xlIGJ5IGNvbnNvbGU="}
00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1600782466695,"flow_last_seen":1600782466695,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"ts_msec":1600782466695,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1600782475311,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"ts_msec":1600782475311,"pkt":"qrvMdK0EqrvMag4ECABFAACrAAUAAP8RGukKFrPXrBo2TN9OAgIAl+OwPDE5MD44NjogUjE6IFtzeXNsb2dAOSBzX3NuPSI2Il06ICpTZXAgMjIgMTM6NDc6NTQuMzAzOiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgc3RvcHBlZCAtIENMSSBpbml0aWF0ZWQ="}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1600782476392,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"ts_msec":1600782476392,"pkt":"qrvMdK0EqrvMag4ECABFAACqAAYAAP8RGukKFrPXrBo2TN9OAgIAlm33PDE5MD44NzogUjE6IFtzeXNsb2dAOSBzX3NuPSI3Il06ICpTZXAgMjIgMTM6NDc6NTUuNjk5OiAlU1lTLTYtTE9HR0lOR0hPU1RfU1RBUlRTVE9QOiBMb2dnaW5nIHRvIGhvc3QgMTAuMS4yLjIgcG9ydCA1MTQgcmVzdG9yZWQgQ0xJIGluaXRpYXRlZA=="}
00564{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00559{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1600782514222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"ts_msec":1600782514222,"pkt":"qrvMkvyHqrvMTZFeCABFAADrAAkAAP8RSX\/AqC2iCtB4X99OAgIA1wa4PDE4OT45MjogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5DT05GSUdfSTwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NDg6MzMuOTc4PC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPmNvbnNvbGU8L2FyZz48YXJnIGlkPSIxIj5jb25zb2xlPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
00593{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":1,"flow_first_seen":1600782514222,"flow_last_seen":1600782514222,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782514222,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1600782515213,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"ts_msec":1600782515213,"pkt":"qrvMkvyHqrvMTZFeCABFAADsAAoAAP8RSX3AqC2iCtB4X99OAgIA2PlAPDE4OT45MzogUjE6IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+TElORVBST1RPPC9mYWNpbGl0eT48c2V2ZXJpdHk+NTwvc2V2ZXJpdHk+PG1zZy1pZD5VUERPV048L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ4OjM0LjIwMDwvdGltZT48YXJncz48YXJnIGlkPSIwIj5Mb29wYmFjazE8L2FyZz48YXJnIGlkPSIxIj51cDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00560{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00562{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1600782647886,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1600782647886,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAAsAAP8R5RQK4CuVrBfzWd9OAgIA0\/DmPDE4OT45NDogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo0Ni43Nzc8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="}
00592{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packets_processed":1,"flow_first_seen":1600782647886,"flow_last_seen":1600782647886,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782647886,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"proto":"Syslog","breed":"Acceptable","category":"System"}}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1600782652384,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"ts_msec":1600782652384,"pkt":"qrvMj6IeqrvMSxtwCABFAADoAAwAAP8R5RIK4CuVrBfzWd9OAgIA1N5pPDE4OT45NTogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5MSU5FUFJPVE88L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPlVQRE9XTjwvbXNnLWlkPjx0aW1lPipTZXAgMjIgMTM6NTA6NTEuNzUyPC90aW1lPjxhcmdzPjxhcmcgaWQ9IjAiPkxvb3BiYWNrMjwvYXJnPjxhcmcgaWQ9IjEiPnVwPC9hcmc+PC9hcmdzPjwvaW9zLWxvZy1tc2c+"}
00702{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1600782653380,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"ts_msec":1600782653380,"pkt":"qrvMj6IeqrvMSxtwCABFAADnAA0AAP8R5RIK4CuVrBfzWd9OAgIA0\/vrPDE4OT45NjogPGlvcy1sb2ctbXNnPjxmYWNpbGl0eT5TWVM8L2ZhY2lsaXR5PjxzZXZlcml0eT41PC9zZXZlcml0eT48bXNnLWlkPkNPTkZJR19JPC9tc2ctaWQ+PHRpbWU+KlNlcCAyMiAxMzo1MDo1Mi4zMTI8L3RpbWU+PGFyZ3M+PGFyZyBpZD0iMCI+Y29uc29sZTwvYXJnPjxhcmcgaWQ9IjEiPmNvbnNvbGU8L2FyZz48L2FyZ3M+PC9pb3MtbG9nLW1zZz4="}
00559{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":7,"flow_packets_processed":3,"flow_first_seen":1600782647886,"flow_last_seen":1600782653380,"flow_idle_time":180000,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":610,"flow_avg_l4_payload_len":203,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.224.43.149","dst_ip":"172.23.243.89","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00157{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","total-events-serialized":43}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20
~~ skipped flows.............: 0
~~ total layer4 data length..: 3261 bytes
~~ total detected protocols..: 7
~~ total active/idle flows...: 7/7
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4604081 bytes
~~ total memory freed........: 4604081 bytes
~~ total allocations/frees...: 99591/99591
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 162 chars
~~ json string max len.......: 841 chars
~~ json string avg len.......: 572 chars
Powered by cgit, Themed by Ted Yin.