Archives
/
lnav
mirror of https://github.com/tstack/lnav
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[formats] support for CSV/TSV log formats

Browse Source 
Defect Number:
    Reviewed By:
   Testing Done:
pull/233/merge
Timothy Stack 7 years ago
parent 143b356031
commit 8ea51a6fd8
33 changed files with 1381 additions and 550 deletions
Show Stats Download Patch File Download Diff File

2
NEWS
Unescape Escape View File

@ -1,6 +1,8 @@
lnav v0.8.3:
Features:
* Support for the Bro Network Security Monitor (https://www.bro.org) log
file format.
* Added an fstat() table-valued function for querying the local
filesystem.
* Added readlink() and realpath() SQL functions.

7
docs/source/formats.rst
Unescape Escape View File

@ -20,6 +20,13 @@ The following log formats are built into **lnav**:
:widths: 8 5 20
:file: format-table.csv
The
`Bro Network Security Monitor <https://www.bro.org/sphinx/script-reference/log-files.html>`_
TSV log format is also supported in versions
v0.8.3+. The Bro log format is self-describing, so **lnav** will read the
header to determine the shape of the file.
Defining a New Format
---------------------

2
src/CMakeLists.txt
Unescape Escape View File

@ -91,9 +91,9 @@ set(diag_STAT_SRCS
auto_fd.hh
auto_mem.hh
auto_pid.hh
big_array.hh
bottom_status_source.hh
byte_array.hh
chunky_index.hh
command_executor.hh
concise_index.hh
column_namer.hh

3
src/Makefile.am
Unescape Escape View File

@ -76,6 +76,7 @@ TIME_FORMATS = \
"%Y-%m" \
"%Y/%m/%d" \
"%Y/%m" \
"%s.%f" \
$()
time_fmts.cc: ptimec
@ -127,10 +128,10 @@ noinst_HEADERS = \
auto_fd.hh \
auto_mem.hh \
auto_pid.hh \
big_array.hh \
bookmarks.hh \
bottom_status_source.hh \
byte_array.hh \
chunky_index.hh \
column_namer.hh \
command_executor.hh \
concise_index.hh \

105
src/big_array.hh
Unescape Escape View File

@ -0,0 +1,105 @@
/**
* Copyright (c) 2017, Timothy Stack
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of Timothy Stack nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @file big_array.hh
*/
#ifndef _big_array_hh
#define _big_array_hh
#include <sys/mman.h>
#include "lnav_util.hh"
template<typename T>
struct big_array {
static const size_t DEFAULT_INCREMENT = 100 * 1000;
big_array() : ba_ptr(nullptr), ba_size(0), ba_capacity(0) {
};
bool reserve(size_t size) {
if (size < this->ba_capacity) {
return false;
}
if (this->ba_ptr) {
munmap(this->ba_ptr,
roundup_size(this->ba_capacity * sizeof(T), getpagesize()));
}
this->ba_capacity = size + DEFAULT_INCREMENT;
void *result = mmap(nullptr,
roundup_size(this->ba_capacity * sizeof(T),
getpagesize()),
PROT_READ|PROT_WRITE,
MAP_ANONYMOUS|MAP_PRIVATE,
-1,
0);
ensure(result != MAP_FAILED);
this->ba_ptr = (T *) result;
return true;
};
void clear() {
this->ba_size = 0;
};
size_t size() const {
return this->ba_size;
};
void push_back(const T &val) {
this->ba_ptr[this->ba_size] = val;
this->ba_size += 1;
};
T &operator[](size_t index) {
return this->ba_ptr[index];
};
typedef T *iterator;
iterator begin() {
return this->ba_ptr;
};
iterator end() {
return this->ba_ptr + this->ba_size;
};
T *ba_ptr;
size_t ba_size;
size_t ba_capacity;
};
#endif

290
src/chunky_index.hh
Unescape Escape View File

@ -1,290 +0,0 @@
/**
* Copyright (c) 2014, Timothy Stack
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of Timothy Stack nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @file chunky_index.hh
*/
#ifndef __chunky_index_hh
#define __chunky_index_hh
#include <stdlib.h>
#include <list>
#include <vector>
#include "lnav_log.hh"
template<typename T, size_t CHUNK_SIZE = 4096>
class chunky_index {
public:
class iterator {
public:
typedef std::random_access_iterator_tag iterator_category;
typedef T value_type;
typedef T *pointer;
typedef T &reference;
typedef std::ptrdiff_t difference_type;
iterator(chunky_index *ci = NULL, off_t offset = 0) : i_chunky(ci), i_offset(offset) {
};
iterator &operator++() {
this->i_offset += 1;
return *this;
};
T &operator*() {
return (*this->i_chunky)[this->i_offset];
};
bool operator!=(const iterator &other) const {
return (this->i_chunky != other.i_chunky) || (this->i_offset != other.i_offset);
};
bool operator==(const iterator &other) const {
return (this->i_chunky == other.i_chunky) && (this->i_offset == other.i_offset);
};
difference_type operator-(const iterator &other) const {
return this->i_offset - other.i_offset;
};
void operator+=(difference_type n) {
this->i_offset += n;
};
private:
chunky_index *i_chunky;
off_t i_offset;
};
chunky_index() : ci_generation(0), ci_merge_chunk(NULL), ci_size(0) {
};
~chunky_index() {
this->clear();
};
iterator begin() {
return iterator(this);
};
iterator end() {
return iterator(this, this->ci_size);
};
size_t size() const {
return this->ci_size;
};
bool empty() const {
return this->ci_size == 0;
};
size_t chunk_count() const {
return this->ci_completed_chunks.size();
};
T& operator[](size_t index) {
size_t chunk_index = index / CHUNK_SIZE;
require(chunk_index < this->chunk_count());
struct chunk *target_chunk = this->ci_completed_chunks[chunk_index];
return target_chunk->c_body[index % CHUNK_SIZE];
};
void clear() {
while (!this->ci_completed_chunks.empty()) {
delete this->ci_completed_chunks.back();
this->ci_completed_chunks.pop_back();
}
while (!this->ci_pending_chunks.empty()) {
delete this->ci_pending_chunks.front();
this->ci_pending_chunks.pop_front();
}
if (this->ci_merge_chunk != NULL) {
delete this->ci_merge_chunk;
this->ci_merge_chunk = NULL;
}
this->ci_size = 0;
};
void reset() {
for (size_t lpc = 0; lpc < this->ci_completed_chunks.size(); lpc++) {
this->ci_pending_chunks.push_back(this->ci_completed_chunks[lpc]);
}
this->ci_completed_chunks.clear();
this->ci_generation += 1;
};
template<typename Comparator>
off_t merge_value(const T &val, Comparator comparator) {
off_t retval;
this->merge_up_to(&val, comparator);
retval = (this->ci_completed_chunks.size() * CHUNK_SIZE);
retval += this->ci_merge_chunk->c_used;
this->ci_merge_chunk->push_back(val);
this->ci_size += 1;
return retval;
};
off_t merge_value(const T &val) {
return this->merge_value(val, less_comparator());
};
void finish() {
this->merge_up_to(NULL, null_comparator());
if (this->ci_merge_chunk != NULL) {
if (this->ci_merge_chunk->empty()) {
delete this->ci_merge_chunk;
this->ci_merge_chunk = NULL;
}
else {
this->ci_completed_chunks.push_back(this->ci_merge_chunk);
this->ci_merge_chunk = NULL;
}
}
};
private:
template<typename Comparator>
void skip_chunks(const T *val, Comparator comparator) {
while (!this->ci_pending_chunks.empty() &&
this->ci_pending_chunks.front()->skippable(val, comparator)) {
struct chunk *skipped_chunk = this->ci_pending_chunks.front();
this->ci_pending_chunks.pop_front();
skipped_chunk->c_consumed = 0;
skipped_chunk->c_generation = this->ci_generation;
this->ci_completed_chunks.push_back(skipped_chunk);
}
};
struct null_comparator {
int operator()(const T &val, const T &other) const {
return 0;
};
};
struct less_comparator {
bool operator()(const T &val, const T &other) const {
return (val < other);
};
};
template<typename Comparator>
void merge_up_to(const T *val, Comparator comparator) {
this->skip_chunks(val, comparator);
do {
if (this->ci_merge_chunk != NULL && this->ci_merge_chunk->full()) {
this->ci_completed_chunks.push_back(this->ci_merge_chunk);
this->ci_merge_chunk = NULL;
}
if (this->ci_merge_chunk == NULL) {
this->ci_merge_chunk = new chunk(this->ci_generation);
}
if (!this->ci_pending_chunks.empty()) {
struct chunk *next_chunk = this->ci_pending_chunks.front();
while (((val == NULL) ||
comparator(next_chunk->front(), *val) ||
!comparator(*val, next_chunk->front())) &&
!this->ci_merge_chunk->full()) {
this->ci_merge_chunk->push_back(next_chunk->consume());
if (next_chunk->empty()) {
this->ci_pending_chunks.pop_front();
delete next_chunk;
if (!this->ci_pending_chunks.empty()) {
next_chunk = this->ci_pending_chunks.front();
} else {
break;
}
}
}
}
} while (this->ci_merge_chunk->full());
};
struct chunk {
chunk(unsigned long gen) : c_generation(gen), c_consumed(0), c_used(0) { };
bool empty() const {
return this->c_consumed == this->c_used;
};
bool full() const {
return this->c_used == CHUNK_SIZE;
};
template<typename Comparator>
bool skippable(const T *val, Comparator comparator) const {
return this->c_consumed == 0 && this->full() &&
(val == NULL ||
comparator(this->back(), *val) ||
!comparator(*val, this->back()));
};
const T &front() const {
return this->c_body[this->c_consumed];
};
const T &consume() {
this->c_consumed += 1;
return this->c_body[this->c_consumed - 1];
};
const T &back() const {
return this->c_body[this->c_used - 1];
};
void push_back(const T &val) {
this->c_body[this->c_used] = val;
this->c_used += 1;
};
unsigned long c_generation;
T c_body[CHUNK_SIZE];
size_t c_consumed;
size_t c_used;
};
unsigned long ci_generation;
std::vector<struct chunk *> ci_completed_chunks;
struct chunk *ci_merge_chunk;
std::list<struct chunk *> ci_pending_chunks;
size_t ci_size;
};
#endif

5
src/intern_string.cc
Unescape Escape View File

@ -79,6 +79,11 @@ const intern_string *intern_string::lookup(const char *str, ssize_t len)
return curr;
}
const intern_string *intern_string::lookup(const string_fragment &sf)
{
return lookup(sf.data(), sf.length());
}
const intern_string *intern_string::lookup(const std::string &str)
{
return lookup(str.c_str(), str.size());

109
src/intern_string.hh
Unescape Escape View File

@ -37,11 +37,97 @@
#include <string>
struct string_fragment {
explicit string_fragment(const char *str, int begin = 0, int end = -1)
: sf_string(str), sf_begin(begin), sf_end(end == -1 ? strlen(str) : end) {
};
bool is_valid() const {
return this->sf_begin != -1;
};
int length() const {
return this->sf_end - this->sf_begin;
};
const char *data() const {
return &this->sf_string[this->sf_begin];
}
bool empty() const {
return length() == 0;
};
char operator[](int index) const {
return this->sf_string[sf_begin + index];
};
bool operator==(const std::string &str) const {
if (this->length() != str.length()) {
return false;
}
return memcmp(&this->sf_string[this->sf_begin],
str.c_str(),
str.length()) == 0;
};
bool operator==(const string_fragment &sf) const {
if (this->length() != sf.length()) {
return false;
}
return memcmp(this->data(), sf.data(), sf.length()) == 0;
};
bool operator==(const char *str) const {
return strncmp(this->data(), str, this->length()) == 0;
};
const char *to_string(char *buf) {
memcpy(buf, this->data(), this->length());
buf[this->length()] = '\0';
return buf;
};
void clear() {
this->sf_begin = 0;
this->sf_end = 0;
};
void invalidate() {
this->sf_begin = -1;
this->sf_end = -1;
};
const char *sf_string;
int sf_begin;
int sf_end;
};
inline bool operator<(const char *left, const string_fragment &right) {
int rc = strncmp(left, right.data(), right.length());
return rc < 0;
}
inline bool operator<(const string_fragment &left, const char *right) {
return strncmp(left.data(), right, left.length()) < 0;
}
namespace std {
inline string to_string(const string_fragment &s) {
return string(s.data(), s.length());
}
}
class intern_string {
public:
static const intern_string *lookup(const char *str, ssize_t len);
static const intern_string *lookup(const string_fragment &sf);
static const intern_string *lookup(const std::string &str);
const char *get(void) const {
@ -88,6 +174,10 @@ public:
return this->ist_interned_string;
}
void clear(void) {
this->ist_interned_string = nullptr;
};
bool empty(void) const {
return this->ist_interned_string == NULL;
}
@ -139,4 +229,23 @@ private:
unsigned long hash_str(const char *str, size_t len);
inline bool operator<(const char *left, const intern_string_t &right) {
int rc = strncmp(left, right.get(), right.size());
return rc < 0;
}
inline bool operator<(const intern_string_t &left, const char *right) {
return strncmp(left.get(), right, left.size()) < 0;
}
inline bool operator==(const intern_string_t &left, const string_fragment &sf) {
return (left.size() == sf.length()) &&
(memcmp(left.get(), sf.data(), left.size()));
}
inline bool operator==(const string_fragment &left, const intern_string_t &right) {
return (left.length() == right.size()) &&
(memcmp(left.data(), right.get(), left.length()) == 0);
}
#endif

9
src/lnav.cc
Unescape Escape View File

@ -500,6 +500,15 @@ public:
void promote_file(logfile *lf) {
if (lnav_data.ld_log_source.insert_file(lf)) {
force = true;
log_format *format = lf->get_format();
if (format->lf_is_self_describing) {
log_vtab_impl *vt = format->get_vtab_impl();
if (vt) {
lnav_data.ld_vtab_manager->register_vtab(vt);
}
}
}
else {
this->closed_file(lf);

6
src/lnav_util.cc
Unescape Escape View File

@ -172,9 +172,13 @@ std::string time_ago(time_t last_time, bool convert_local)
fmt = "%d days ago";
amount = delta / (24 * 60 * 60);
}
else {
else if (delta < (2 * 365 * 24 * 60 * 60)) {
return "over a year ago";
}
else {
fmt = "over %d years ago";
amount = delta / (365 * 24 * 60 * 60);
}
snprintf(buffer, sizeof(buffer), fmt, amount);

22
src/lnav_util.hh
Unescape Escape View File

@ -99,9 +99,9 @@ inline int rounddown_offset(size_t size, int step, int offset)
return size - ((size - offset) % step);
}
inline int roundup_size(size_t size, int step)
inline size_t roundup_size(size_t size, int step)
{
int retval = size + step;
size_t retval = size + step;
retval -= (retval % step);
@ -164,24 +164,6 @@ std::string hash_string(const std::string &str);
std::string hash_bytes(const char *str1, size_t s1len, ...);
struct string_fragment {
string_fragment(const char *str, int begin, int end)
: sf_string(str), sf_begin(begin), sf_end(end) {
};
bool is_valid() const {
return this->sf_begin != -1;
};
int length() const {
return this->sf_end - this->sf_begin;
};
const char *sf_string;
int sf_begin;
int sf_end;
};
template<typename UnaryFunction, typename Member>
struct object_field_t {
object_field_t(UnaryFunction &func, Member &mem)

42
src/log_format.cc
Unescape Escape View File

@ -569,7 +569,7 @@ static struct json_path_handler json_log_rewrite_handlers[] = {
bool external_log_format::scan_for_partial(shared_buffer_ref &sbr, size_t &len_out)
{
if (this->jlf_json) {
if (this->elf_type != ELF_TYPE_TEXT) {
return false;
}
@ -590,11 +590,12 @@ bool external_log_format::scan_for_partial(shared_buffer_ref &sbr, size_t &len_o
return len_out > pat->p_timestamp_end;
}
log_format::scan_result_t external_log_format::scan(std::vector<logline> &dst,
log_format::scan_result_t external_log_format::scan(nonstd::optional<logfile *> lf,
std::vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr)
{
if (this->jlf_json) {
if (this->elf_type == ELF_TYPE_JSON) {
yajlpp_parse_context &ypc = *(this->jlf_parse_context);
logline ll(offset, 0, 0, logline::LEVEL_INFO);
yajl_handle handle = this->jlf_yajl_handle.in();
@ -743,7 +744,7 @@ log_format::scan_result_t external_log_format::scan(std::vector<logline> &dst,
}
}
dst.push_back(logline(offset, log_tv, level, mod_index, opid));
dst.emplace_back(offset, log_tv, level, mod_index, opid);
this->lf_fmt_lock = curr_fmt;
return log_format::SCAN_MATCH;
@ -809,7 +810,7 @@ void external_log_format::annotate(shared_buffer_ref &line,
struct line_range lr;
pcre_context::capture_t *cap, *body_cap, *module_cap = NULL;
if (this->jlf_json) {
if (this->elf_type != ELF_TYPE_TEXT) {
values = this->jlf_line_values;
sa = this->jlf_line_attrs;
return;
@ -1056,7 +1057,7 @@ static int rewrite_json_field(yajlpp_parse_context *ypc, const unsigned char *st
void external_log_format::get_subline(const logline &ll, shared_buffer_ref &sbr, bool full_message)
{
if (!this->jlf_json) {
if (this->elf_type == ELF_TYPE_TEXT) {
return;
}
@ -1452,13 +1453,13 @@ void external_log_format::build(std::vector<std::string> &errors) {
this->elf_pattern_order.push_back(iter->second);
}
if (this->jlf_json) {
if (this->elf_type != ELF_TYPE_TEXT) {
if (!this->elf_patterns.empty()) {
errors.push_back("error:" +
this->elf_name.to_string() +
": JSON logs cannot have regexes");
": structured logs cannot have regexes");
}
if (this->jlf_json) {
if (this->elf_type == ELF_TYPE_JSON) {
this->jlf_parse_context.reset(
new yajlpp_parse_context(this->elf_name.to_string()));
this->jlf_yajl_handle.reset(yajl_alloc(
@ -1518,7 +1519,7 @@ void external_log_format::build(std::vector<std::string> &errors) {
}
}
if (!this->jlf_json && this->elf_samples.empty()) {
if (this->elf_type == ELF_TYPE_TEXT && this->elf_samples.empty()) {
errors.push_back("error:" +
this->elf_name.to_string() +
":no sample logs provided, all formats must have samples");
@ -1831,31 +1832,12 @@ public:
iter != elf.elf_value_defs.end();
++iter) {
const auto &vd = *iter->second;
int type = 0;
int type = log_vtab_impl::logline_value_to_sqlite_type(vd.vd_kind);
if (vd.vd_column == -1) {
continue;
}
switch (vd.vd_kind) {
case logline_value::VALUE_NULL:
case logline_value::VALUE_TEXT:
case logline_value::VALUE_JSON:
case logline_value::VALUE_QUOTED:
type = SQLITE3_TEXT;
break;
case logline_value::VALUE_FLOAT:
type = SQLITE_FLOAT;
break;
case logline_value::VALUE_BOOLEAN:
case logline_value::VALUE_INTEGER:
type = SQLITE_INTEGER;
break;
case logline_value::VALUE_UNKNOWN:
case logline_value::VALUE__MAX:
ensure(0);
break;
}
cols[vd.vd_column].vc_name = vd.vd_name.get();
cols[vd.vd_column].vc_type = type;
cols[vd.vd_column].vc_collator = vd.vd_collate.c_str();

43
src/log_format.hh
Unescape Escape View File

@ -47,6 +47,7 @@
#include <memory>
#include <sstream>
#include "optional.hpp"
#include "pcrepp.hh"
#include "yajlpp.hh"
#include "lnav_log.hh"
@ -58,6 +59,7 @@
#include "highlighter.hh"
struct sqlite3;
class logfile;
class log_format;
class log_vtab_manager;
struct exec_context;
@ -293,9 +295,12 @@ public:
*/
bool operator<(const logline &rhs) const
{
return this->ll_time < rhs.ll_time ||
return (this->ll_time < rhs.ll_time) ||
(this->ll_time == rhs.ll_time &&
this->ll_millis < rhs.ll_millis);
this->ll_millis < rhs.ll_millis) ||
(this->ll_time == rhs.ll_time &&
this->ll_millis == rhs.ll_millis &&
this->ll_offset < rhs.ll_offset);
};
bool operator<(const time_t &rhs) const { return this->ll_time < rhs; };
@ -360,6 +365,7 @@ public:
VALUE_BOOLEAN,
VALUE_JSON,
VALUE_QUOTED,
VALUE_TIMESTAMP,
VALUE__MAX
};
@ -412,6 +418,7 @@ public:
case VALUE_JSON:
case VALUE_TEXT:
case VALUE_QUOTED:
case VALUE_TIMESTAMP:
this->lv_sbr = sbr;
break;
@ -464,6 +471,7 @@ public:
case VALUE_JSON:
case VALUE_TEXT:
case VALUE_TIMESTAMP:
if (this->lv_sbr.empty()) {
return this->lv_intern_string.to_string();
}
@ -713,7 +721,9 @@ public:
log_format() : lf_mod_index(0),
lf_fmt_lock(-1),
lf_timestamp_field(intern_string::lookup("timestamp", -1)),
lf_timestamp_flags(0) {
lf_timestamp_flags(0),
lf_is_self_describing(false),
lf_time_ordered(true) {
};
virtual ~log_format() { };
@ -748,7 +758,8 @@ public:
* @param prefix The contents of the line.
* @param len The length of the prefix string.
*/
virtual scan_result_t scan(std::vector<logline> &dst,
virtual scan_result_t scan(nonstd::optional<logfile *> lf,
std::vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr) = 0;
@ -838,6 +849,8 @@ public:
std::map<std::string, action_def> lf_action_defs;
std::vector<logline_value_stats> lf_value_stats;
std::vector<highlighter> lf_highlighters;
bool lf_is_self_describing;
bool lf_time_ordered;
protected:
static std::vector<log_format *> lf_root_formats;
@ -965,7 +978,7 @@ public:
elf_container(false),
elf_has_module_format(false),
elf_builtin_format(false),
jlf_json(false),
elf_type(ELF_TYPE_TEXT),
jlf_hide_extra(false),
jlf_cached_offset(-1),
jlf_yajl_handle(yajl_free),
@ -984,7 +997,8 @@ public:
return this->elf_filename_pcre->match(pc, pi);
};
scan_result_t scan(std::vector<logline> &dst,
scan_result_t scan(nonstd::optional<logfile *> lf,
std::vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr);
@ -1026,7 +1040,7 @@ public:
elf->lf_fmt_lock = fmt_lock;
}
if (this->jlf_json) {
if (this->elf_type == ELF_TYPE_JSON) {
this->jlf_parse_context.reset(new yajlpp_parse_context(this->elf_name.to_string()));
this->jlf_yajl_handle.reset(yajl_alloc(
&this->jlf_parse_context->ypc_callbacks,
@ -1156,14 +1170,14 @@ public:
};
std::string get_pattern_name() const {
if (this->jlf_json) {
return "json";
if (this->elf_type != ELF_TYPE_TEXT) {
return "structured";
}
return this->elf_pattern_order[this->lf_fmt_lock]->p_config_path;
}
std::string get_pattern_regex() const {
if (this->jlf_json) {
if (this->elf_type != ELF_TYPE_TEXT) {
return "";
}
return this->elf_pattern_order[this->lf_fmt_lock]->p_string;
@ -1223,6 +1237,14 @@ public:
std::vector<std::pair<intern_string_t, std::string> > elf_search_tables;
std::vector<std::string> elf_highlighter_patterns;
enum elf_type_t {
ELF_TYPE_TEXT,
ELF_TYPE_JSON,
ELF_TYPE_CSV,
};
elf_type_t elf_type;
void json_append_to_cache(const char *value, ssize_t len) {
size_t old_size = this->jlf_cached_line.size();
this->jlf_cached_line.resize(old_size + len);
@ -1249,7 +1271,6 @@ public:
}
};
bool jlf_json;
bool jlf_hide_extra;
std::vector<json_format_element> jlf_line_format;
std::vector<logline_value> jlf_line_values;

502
src/log_format_impls.cc
Unescape Escape View File

@ -1,5 +1,5 @@
/**
* Copyright (c) 2007-2012, Timothy Stack
* Copyright (c) 2007-2017, Timothy Stack
*
* All rights reserved.
*
@ -34,6 +34,7 @@
#include <stdio.h>
#include "pcrepp.hh"
#include "sql_util.hh"
#include "log_format.hh"
#include "log_vtab_impl.hh"
@ -133,7 +134,8 @@ class generic_log_format : public log_format {
}
};
scan_result_t scan(vector<logline> &dst,
scan_result_t scan(nonstd::optional<logfile *> lf,
vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr)
{
@ -212,4 +214,500 @@ class generic_log_format : public log_format {
};
};
string from_escaped_string(const char *str, size_t len)
{
string retval;
for (size_t lpc = 0; lpc < len; lpc++) {
switch (str[lpc]) {
case '\\':
if ((lpc + 3) < len && str[lpc + 1] == 'x') {
int ch;
if (sscanf(&str[lpc + 2], "%2x", &ch) == 1) {
retval.append(1, (char) ch & 0xff);
lpc += 3;
}
}
break;
default:
retval.append(1, str[lpc]);
break;
}
}
return retval;
}
struct separated_string {
const char *ss_str;
size_t ss_len;
const char *ss_separator;
size_t ss_separator_len;
separated_string(const char *str = nullptr, size_t len = -1)
: ss_str(str), ss_len(len), ss_separator(",") {
this->ss_separator_len = strlen(this->ss_separator);
};
separated_string &with_separator(const char *sep) {
this->ss_separator = sep;
this->ss_separator_len = strlen(sep);
return *this;
};
struct iterator {
const separated_string &i_parent;
const char *i_pos;
const char *i_next_pos;
size_t i_index;
iterator(const separated_string &ss, const char *pos)
: i_parent(ss), i_pos(pos), i_index(0) {
this->update();
};
void update() {
const separated_string &ss = this->i_parent;
const char *next_field;
next_field = strnstr(this->i_pos, ss.ss_separator,
ss.ss_len - (this->i_pos - ss.ss_str));
if (next_field == nullptr) {
this->i_next_pos = ss.ss_str + ss.ss_len;
} else {
this->i_next_pos = next_field + ss.ss_separator_len;
}
};
iterator &operator++() {
this->i_pos = this->i_next_pos;
this->update();
this->i_index += 1;
return *this;
};
string_fragment operator*() {
const separated_string &ss = this->i_parent;
int end;
if (this->i_next_pos < (ss.ss_str + ss.ss_len)) {
end = this->i_next_pos - ss.ss_str - ss.ss_separator_len;
} else {
end = this->i_next_pos - ss.ss_str;
}
return string_fragment(ss.ss_str, this->i_pos - ss.ss_str, end);
};
bool operator==(const iterator &other) const {
return (&this->i_parent == &other.i_parent) &&
(this->i_pos == other.i_pos);
};
bool operator!=(const iterator &other) const {
return !(*this == other);
};
size_t index() const {
return this->i_index;
};
};
iterator begin() {
return iterator(*this, this->ss_str);
};
iterator end() {
return iterator(*this, this->ss_str + this->ss_len);
};
};
class bro_log_format : public log_format {
public:
struct field_def {
const intern_string_t fd_name;
logline_value::kind_t fd_kind;
bool fd_identifier;
const char *fd_collator;
int fd_numeric_index;
field_def(const intern_string_t name)
: fd_name(name),
fd_kind(logline_value::VALUE_TEXT),
fd_identifier(false),
fd_collator(nullptr),
fd_numeric_index(-1) {
};
field_def &with_kind(logline_value::kind_t kind,
bool identifier = false,
const char *collator = nullptr) {
this->fd_kind = kind;
this->fd_identifier = identifier;
this->fd_collator = collator;
return *this;
};
field_def &with_numeric_index(int index) {
this->fd_numeric_index = index;
return *this;
}
};
bro_log_format() {
this->lf_is_self_describing = true;
this->lf_time_ordered = false;
};
intern_string_t get_name(void) const {
static intern_string_t name = intern_string::lookup("bro");
return this->blf_format_name.empty() ? name : this->blf_format_name;
};
virtual void clear(void) {
this->log_format::clear();
this->blf_format_name.clear();
this->blf_field_defs.clear();
};
scan_result_t scan_int(std::vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr) {
static const intern_string_t STATUS_CODE = intern_string::lookup("bro_status_code");
static const intern_string_t TS = intern_string::lookup("bro_ts");
static const intern_string_t UID = intern_string::lookup("bro_uid");
separated_string ss(sbr.get_data(), sbr.length());
struct timeval tv;
struct exttm tm;
bool found_ts = false;
logline::level_t level = logline::LEVEL_INFO;
uint8_t opid = 0;
ss.with_separator(this->blf_separator.get());
for (auto iter = ss.begin(); iter != ss.end(); ++iter) {
if (iter.index() == 0 && *iter == "#close") {
return SCAN_MATCH;
}
const field_def &fd = this->blf_field_defs[iter.index()];
if (TS == fd.fd_name) {
string_fragment sf = *iter;
if (this->lf_date_time.scan(sf.data(),
sf.length(),
NULL,
&tm,
tv)) {
this->lf_timestamp_flags = tm.et_flags;
found_ts = true;
}
} else if (STATUS_CODE == fd.fd_name) {
string_fragment sf = *iter;
if (!sf.empty() && sf[0] >= '4') {
level = logline::LEVEL_ERROR;
}
} else if (UID == fd.fd_name) {
string_fragment sf = *iter;
opid = hash_str(sf.data(), sf.length());
}
if (fd.fd_numeric_index >= 0) {
switch (fd.fd_kind) {
case logline_value::VALUE_INTEGER:
case logline_value::VALUE_FLOAT: {
string_fragment sf = *iter;
char field_copy[sf.length() + 1];
double val;
if (sscanf(sf.to_string(field_copy), "%lf", &val) == 1) {
this->lf_value_stats[fd.fd_numeric_index].add_value(val);
}
break;
}
default:
break;
}
}
}
if (found_ts) {
dst.emplace_back(offset, tv, level, 0, opid);
return SCAN_MATCH;
} else {
return SCAN_NO_MATCH;
}
}
scan_result_t scan(nonstd::optional<logfile *> lf,
std::vector<logline> &dst,
off_t offset,
shared_buffer_ref &sbr) {
static pcrepp SEP_RE(R"(^#separator\s+(.+))");
if (!this->blf_format_name.empty()) {
return this->scan_int(dst, offset, sbr);
}
if (dst.empty() || dst.size() > 20 || sbr.empty() || sbr.get_data()[0] == '#' || !lf) {
return SCAN_NO_MATCH;
}
pcre_context_static<20> pc;
auto line_iter = dst.begin();
string line = lf.value()->read_line(line_iter);
pcre_input pi(line);
if (!SEP_RE.match(pc, pi)) {
return SCAN_NO_MATCH;
}
this->clear();
string sep = from_escaped_string(pi.get_substr_start(pc[0]), pc[0]->length());
this->blf_separator = intern_string::lookup(sep);
for (++line_iter; line_iter != dst.end(); ++line_iter) {
string line = lf.value()->read_line(line_iter);
separated_string ss(line.c_str(), line.length());
ss.with_separator(this->blf_separator.get());
auto iter = ss.begin();
string_fragment directive = *iter;
if (directive.empty() || directive[0] != '#') {
continue;
}
++iter;
if (iter == ss.end()) {
continue;
}
if (directive == "#set_separator") {
this->blf_set_separator = intern_string::lookup(*iter);
} else if (directive == "#empty_field") {
this->blf_empty_field = intern_string::lookup(*iter);
} else if (directive == "#unset_field") {
this->blf_unset_field = intern_string::lookup(*iter);
} else if (directive == "#path") {
string path = to_string(*iter);
char full_name[128];
snprintf(full_name, sizeof(full_name), "bro_%s_log", path.c_str());
this->blf_format_name = intern_string::lookup(full_name);
} else if (directive == "#fields") {
do {
this->blf_field_defs.emplace_back(intern_string::lookup("bro_" + sql_safe_ident(*iter)));
++iter;
} while (iter != ss.end());
} else if (directive == "#types") {
static const char *KNOWN_IDS[] = {
"bro_conn_uids",
"bro_fuid",
"bro_host",
"bro_info_code",
"bro_method",
"bro_mime_type",
"bro_orig_fuids",
"bro_parent_fuid",
"bro_proto",
"bro_referrer",
"bro_resp_fuids",
"bro_service",
"bro_status_code",
"bro_uid",
"bro_uri",
"bro_user_agent",
"bro_username",
};
int numeric_count = 0;
do {
string_fragment field_type = *iter;
field_def &fd = this->blf_field_defs[iter.index() - 1];
if (field_type == "time") {
fd.with_kind(logline_value::VALUE_TIMESTAMP);
} else if (field_type == "string") {
bool ident = binary_search(begin(KNOWN_IDS), end(KNOWN_IDS), fd.fd_name);
fd.with_kind(logline_value::VALUE_TEXT, ident);
} else if (field_type == "count") {
bool ident = binary_search(begin(KNOWN_IDS), end(KNOWN_IDS), fd.fd_name);
fd.with_kind(logline_value::VALUE_INTEGER, ident)
.with_numeric_index(numeric_count);
numeric_count += 1;
} else if (field_type == "bool") {
fd.with_kind(logline_value::VALUE_BOOLEAN);
} else if (field_type == "addr") {
fd.with_kind(logline_value::VALUE_TEXT, true, "ipaddress");
} else if (field_type == "port") {
fd.with_kind(logline_value::VALUE_INTEGER, true);
} else if (field_type == "interval") {
fd.with_kind(logline_value::VALUE_FLOAT)
.with_numeric_index(numeric_count);
numeric_count += 1;
}
++iter;
} while (iter != ss.end());
this->lf_value_stats.resize(numeric_count);
}
}
if (!this->blf_format_name.empty() &&
!this->blf_separator.empty() &&
!this->blf_field_defs.empty()) {
this->blf_header_size = dst.size() - 1;
dst.clear();
return this->scan_int(dst, offset, sbr);
}
this->blf_format_name.clear();
this->lf_value_stats.clear();
return SCAN_NO_MATCH;
};
void annotate(shared_buffer_ref &sbr, string_attrs_t &sa,
std::vector<logline_value> &values,
bool annotate_module) const {
static const intern_string_t TS = intern_string::lookup("bro_ts");
static const intern_string_t UID = intern_string::lookup("bro_uid");
separated_string ss(sbr.get_data(), sbr.length());
ss.with_separator(this->blf_separator.get());
for (auto iter = ss.begin(); iter != ss.end(); ++iter) {
if (iter.index() >= this->blf_field_defs.size()) {
return;
}
const field_def &fd = this->blf_field_defs[iter.index()];
string_fragment sf = *iter;
logline_value::kind_t kind = fd.fd_kind;
struct line_range lr(sf.sf_begin, sf.sf_end);
if (sf == this->blf_empty_field) {
sf.clear();
} else if (sf == this->blf_unset_field) {
sf.invalidate();
kind = logline_value::VALUE_NULL;
}
if (fd.fd_name == TS) {
sa.emplace_back(lr, &logline::L_TIMESTAMP);
} else if (fd.fd_name == UID) {
sa.emplace_back(lr, &logline::L_OPID);
}
shared_buffer_ref value_ref;
value_ref.subset(sbr, sf.sf_begin, sf.length());
values.emplace_back(fd.fd_name, kind, value_ref,
fd.fd_identifier, nullptr, iter.index(),
lr.lr_start, lr.lr_end, false,
this);
}
};
const logline_value_stats *stats_for_value(const intern_string_t &name) const {
const logline_value_stats *retval = nullptr;
for (size_t lpc = 0; lpc < this->blf_field_defs.size(); lpc++) {
if (this->blf_field_defs[lpc].fd_name == name) {
if (this->blf_field_defs[lpc].fd_numeric_index < 0) {
break;
}
retval = &this->lf_value_stats[this->blf_field_defs[lpc].fd_numeric_index];
break;
}
}
return retval;
};
std::unique_ptr<log_format> specialized(int fmt_lock = -1) {
std::unique_ptr<bro_log_format> retval = make_unique<bro_log_format>(*this);
return unique_ptr<log_format>(retval.release());
};
class bro_log_table : public log_format_vtab_impl {
public:
bro_log_table(const bro_log_format &format)
: log_format_vtab_impl(format), blt_format(format) {
}
void get_columns(vector<vtab_column> &cols) const {
for (const auto &fd : this->blt_format.blf_field_defs) {
int type = log_vtab_impl::logline_value_to_sqlite_type(fd.fd_kind);
cols.emplace_back(fd.fd_name.to_string(), type, fd.fd_collator);
}
};
void get_foreign_keys(std::vector<std::string> &keys_inout) const {
this->log_vtab_impl::get_foreign_keys(keys_inout);
for (const auto &fd : this->blt_format.blf_field_defs) {
if (fd.fd_identifier) {
keys_inout.push_back(fd.fd_name.to_string());
}
}
}
const bro_log_format &blt_format;
};
static map<intern_string_t, bro_log_table *> &get_tables() {
static map<intern_string_t, bro_log_table *> retval;
return retval;
};
log_vtab_impl *get_vtab_impl(void) const {
if (this->blf_format_name.empty()) {
return nullptr;
}
bro_log_table *retval = nullptr;
auto &tables = get_tables();
auto iter = tables.find(this->blf_format_name);
if (iter == tables.end()) {
retval = new bro_log_table(*this);
tables[this->blf_format_name] = retval;
}
return retval;
};
void get_subline(const logline &ll,
shared_buffer_ref &sbr,
bool full_message) {
}
size_t blf_header_size;
intern_string_t blf_format_name;
intern_string_t blf_separator;
intern_string_t blf_set_separator;
intern_string_t blf_empty_field;
intern_string_t blf_unset_field;
vector<field_def> blf_field_defs;
};
log_format::register_root_format<bro_log_format> bro_log_instance;
log_format::register_root_format<generic_log_format> generic_log_instance;

20
src/log_format_loader.cc
Unescape Escape View File

@ -167,8 +167,11 @@ static int read_format_bool(yajlpp_parse_context *ypc, int val)
if (field_name == "convert-to-local-time")
elf->lf_date_time.dts_local_time = val;
else if (field_name == "json")
elf->jlf_json = val;
else if (field_name == "json") {
if (val) {
elf->elf_type = external_log_format::ELF_TYPE_JSON;
}
}
else if (field_name == "hide-extra")
elf->jlf_hide_extra = val;
else if (field_name == "multiline")
@ -524,6 +527,14 @@ struct json_path_handler sample_handlers[] = {
json_path_handler()
};
static const json_path_handler_base::enum_value_t TYPE_ENUM[] = {
make_pair("text", external_log_format::elf_type_t::ELF_TYPE_TEXT),
make_pair("json", external_log_format::elf_type_t::ELF_TYPE_JSON),
make_pair("csv", external_log_format::elf_type_t::ELF_TYPE_CSV),
json_path_handler_base::ENUM_TERMINATOR
};
struct json_path_handler format_handlers[] = {
json_path_handler("regex/(?<pattern_name>[^/]+)/")
.with_obj_provider(pattern_provider)
@ -573,6 +584,11 @@ struct json_path_handler format_handlers[] = {
.with_description("A regular expression to highlight in logs of this format.")
.for_field(&nullobj<external_log_format>()->elf_highlighter_patterns),
json_path_handler("file-type")
.with_synopsis("The type of file that contains the log messages")
.with_enum_values(TYPE_ENUM)
.for_enum(&nullobj<external_log_format>()->elf_type),
json_path_handler()
};

30
src/log_vtab_impl.cc
Unescape Escape View File

@ -113,6 +113,33 @@ std::string log_vtab_impl::get_table_statement(void)
return oss.str();
}
int log_vtab_impl::logline_value_to_sqlite_type(logline_value::kind_t kind)
{
int type = 0;
switch (kind) {
case logline_value::VALUE_NULL:
case logline_value::VALUE_TEXT:
case logline_value::VALUE_JSON:
case logline_value::VALUE_QUOTED:
case logline_value::VALUE_TIMESTAMP:
type = SQLITE3_TEXT;
break;
case logline_value::VALUE_FLOAT:
type = SQLITE_FLOAT;
break;
case logline_value::VALUE_BOOLEAN:
case logline_value::VALUE_INTEGER:
type = SQLITE_INTEGER;
break;
case logline_value::VALUE_UNKNOWN:
case logline_value::VALUE__MAX:
ensure(0);
break;
}
return type;
}
struct vtab {
sqlite3_vtab base;
sqlite3 * db;
@ -461,7 +488,8 @@ static int vt_column(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int col)
sqlite3_result_null(ctx);
break;
case logline_value::VALUE_JSON:
case logline_value::VALUE_TEXT: {
case logline_value::VALUE_TEXT:
case logline_value::VALUE_TIMESTAMP: {
sqlite3_result_text(ctx,
lv_iter->text_value(),
lv_iter->text_length(),

2
src/log_vtab_impl.hh
Unescape Escape View File

@ -90,6 +90,8 @@ public:
std::string vc_comment;
};
static int logline_value_to_sqlite_type(logline_value::kind_t kind);
log_vtab_impl(const intern_string_t name) : vi_supports_indexes(true), vi_name(name) {
this->vi_attrs.resize(128);
};

67
src/logfile.cc
Unescape Escape View File

@ -145,14 +145,15 @@ void logfile::set_format_base_time(log_format *lf)
lf->lf_date_time.set_base_time(file_time);
}
void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
bool logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
{
log_format::scan_result_t found = log_format::SCAN_NO_MATCH;
size_t prescan_size = this->lf_index.size();
bool retval = false;
if (this->lf_format.get() != NULL) {
/* We've locked onto a format, just use that scanner. */
found = this->lf_format->scan(this->lf_index, offset, sbr);
found = this->lf_format->scan(this, this->lf_index, offset, sbr);
}
else if (this->lf_options.loo_detect_format &&
this->lf_index.size() < MAX_UNRECOGNIZED_LINES) {
@ -173,7 +174,7 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
(*iter)->clear();
this->set_format_base_time(*iter);
found = (*iter)->scan(this->lf_index, offset, sbr);
found = (*iter)->scan(this, this->lf_index, offset, sbr);
if (found == log_format::SCAN_MATCH) {
#if 0
require(this->lf_index.size() == 1 ||
@ -200,6 +201,7 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
this->lf_index[lpc].set_time(last_line.get_time());
this->lf_index[lpc].set_millis(last_line.get_millis());
}
break;
}
}
}
@ -211,19 +213,26 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
logline &latest = this->lf_index[prescan_size];
if (latest < second_to_last) {
log_debug("%s:%d: out-of-time-order line detected %d.%03d < %d.%03d",
this->lf_filename.c_str(),
prescan_size,
latest.get_time(),
latest.get_millis(),
second_to_last.get_time(),
second_to_last.get_millis());
for (size_t lpc = prescan_size; lpc < this->lf_index.size(); lpc++) {
logline &line_to_update = this->lf_index[lpc];
line_to_update.set_time_skew(true);
line_to_update.set_time(second_to_last.get_time());
line_to_update.set_millis(second_to_last.get_millis());
if (this->lf_format->lf_time_ordered) {
log_debug(
"%s:%d: out-of-time-order line detected %d.%03d < %d.%03d",
this->lf_filename.c_str(),
prescan_size,
latest.get_time(),
latest.get_millis(),
second_to_last.get_time(),
second_to_last.get_millis());
for (size_t lpc = prescan_size;
lpc < this->lf_index.size(); lpc++) {
logline &line_to_update = this->lf_index[lpc];
line_to_update.set_time_skew(true);
line_to_update.set_time(second_to_last.get_time());
line_to_update.set_millis(
second_to_last.get_millis());
}
} else {
retval = true;
}
}
}
@ -261,12 +270,14 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr)
case log_format::SCAN_INCOMPLETE:
break;
}
return retval;
}
bool logfile::rebuild_index()
logfile::rebuild_result_t logfile::rebuild_index()
throw (line_buffer::error, logfile::error)
{
bool retval = false;
rebuild_result_t retval = RR_NO_NEW_LINES;
struct stat st;
this->lf_activity.la_polls += 1;
@ -280,7 +291,7 @@ throw (line_buffer::error, logfile::error)
log_info("truncated file detected, closing -- %s",
this->lf_filename.c_str());
this->close();
return false;
return RR_NO_NEW_LINES;
}
else if (this->lf_line_buffer.is_data_available(this->lf_index_size, st.st_size)) {
this->lf_activity.la_reads += 1;
@ -320,7 +331,7 @@ throw (line_buffer::error, logfile::error)
log_info("overwritten file detected, closing -- %s",
this->lf_filename.c_str());
this->close();
return false;
return RR_NO_NEW_LINES;
}
}
}
@ -331,6 +342,9 @@ throw (line_buffer::error, logfile::error)
if (this->lf_logline_observer != NULL) {
this->lf_logline_observer->logline_restart(*this);
}
bool sort_needed = false;
while (this->lf_line_buffer.read_line(off, sbr, &lv)) {
size_t old_size = this->lf_index.size();
@ -344,9 +358,13 @@ throw (line_buffer::error, logfile::error)
this->lf_longest_line = std::max(this->lf_longest_line, sbr.length());
this->lf_partial_line = lv.lv_partial;
this->process_prefix(last_off, sbr);
sort_needed = this->process_prefix(last_off, sbr) || sort_needed;
last_off = off;
if (old_size > this->lf_index.size()) {
old_size = 0;
}
for (logfile::iterator iter = this->begin() + old_size;
iter != this->end(); ++iter) {
if (this->lf_logline_observer != NULL) {
@ -365,6 +383,7 @@ throw (line_buffer::error, logfile::error)
break;
}
}
if (this->lf_logline_observer != NULL) {
this->lf_logline_observer->logline_eof(*this);
}
@ -389,7 +408,11 @@ throw (line_buffer::error, logfile::error)
this->lf_index_size = off;
this->lf_stat = st;
retval = true;
if (sort_needed) {
retval = RR_NEW_ORDER;
} else {
retval = RR_NEW_LINES;
}
}
this->lf_index_time = this->lf_line_buffer.get_file_time();

10
src/logfile.hh
Unescape Escape View File

@ -335,6 +335,12 @@ public:
void read_full_message(iterator ll, shared_buffer_ref &msg_out, int max_lines=50);
enum rebuild_result_t {
RR_NO_NEW_LINES,
RR_NEW_LINES,
RR_NEW_ORDER,
};
/**
* Index any new data in the log file.
*
@ -342,7 +348,7 @@ public:
* indexing.
* @return True if any new lines were indexed.
*/
bool rebuild_index()
rebuild_result_t rebuild_index()
throw (line_buffer::error, logfile::error);
void reobserve_from(iterator iter);
@ -391,7 +397,7 @@ protected:
* @param prefix The contents of the line.
* @param len The length of the 'prefix' string.
*/
void process_prefix(off_t offset, shared_buffer_ref &sbr);
bool process_prefix(off_t offset, shared_buffer_ref &sbr);
void set_format_base_time(log_format *lf);

113
src/logfile_sub_source.cc
Unescape Escape View File

@ -146,11 +146,10 @@ void logfile_sub_source::text_value_for_line(textview_curses &tc,
if ((this->lss_token_file->is_time_adjusted() ||
format->lf_timestamp_flags & ETF_MACHINE_ORIENTED) &&
format->lf_date_time.dts_fmt_lock != -1) {
struct line_range time_range;
time_range = find_string_attr_range(
auto time_attr = find_string_attr(
this->lss_token_attrs, &logline::L_TIMESTAMP);
if (time_range.is_valid()) {
if (time_attr != this->lss_token_attrs.end()) {
const struct line_range time_range = time_attr->sa_range;
struct timeval adjusted_time;
struct exttm adjusted_tm;
char buffer[128];
@ -181,9 +180,6 @@ void logfile_sub_source::text_value_for_line(textview_curses &tc,
value_out.insert(time_range.lr_start,
padding,
' ');
shift_string_attrs(this->lss_token_attrs,
time_range.lr_start + 1,
padding);
}
value_out.replace(time_range.lr_start,
len,
@ -426,7 +422,7 @@ bool logfile_sub_source::rebuild_index(bool force)
{
iterator iter;
size_t total_lines = 0;
bool retval = force;
bool retval = force, full_sort = false;
int file_count = 0;
for (iter = this->lss_files.begin();
@ -439,14 +435,26 @@ bool logfile_sub_source::rebuild_index(bool force)
}
}
else {
if ((*iter)->get_file()->rebuild_index()) {
retval = true;
switch ((*iter)->get_file()->rebuild_index()) {
case logfile::RR_NEW_LINES:
retval = true;
break;
case logfile::RR_NEW_ORDER:
retval = true;
force = true;
break;
}
file_count += 1;
total_lines += (*iter)->get_file()->size();
}
}
if (this->lss_index.reserve(total_lines)) {
force = true;
}
if (force) {
full_sort = true;
for (iter = this->lss_files.begin();
iter != this->lss_files.end();
iter++) {
@ -460,50 +468,73 @@ bool logfile_sub_source::rebuild_index(bool force)
if (retval || force) {
size_t index_size = 0, start_size = this->lss_index.size();
logline_cmp line_cmper(*this);
kmerge_tree_c<logline, logfile_data, logfile::iterator> merge(file_count);
for (iter = this->lss_files.begin();
iter != this->lss_files.end();
iter++) {
logfile_data *ld = *iter;
for (auto ld : this->lss_files) {
logfile *lf = ld->get_file();
if (lf == NULL) {
if (lf == nullptr) {
continue;
}
merge.add(ld,
lf->begin() + ld->ld_lines_indexed,
lf->end());
index_size += lf->size();
this->lss_longest_line = std::max(this->lss_longest_line, lf->get_longest_line_length());
this->lss_longest_line = std::max(
this->lss_longest_line, lf->get_longest_line_length());
}
this->lss_index.reset();
if (full_sort) {
for (auto ld : this->lss_files) {
logfile *lf = ld->get_file();
if (lf == nullptr) {
continue;
}
merge.execute();
for (;;) {
logfile::iterator lf_iter;
logfile_data *ld;
for (size_t line_index = 0; line_index < lf->size(); line_index++) {
content_line_t con_line(ld->ld_file_index * MAX_LINES_PER_FILE +
line_index);
if (!merge.get_top(ld, lf_iter)) {
break;
this->lss_index.push_back(con_line);
}
}
int file_index = ld->ld_file_index;
int line_index = lf_iter - ld->get_file()->begin();
sort(this->lss_index.begin(), this->lss_index.end(), line_cmper);
} else {
kmerge_tree_c<logline, logfile_data, logfile::iterator> merge(
file_count);
content_line_t con_line(file_index * MAX_LINES_PER_FILE +
line_index);
for (iter = this->lss_files.begin();
iter != this->lss_files.end();
iter++) {
logfile_data *ld = *iter;
logfile *lf = ld->get_file();
if (lf == NULL) {
continue;
}
off_t insert_point = this->lss_index.merge_value(
con_line, logline_cmp(*this));
if (insert_point < (off_t)start_size) {
start_size = 0;
this->lss_filtered_index.clear();
merge.add(ld,
lf->begin() + ld->ld_lines_indexed,
lf->end());
index_size += lf->size();
}
merge.next();
merge.execute();
for (;;) {
logfile::iterator lf_iter;
logfile_data *ld;
if (!merge.get_top(ld, lf_iter)) {
break;
}
int file_index = ld->ld_file_index;
int line_index = lf_iter - ld->get_file()->begin();
content_line_t con_line(file_index * MAX_LINES_PER_FILE +
line_index);
this->lss_index.push_back(con_line);
merge.next();
}
}
for (iter = this->lss_files.begin();
@ -515,8 +546,6 @@ bool logfile_sub_source::rebuild_index(bool force)
(*iter)->ld_lines_indexed = (*iter)->get_file()->size();
}
this->lss_index.finish();
this->lss_filtered_index.reserve(this->lss_index.size());
uint32_t filter_in_mask, filter_out_mask;

4
src/logfile_sub_source.hh
Unescape Escape View File

@ -45,7 +45,7 @@
#include "strong_int.hh"
#include "logfile.hh"
#include "bookmarks.hh"
#include "chunky_index.hh"
#include "big_array.hh"
#include "textview_curses.hh"
#include "filter_observer.hh"
@ -609,7 +609,7 @@ private:
unsigned long lss_flags;
std::vector<logfile_data *> lss_files;
chunky_index<indexed_content> lss_index;
big_array<indexed_content> lss_index;
std::vector<uint32_t> lss_filtered_index;
bookmarks<content_line_t>::type lss_user_marks;

17
src/sql_util.cc
Unescape Escape View File

@ -610,6 +610,23 @@ char *sql_quote_ident(const char *ident)
return retval;
}
string sql_safe_ident(const string_fragment &ident)
{
string retval = to_string(ident);
for (size_t lpc = 0; lpc < retval.size(); lpc++) {
char ch = retval[lpc];
if (isalnum(ch) || ch == '_') {
retval[lpc] = ch;
} else {
retval[lpc] = '_';
}
}
return retval;
}
void sql_compile_script(sqlite3 *db,
const char *src_name,
const char *script_orig,

2
src/sql_util.hh
Unescape Escape View File

@ -81,6 +81,8 @@ bool sql_ident_needs_quote(const char *ident);
char *sql_quote_ident(const char *ident);
std::string sql_safe_ident(const string_fragment &ident);
void sql_compile_script(sqlite3 *db,
const char *src_name,
const char *script,

45
src/view_curses.cc
Unescape Escape View File

@ -240,6 +240,21 @@ void attr_line_t::split_lines(std::vector<attr_line_t> &lines) const
lines.emplace_back(this->subline(pos));
}
struct tab_mapping {
size_t tm_origin;
size_t tm_dst_start;
size_t tm_dst_end;
tab_mapping(size_t origin, size_t dst_start, size_t dst_end)
: tm_origin(origin), tm_dst_start(dst_start), tm_dst_end(dst_end) {
};
size_t length() const {
return this->tm_dst_end - this->tm_dst_start;
};
};
void view_curses::mvwattrline(WINDOW *window,
int y,
int x,
@ -250,8 +265,8 @@ void view_curses::mvwattrline(WINDOW *window,
int text_attrs, attrs, line_width;
string_attrs_t & sa = al.get_attrs();
string & line = al.get_string();
string_attrs_t::iterator iter;
std::map<size_t, size_t, std::greater<size_t> > tab_list;
string_attrs_t::const_iterator iter;
vector<tab_mapping> tab_list;
int tab_count = 0;
char *expanded_line;
size_t exp_index = 0;
@ -264,13 +279,15 @@ void view_curses::mvwattrline(WINDOW *window,
expanded_line = (char *)alloca(line.size() + tab_count * 8 + 1);
for (size_t lpc = 0; lpc < line.size(); lpc++) {
int exp_start_index = exp_index;
switch (line[lpc]) {
case '\t':
do {
expanded_line[exp_index] = ' ';
exp_index += 1;
} while (exp_index % 8);
tab_list[lpc] = exp_index;
tab_list.emplace_back(lpc, exp_start_index, exp_index);
break;
case '\r':
@ -310,24 +327,24 @@ void view_curses::mvwattrline(WINDOW *window,
stable_sort(sa.begin(), sa.end());
for (iter = sa.begin(); iter != sa.end(); ++iter) {
struct line_range attr_range = iter->sa_range;
std::map<size_t, size_t>::iterator tab_iter;
require(attr_range.lr_start >= 0);
require(attr_range.lr_end >= -1);
tab_iter = tab_list.lower_bound(attr_range.lr_start);
if (tab_iter != tab_list.end()) {
if ((size_t)attr_range.lr_start > tab_iter->first) {
attr_range.lr_start += (tab_iter->second - tab_iter->first) - 1;
for (auto tab_iter = tab_list.rbegin();
tab_iter != tab_list.rend();
++tab_iter) {
if (tab_iter->tm_origin < attr_range.lr_start) {
attr_range.lr_start += tab_iter->length() - 1;
}
}
if (attr_range.lr_end != -1) {
tab_iter = tab_list.lower_bound(attr_range.lr_end);
if (tab_iter != tab_list.end()) {
if ((size_t)attr_range.lr_end > tab_iter->first) {
attr_range.lr_end += (
tab_iter->second - tab_iter->first) - 1;
for (auto tab_iter = tab_list.rbegin();
tab_iter != tab_list.rend();
++tab_iter) {
if (tab_iter->tm_origin < attr_range.lr_end) {
attr_range.lr_end += tab_iter->length() - 1;
}
}
}
@ -341,7 +358,7 @@ void view_curses::mvwattrline(WINDOW *window,
attr_range.lr_end - lr.lr_start);
if (attr_range.lr_end > attr_range.lr_start) {
string_attrs_t::iterator range_iter;
string_attrs_t::const_iterator range_iter;
int awidth = attr_range.length();
int color_pair = -1;

1
test/CMakeLists.txt
Unescape Escape View File

@ -1,7 +1,6 @@
include_directories(../../lbuild/src ../src/ /opt/local/include)
add_executable(test_chunky_index test_chunky_index.cc)
add_executable(test_pcrepp test_pcrepp.cc ../src/lnav_log.cc ../src/pcrepp.cc)
add_executable(test_reltime test_reltime.cc
../src/relative_time.cc

7
test/Makefile.am
Unescape Escape View File

@ -38,7 +38,6 @@ check_PROGRAMS = \
test_auto_fd \
test_auto_mem \
test_bookmarks \
test_chunky_index \
test_concise \
test_date_time_scanner \
test_grep_proc2 \
@ -82,9 +81,6 @@ test_auto_mem_SOURCES = test_auto_mem.cc
test_bookmarks_SOURCES = test_bookmarks.cc
test_bookmarks_LDADD = ../src/libdiag.a
test_chunky_index_SOURCES = test_chunky_index.cc
test_chunky_index_LDADD = ../src/libdiag.a
test_date_time_scanner_SOURCES = test_date_time_scanner.cc
test_date_time_scanner_LDADD = ../src/libdiag.a $(SQLITE3_LIBS)
@ -290,6 +286,8 @@ dist_noinst_DATA = \
logfile_access_log.1 \
logfile_bad_access_log.0 \
logfile_bad_syslog.0 \
logfile_bro_conn.log.0 \
logfile_bro_http.log.0 \
logfile_blued.0 \
logfile_empty.0 \
logfile_epoch.0 \
@ -356,7 +354,6 @@ TESTS = \
test_auto_fd \
test_auto_mem \
test_bookmarks \
test_chunky_index \
test_date_time_scanner \
test_format_installer.sh \
test_format_loader.sh \

2
test/drive_data_scanner.cc
Unescape Escape View File

@ -150,7 +150,7 @@ int main(int argc, char *argv[])
iter != root_formats.end() && !found;
++iter) {
(*iter)->clear();
if ((*iter)->scan(index, 13, sbr) == log_format::SCAN_MATCH) {
if ((*iter)->scan(nonstd::nullopt, index, 13, sbr) == log_format::SCAN_MATCH) {
format = (*iter)->specialized();
found = true;
}

101
test/logfile_bro_conn.log.0
Unescape Escape View File

@ -0,0 +1,101 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2017-04-16-21-36-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1320279554.496300 Cg9xqq3JAcZusspA86 192.168.2.76 52025 208.85.42.28 80 tcp - 2.125850 0 1092421 SF - - 0 ^dAfFa 400 20800 756 1131733 (empty)
1320279567.181431 CdysLK1XpcrXOpVDuh 192.168.2.76 52034 174.129.249.33 80 tcp http 0.082899 389 1495 SF - - 0 ShADdfFa 5 613 4 1667 (empty)
1320279567.452735 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 tcp http 2.561940 905 731 SF - - 0 ShADadfF 9 1289 8 1063 (empty)
1320279567.181050 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 tcp http 3.345539 1856 1445 SF - - 0 ShADadfF 15 2480 13 1969 (empty)
1320279572.537165 Cg66JO6sKx3fvUkQa 192.168.2.76 52014 132.235.215.117 80 tcp - 0.005881 0 0 SF - - 0 FfA 2 104 1 52 (empty)
1320279578.886650 CIJIDL1ULo4HpT24Gl 192.168.2.76 52052 63.241.108.124 80 tcp http 0.498720 1566 2543 SF - - 0 ShADadfF 6 1830 5 2747 (empty)
1320279577.453637 CEh6Ka2HInkNSH01L2 192.168.2.76 52044 216.34.181.48 80 tcp http 5.077548 596 576 SF - - 0 ShADadfF 6 920 5 848 (empty)
1320279581.284239 CSvRlm1gGNFXUOrtRj 192.168.2.76 52059 207.171.163.23 80 tcp - 5.056486 0 0 SF - - 0 ShAFf 4 184 2 92 (empty)
1320279577.507914 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 tcp http 11.654832 2603 181933 SF - - 0 ShADadfF 80 6775 134 188913 (empty)
1320279590.558878 CKeb0i4BZy3XEHQGvb 192.168.2.76 52077 74.125.225.78 80 tcp - 5.048744 0 0 SF - - 0 ShAFf 4 220 2 112 (empty)
1320279601.552309 CK957ERTz8lBycly4 192.168.2.76 52085 199.59.148.201 80 tcp http 0.237418 883 1071 SF - - 0 ShADadfF 6 1207 5 1339 (empty)
1320279600.826685 CaPClb1Bf0RrRGtyWi 192.168.2.76 52083 192.150.187.43 80 tcp http 5.233472 442 31353 SF - - 0 ShADadfF 20 1494 26 32713 (empty)
1320279600.826441 CmWpSw3VtjiAceBCwf 192.168.2.76 52081 192.150.187.43 80 tcp http 5.233763 446 24258 SF - - 0 ShADadfF 14 1186 21 25358 (empty)
1320279600.826004 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 tcp http 5.404390 886 16577 SF - - 0 ShADadfF 14 1626 17 17469 (empty)
1320279600.825492 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 tcp http 5.496459 1309 17849 SF - - 0 ShADadfF 16 2153 18 18793 (empty)
1320279600.826607 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 tcp http 5.515177 1746 14412 SF - - 0 ShADadfF 14 2486 16 15252 (empty)
1320279600.581672 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 tcp http 5.825503 1599 80801 SF - - 0 ShADadfF 37 3535 63 84085 (empty)
1320279607.998777 CKskol4qPFKjkV6273 192.168.2.76 52022 74.125.225.68 80 tcp - 0.021505 0 0 SF - - 0 FfA 2 104 1 52 (empty)
1320279607.998577 CtBtCj3jZ4UVo657Dc 192.168.2.76 52023 209.85.145.101 80 tcp - 0.031533 0 0 SF - - 0 FfA 2 104 1 52 (empty)
1320279611.527848 CurHpb1TGZOktTRNP1 192.168.2.76 52092 199.59.148.201 80 tcp http 0.349795 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty)
1320279612.495344 CuUKOQ1R3CqKBgeTdf 192.168.2.76 52093 199.59.148.201 80 tcp http 0.279806 907 1070 SF - - 0 ShADadfF 6 1231 5 1338 (empty)
1320279613.968096 C3xkHgJnzZszVSTpi 192.168.2.76 52094 199.59.148.201 80 tcp http 0.486591 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty)
1320279611.171273 CINVx040XRWPWdQIOd 192.168.2.76 52091 192.150.187.43 80 tcp - 5.081864 0 0 SF - - 0 ShAFf 5 272 3 172 (empty)
1320279601.552622 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 tcp http 15.200059 4078 9556 SF - - 0 ShADadfF 12 4714 13 10240 (empty)
1320279610.744212 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 tcp http 6.499438 1669 37688 SF - - 0 ShADadFf 26 3033 31 39308 (empty)
1320279616.742259 CMrjgF2XLmRh9C9TR4 192.168.2.76 52095 208.85.41.42 80 tcp http 0.604819 546 59445 SF - - 0 ShADadfF 29 2066 45 61793 (empty)
1320279630.486420 CD69521bDXIAb4IkW 192.168.2.76 52097 199.59.148.201 80 tcp http 0.166288 903 1070 SF - - 0 ShADadfF 6 1227 5 1338 (empty)
1320279630.021607 C2vQ8sVgyADHjtEda 192.168.2.76 52096 192.150.187.43 80 tcp http 5.199366 421 15397 SF - - 0 ShADadfF 13 1109 15 16185 (empty)
1320279637.215536 CmxyBl2c8XAMTuHEk4 192.168.2.76 52100 199.59.148.201 80 tcp http 0.264911 905 1068 SF - - 0 ShADadFf 7 1281 5 1336 (empty)
1320279577.687091 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 tcp http 61.298320 1465 22567 SF - - 0 ShADadfF 19 2465 21 23667 (empty)
1320279639.698701 CBX0254QJoklXNbvv2 192.168.2.76 52110 199.59.148.201 80 tcp http 0.283987 901 1067 SF - - 0 ShADadfF 6 1225 5 1335 (empty)
1320279638.450681 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 tcp http 5.709781 758 19809 SF - - 0 ShADadFf 16 1602 20 20857 (empty)
1320279638.954157 C4pHul1H3OeWYz7o7i 192.168.2.76 52102 192.150.187.43 80 tcp http 5.228420 371 498 SF - - 0 ShADadFf 7 747 5 766 (empty)
1320279638.957224 C7Lcvr4vsTf6eYpBva 192.168.2.76 52104 192.150.187.43 80 tcp http 5.231185 340 1443 SF - - 0 ShADadFf 7 716 5 1711 (empty)
1320279638.955996 CV8faD4L1sLL5kDwN9 192.168.2.76 52103 192.150.187.43 80 tcp http 5.243925 338 24829 SF - - 0 ShADadFf 18 1286 22 25981 (empty)
1320279639.349306 CvfUrT2DgYXXoZw9Ah 192.168.2.76 52109 192.150.187.43 80 tcp http 4.862785 400 7004 SF - - 0 ShADadFf 9 880 8 7428 (empty)
1320279639.147746 C6MrHk2C7rLuJqhjsg 192.168.2.76 52107 192.150.187.43 80 tcp http 5.066841 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty)
1320279639.205080 Ccc26E2f7mpxWWj5L2 192.168.2.76 52108 192.150.187.43 80 tcp - 5.009511 0 0 SF - - 0 ShAFf 5 272 3 172 (empty)
1320279639.052091 CyiluB4nGodFLEMnX5 192.168.2.76 52105 192.150.187.43 80 tcp - 5.162501 0 0 SF - - 0 ShAFf 5 272 3 172 (empty)
1320279639.147610 CxyAKs10ppnHFP6O8i 192.168.2.76 52106 192.150.187.43 80 tcp http 5.066984 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty)
1320279636.698841 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 tcp http 7.515757 1219 28929 SF - - 0 ShADadFf 23 2427 24 30185 (empty)
1320279630.486859 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 tcp http 15.198762 2050 4776 SF - - 0 ShADadfF 8 2478 9 5252 (empty)
1320279673.118128 CRNn9f1zKNlzHSM5pa 192.168.2.76 52112 199.59.148.201 80 tcp http 0.351267 902 1068 SF - - 0 ShADadfF 6 1226 5 1336 (empty)
1320279672.273571 C6Ym6jvMgikT0xTTc 192.168.2.76 52111 192.150.187.43 80 tcp http 5.564817 419 48038 SF - - 0 ShADadfF 23 1627 38 50022 (empty)
1320279579.393218 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 tcp http 0.045584 2503 21124 S1 - - 0 ShADad 13 3191 18 22068 (empty)
1320279567.515293 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 tcp http 23.090143 6335 4537 S1 - - 0 ShADad 18 7283 11 5117 (empty)
1320279581.817559 CGv2Tp4Ngt8MmKmVRd 192.168.2.76 52062 132.235.215.119 80 tcp http 0.007172 600 248 S1 - - 0 ShADad 4 820 3 412 (empty)
1320279571.543053 CsBgiE1WmGP4Yo749h 192.168.2.76 52039 69.171.228.39 80 tcp http 0.308956 417 10451 S1 - - 0 ShADd 9 897 9 10931 (empty)
1320279587.101825 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 tcp http 0.614423 2544 2981 S1 - - 0 ShADad 6 2868 6 3301 (empty)
1320279577.686971 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 tcp http 6.945222 2240 31147 S1 - - 0 ShADad 21 3344 26 32507 (empty)
1320279589.315281 CBHHuR1xFnm5C5CQBc 192.168.2.76 52074 74.125.225.76 80 tcp http 0.059880 373 1158 S1 - - 0 ShADad 4 593 3 1322 (empty)
1320279590.557604 C0K9DaoPFkfnzwlZa 192.168.2.76 52076 74.125.225.78 80 tcp http 0.048630 717 342 S1 - - 0 ShADad 4 937 3 506 (empty)
1320279581.472457 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 tcp http 0.704763 4835 51573 S1 - - 0 ShADad 30 6407 46 53973 (empty)
1320279585.726876 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 tcp http 1.386549 1233 8739 S1 - - 0 ShADad 10 1765 10 9267 (empty)
1320279566.795729 CdrfXZ1NOFPEawF218 192.168.2.76 52028 72.21.211.173 80 tcp http 115.121914 380 2260 SF - - 0 ShADdFf 6 644 4 2432 (empty)
1320279584.599525 Cs5yEZ3ELZTeuTOsP4 192.168.2.76 52064 204.246.169.252 80 tcp http 0.391939 370 64350 S1 - - 0 ShADad 28 1838 47 66802 (empty)
1320279601.555241 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 tcp http 71.619232 4280 704 S1 - - 0 ShADad 10 4812 6 1024 (empty)
1320279580.303255 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 tcp http 0.118609 844 1440 S1 - - 0 ShADad 6 1168 4 1656 (empty)
1320279600.900056 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 tcp http 72.274459 8979 8637 S1 - - 0 ShADad 23 10187 16 9477 (empty)
1320279571.880419 CtANmVrHYMtkWqPE5 192.168.2.76 52041 132.235.215.117 80 tcp http 0.013122 374 1813 S1 - - 0 ShADad 4 594 4 2029 (empty)
1320279577.686764 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 tcp http 6.975476 1916 71870 S1 - - 0 ShADad 37 3852 55 74738 (empty)
1320279581.287819 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 tcp http 0.686395 1601 40796 S1 - - 0 ShADad 21 2705 33 42520 (empty)
1320279586.006470 CbUCgw1DrIGcXzONB7 192.168.2.76 52071 204.246.169.217 80 tcp http 0.092010 381 1322 S1 - - 0 ShADad 4 601 3 1486 (empty)
1320279566.795779 CJwUi9bdB9c1lLW44 192.168.2.76 52029 72.21.211.173 80 tcp http 115.121339 380 2658 SF - - 0 ShADdFf 6 644 4 2830 (empty)
1320279571.880174 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 tcp http 0.673383 1507 12558 S1 - - 0 ShADad 13 2195 14 13302 (empty)
1320279581.284163 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 tcp http 0.335801 736 1674 S1 - - 0 ShADad 6 1000 5 1886 (empty)
1320279577.686914 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 tcp http 6.967534 2207 28633 S1 - - 0 ShADad 22 3363 24 29889 (empty)
1320279586.001630 CWJhMU2cTLEnseTmCb 192.168.2.76 52067 204.246.169.217 80 tcp http 0.136158 381 5225 S1 - - 0 ShADad 5 653 6 5545 (empty)
1320279567.684168 CdZUPH2DKOE7zzCLE3 192.168.2.76 52038 132.235.215.119 80 tcp http 115.202498 449 9019 SF - - 0 ShADadFf 9 929 10 9547 (empty)
1320279579.442948 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 tcp http 0.274905 1028 1071 S1 - - 0 ShADd 6 1292 3 1195 (empty)
1320279579.803083 CaP2LpLGvsmX7yJO 192.168.2.76 52056 74.125.225.91 80 tcp http 0.046347 400 360 S1 - - 0 ShADad 4 620 3 524 (empty)
1320279586.002799 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 tcp http 0.120253 762 3509 S1 - - 0 ShADad 6 1086 6 3829 (empty)
1320279567.667107 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 tcp http 32.451792 6668 13531 S1 - - 0 ShADad 29 8188 29 15047 (empty)
1320279566.795888 CT0JIh479jXIGt0Po1 192.168.2.76 52031 72.21.211.173 80 tcp http 115.121506 380 1981 SF - - 0 ShADdFf 6 644 4 2153 (empty)
1320279566.447996 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 tcp http 116.438679 2063 18235 SF - - 0 ShADadFf 15 2855 18 19179 (empty)
1320279577.686850 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 tcp http 6.973070 1921 280972 S1 - - 0 ShADadt 144 11093 199 291328 (empty)
1320279566.795830 CJxSUgkInyKSHiju1 192.168.2.76 52030 72.21.211.173 80 tcp http 115.121810 380 2686 SF - - 0 ShADdFf 6 644 4 2858 (empty)
1320279601.554581 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 tcp http 35.738404 4220 704 S1 - - 0 ShADad 10 4752 7 1076 (empty)
1320279566.795628 CoX7zA3OJKGUOSCBY2 192.168.2.76 52027 72.21.211.173 80 tcp http 115.121837 380 2948 SF - - 0 ShADdFf 6 644 5 3160 (empty)
1320279577.687031 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 tcp http 6.947920 2582 34114 S1 - - 0 ShADad 26 3946 30 35682 (empty)
1320279584.610492 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 tcp http 4.847647 1218 131460 S1 - - 0 ShADad 55 4090 94 136356 (empty)
1320279588.157960 CYYyja3FFNEnftw3K6 192.168.2.76 52073 74.125.225.72 80 tcp http 0.346895 378 174833 S1 - - 0 ShADadt 77 4718 127 181445 (empty)
1320279571.880844 C4uDKU5tpeRU9Su19 192.168.2.76 52043 132.235.215.117 80 tcp http 0.027676 389 803 S1 - - 0 ShADad 4 609 3 967 (empty)
1320279571.880785 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 tcp http 0.698402 813 45320 S1 - - 0 ShADad 22 1969 34 47096 (empty)
1320279586.004044 C2KnU34GcVV6amo8va 192.168.2.76 52069 204.246.169.217 80 tcp http 0.094285 381 1903 S1 - - 0 ShADad 4 601 4 2119 (empty)
1320279582.210392 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 tcp http 7.278092 1971 508090 S1 - - 0 ShADadt 225 15495 355 526558 (empty)
1320279590.556280 CD1jfU3p9abEm77mzf 192.168.2.76 52075 74.125.225.78 80 tcp http 0.047887 714 342 S1 - - 0 ShADad 4 934 3 506 (empty)
1320279586.005337 C5vx4911iSMAJuShFd 192.168.2.76 52070 204.246.169.217 80 tcp http 0.093133 381 2493 S1 - - 0 ShADad 4 601 4 2709 (empty)
1320279673.118549 CJLgi92kpp2gLgGTE5 192.168.2.76 52113 199.59.148.20 80 tcp http 10.247819 1023 2388 SF - - 0 ShADadfF 6 1347 6 2708 (empty)
1320279579.731320 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 tcp http 0.522914 1493 54251 S1 - - 0 ShADad 30 3065 46 56651 (empty)
1320279601.553361 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 tcp http 71.658218 3168 19975 S1 - - 0 ShADadt 23 4388 29 21491 (empty)
1320279566.796068 C6Q4Vm14ZJIlZhsXqk 192.168.2.76 52032 72.21.211.173 80 tcp http 115.119217 380 2628 SF - - 0 ShADadFf 6 644 5 2840 (empty)
#close 2017-04-16-21-36-10

206
test/logfile_bro_http.log.0
Unescape Escape View File

@ -0,0 +1,206 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open 2017-04-16-21-36-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
1320279566.452687 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 1 GET www.reddit.com / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 109978 200 OK - - (empty) - - - - - - Ftw3fJ2JJF3ntMTL2 - text/html
1320279566.831619 CJxSUgkInyKSHiju1 192.168.2.76 52030 72.21.211.173 80 1 GET e.thumbs.redditmedia.com /E-pbDbmiBclPkDaX.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2300 200 OK - - (empty) - - - - - - FFTf9Zdgk3YkfCKo3 - image/jpeg
1320279566.831563 CJwUi9bdB9c1lLW44 192.168.2.76 52029 72.21.211.173 80 1 GET f.thumbs.redditmedia.com /BP5bQfy4o-C7cF6A.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2272 200 OK - - (empty) - - - - - - FfXtOj3o7aub4vbs2j - image/jpeg
1320279566.831473 CoX7zA3OJKGUOSCBY2 192.168.2.76 52027 72.21.211.173 80 1 GET e.thumbs.redditmedia.com /SVUtep3Rhg5FTRn4.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2562 200 OK - - (empty) - - - - - - F21Ybs3PTqS6O4Q2Zh - image/jpeg
1320279566.831643 CT0JIh479jXIGt0Po1 192.168.2.76 52031 72.21.211.173 80 1 GET f.thumbs.redditmedia.com /uuy31444rLSyKdHS.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1595 200 OK - - (empty) - - - - - - Fdk0MZ1wQmKWAJ4WH4 - image/jpeg
1320279566.831666 C6Q4Vm14ZJIlZhsXqk 192.168.2.76 52032 72.21.211.173 80 1 GET a.thumbs.redditmedia.com /BoVp7eG0DUodTIfr.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2242 200 OK - - (empty) - - - - - - FwCCcC3lGkQAwhCDX3 - image/jpeg
1320279566.831535 CdrfXZ1NOFPEawF218 192.168.2.76 52028 72.21.211.173 80 1 GET c.thumbs.redditmedia.com /IEeSI3Q47xHE0UEz.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1874 200 OK - - (empty) - - - - - - FHK4nO28ZC5rrBZPqa - image/jpeg
1320279567.211407 CdysLK1XpcrXOpVDuh 192.168.2.76 52034 174.129.249.33 80 1 GET www.redditmedia.com /ads/ http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3258 200 OK - - (empty) - - - - - - Fv5xxZ7iP0eQKziM2 - text/html
1320279567.211031 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 1 GET pixel.redditmedia.com /pixel/of_destiny.png?v=32tb6zakMbpImUZWtz+pksVc/8wYRc822cfKz091HT0oAKWHwZGxGpDcvvwUpyjwU8nJsyGc4cw=&r=296143927 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - F5EJmr1cvlMkJFqSSk - image/png
1320279567.296908 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 2 GET www.reddit.com /static/bg-button-positive-unpressed.png http://www.reddit.com/static/reddit.RZTLMiZ4gTk.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279567.451885 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 2 GET pixel.redditmedia.com /fetch-trackers?callback=jQuery16107779853632052074_1320279566998&ids[]=t5_6&ids[]=t3_lsfmb&ids[]=t3_lsejk&_=1320279567192 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 206 200 OK - - (empty) - - - - - - FGxLzB2hPvGVceWXuf - text/plain
1320279567.482546 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 1 GET pixel.redditmedia.com /fetch-trackers?callback=jQuery16107779853632052074_1320279566999&ids[]=t5_6&ids[]=t3_lsfmb&ids[]=t3_lsejk&_=1320279567197 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 206 200 OK - - (empty) - - - - - - FJ5XTZ1P1mJV2IhFth - text/plain
1320279567.536586 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=872724630&utmhn=www.reddit.com&utme=8(site*srpath*usertype*uitype)9( reddit.com* reddit.com-GET_listing*guest*web)11(3!2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=reddit: the front page of the internet&utmhid=1425264550&utmr=-&utmp=/&utmac=UA-12131688-1&utmcc=__utma=55650728.1984705726.1319611466.1320276256.1320279567.22;+__utmz=55650728.1319747429.7.7.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=appengine%20python%20mobile%20analytics;&utmu=qQ~ http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FilkiN33J86y8uYEF7 - image/gif
1320279567.689996 CdZUPH2DKOE7zzCLE3 192.168.2.76 52038 132.235.215.119 80 1 GET feeds.bbci.co.uk /news/rss.xml?edition=int - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 44841 200 OK - - (empty) - - - - - - FscOrx3YnSFtKUa9uh - text/atom
1320279567.680708 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 3 GET pixel.redditmedia.com /pixel/of_doom.png?id=t5_6&hash=e962d119a7ff69901bb4ceaa7f3ba1224fd704b7&r=741109704 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - F6kKwQdgasTZr1aL3 - image/png
1320279567.683031 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 2 GET pixel.redditmedia.com /pixel/of_doom.png?id=t3_lsfmb&hash=1c635ac04668546a1c33c2faf3c4814cd6c4f96a&r=1492956402 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - FmHLsN1LHERYFmp4e2 - image/png
1320279567.690049 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 1 GET ad.doubleclick.net /adj/reddit.dart/reddit.com;kw=reddit.com;tile=1;sz=300x250;ord=5117434431991380? http://www.redditmedia.com/ads/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 491 200 OK - - (empty) - - - - - - Fabf7l1EL26N2KoFX6 - application/javascript
1320279568.281910 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 4 GET pixel.redditmedia.com /pixel/of_defenestration.png?hash=a8ababd2e4912c8b21d72252ad18ebb5d8e27ea3&id=dart_reddit.com&random=5012335803517919 http://www.redditmedia.com/ads/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - FcDkzJ3PNtrAn4aZu6 - image/png
1320279571.625521 CsBgiE1WmGP4Yo749h 192.168.2.76 52039 69.171.228.39 80 1 GET www.facebook.com / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 31379 200 OK - - (empty) - - - - - - FSRE0d2Zg3eeFyEBhf - text/html
1320279571.883692 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yt/r/svonORc8tTu.css http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 20200 200 OK - - (empty) - - - - - - F2U3Y12HmvdWxdclQ1 - text/plain
1320279571.883724 CtANmVrHYMtkWqPE5 192.168.2.76 52041 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yZ/r/ejLIIb8vBQK.css http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6968 200 OK - - (empty) - - - - - - FRGXkT2UUJEXviZzgf - text/plain
1320279571.884016 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2209 200 OK - - (empty) - - - - - - FJroqp2fMBIRhSjj6j - image/png
1320279571.884052 C4uDKU5tpeRU9Su19 192.168.2.76 52043 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yb/r/GsNJNwuI-UM.gif http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 522 200 OK - - (empty) - - - - - - FkTSSMSu95IbbWyPk - image/gif
1320279571.930335 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 2 GET static.ak.fbcdn.net /rsrc.php/yi/r/q9U99v3_saj.ico - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 152 200 OK - - (empty) - - - - - - FA4O2QKRGwGeMhyWg - image/png
1320279572.530622 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 3 GET static.ak.fbcdn.net /rsrc.php/v1/yB/r/TwAHgQi2ZPB.png http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/svonORc8tTu.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1203 200 OK - - (empty) - - - - - - FIp9Ei7407PZotrLf - image/png
1320279572.541605 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 4 GET static.ak.fbcdn.net /rsrc.php/v1/yu/r/O03OuHGGSjF.js http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14481 200 OK - - (empty) - - - - - - FXCacf3k0I8Jmv40V6 - text/plain
1320279572.531333 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 2 GET static.ak.fbcdn.net /rsrc.php/v1/yi/r/OBaVg52wtTZ.png http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/svonORc8tTu.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42565 200 OK - - (empty) - - - - - - FKd4ju2Q2pBLbL2g5j - image/png
1320279577.475501 CEh6Ka2HInkNSH01L2 192.168.2.76 52044 216.34.181.48 80 1 GET www.slashdot.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 297 301 Moved Permanently - - (empty) - - - - - - FlEa1o4YEPG5x7R5mh - text/html
1320279577.662818 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 2 GET www.google-analytics.com /siteopt.js?v=1&utmxkey=2467390112&utmx=9273847.00017148082467390112:2:4&utmxx=9273847.00017148082467390112:1320193640:2592000&utmxtime=1320279577646 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3968 200 OK - - (empty) - - - - - - Fe6QOa3PksIXzVHTE4 - text/plain
1320279577.706621 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/nasa_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3599 200 OK - - (empty) - - - - - - FS2GsS2N4xpsInXkc5 - image/png
1320279577.706671 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/redhat_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1708 200 OK - - (empty) - - - - - - FbrtkF2Bsf8qono1hl - image/png
1320279577.727833 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 3 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=2075689467&utmhn=slashdot.org&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/2467390112/test&utmac=UA-32013-38&utmcc=__utma=9273847.1625321166.1320279578.1320279578.1320279578.1;+__utmz=9273847.1320279578.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);+__utmx=9273847.00017148082467390112:2:4;&utmu=qACg~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FMI1K94zPiqlNScu2b - image/gif
1320279577.526624 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 1 GET slashdot.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 92235 200 OK - - (empty) - - - - - - FC6fny4bS2LdWArKCd - text/html
1320279577.706646 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/apple_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5316 200 OK - - (empty) - - - - - - FrzGSm1jOZoVQ2Hx9k - image/png
1320279577.746860 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/news_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4791 200 OK - - (empty) - - - - - - FFzyL22N09AR4kpGqj - image/png
1320279577.744727 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/windows_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6070 200 OK - - (empty) - - - - - - FSY7De4YLIkMbdkgub - image/png
1320279577.792926 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/microsoft_64100.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4684 200 OK - - (empty) - - - - - - F1ZWL920coZQCa5hB6 - image/png
1320279577.786697 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/bug_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 7200 200 OK - - (empty) - - - - - - FkTxkx1LuAiF22kjQ5 - image/png
1320279577.706695 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/science_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6820 200 OK - - (empty) - - - - - - FqSWHi2S4omFxuoqE8 - image/png
1320279577.796082 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/privacy_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5372 200 OK - - (empty) - - - - - - FEDr4Q1KVBpZpYyCvf - image/png
1320279577.831213 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/games_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4858 200 OK - - (empty) - - - - - - Fsf46e3M0rnbBBosjb - image/png
1320279577.855921 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/java_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5985 200 OK - - (empty) - - - - - - FzE9vp3dywOexb5lOj - image/png
1320279577.706506 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 1 GET a.fsdn.com /sd/classic.css?release_20111101.01 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 102898 200 OK - - (empty) - - - - - - FeeI2T3XazYNxR2Aff - text/plain
1320279577.885356 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/facebook_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 935 200 OK - - (empty) - - - - - - F0pvzI2hxCu7CPDES4 - image/png
1320279577.874879 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/topickde.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3503 200 OK - - (empty) - - - - - - FaZ03A6N9Jr41XtA9 - image/gif
1320279577.898479 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/technology_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 7000 200 OK - - (empty) - - - - - - Ft1wSRxSA94TeB9vk - image/png
1320279577.706532 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 1 GET a.fsdn.com /sd/all-minified.js?release_20111101.01 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 265231 200 OK - - (empty) - - - - - - FV4WlAnhOGEzG8yNf - text/plain
1320279578.786070 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 4 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=1576123726&utmhn=slashdot.org&utme=8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qRCg~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FPFdR81eU5ibximh1c - image/gif
1320279578.786348 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 2 GET slashdot.org /favicon.ico - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 318 200 OK - - (empty) - - - - - - FNUo213hZ5nZPeveCg - image/x-icon
1320279578.786168 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 2 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p1_leader;pg=index2;logged_in=0;tile=1;sz=728x90;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1102 200 OK - - (empty) - - - - - - FX5LMT3stFxRIOJTy6 - application/javascript
1320279578.927905 CIJIDL1ULo4HpT24Gl 192.168.2.76 52052 63.241.108.124 80 1 GET bs.serving-sys.com /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=3258172&PluID=0&w=728&h=90&ord=5919911&ucm=true&ncu=$$http://ad.doubleclick.net/click;h=v8/3bb4/3/0/*/i;246771152;0-0;0;47077322;3454-728/90;44177745/44195532/1;u=;~okv=;pg=index2;logged_in=0;tile=1;sz=728x90;u=;bsg=100834;bsg=100849;bsg=100972;bsg=100974;bsg=109739;~sscs=?$$ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2445 200 OK - - (empty) - - - - - - F1gfQ01LTJYKrGF5f6 - text/plain
1320279579.395786 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 1 GET ds.serving-sys.com /BurstingCachedScripts//SBTemplates_2_4_11/StdBanner.js?ai=6818549 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 25789 200 OK - - (empty) - - - - - - FsP7B41SP02n8qy4Q4 - text/plain
1320279579.411954 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 2 GET ds.serving-sys.com /BurstingRes///Site-16990/Type-0/0c04460f-7d5c-47c7-bb52-d55a6cb9dfcc.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 13402 200 OK - - (empty) - - - - - - Fwc35U3WIVMb3eEMih - image/gif
1320279579.414248 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 3 GET ad.doubleclick.net /adj/ostg.slashdot/mainpage_p33_powerswitch;pg=index2;logged_in=0;tile=2;sz=980x66;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 350 200 OK - - (empty) - - - - - - FHYUQHQwRCXF6z6m1 - application/javascript
1320279579.446304 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 2 GET a.fsdn.com /sd/logo_w_l.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 916 200 OK - - (empty) - - - - - - Fq8jKs4ZEeQ86XLwHb - image/png
1320279579.446541 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 2 GET a.fsdn.com /sd/classic/img/glyphish-icons-16.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 34897 200 OK - - (empty) - - - - - - Fp4mTFtTxLfj1aZ0k - image/png
1320279579.494380 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 1 GET data.cmcore.com /imp?tid=17&ci=90378805&vn1=4.1.1&vn2=imp&ec=UTF-8&cm_mmc=CL11Display-_-Geeknet-_-728x90-_-SimpleQ4 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 302 Found - - (empty) - - - - - - - - -
1320279579.635947 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 3 GET a.fsdn.com /sd/classic/img/facebook_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1145 200 OK - - (empty) - - - - - - FrO4DB3JrPQuySFXqb - image/png
1320279579.635700 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 3 GET a.fsdn.com /sd/classic/img/twitter_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1131 200 OK - - (empty) - - - - - - FwOft14FasgQFevesf - image/png
1320279579.636241 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 4 GET a.fsdn.com /sd/classic/img/rss_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1394 200 OK - - (empty) - - - - - - Fg51Vl4RyzuxqyZong - image/png
1320279579.660927 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 2 GET data.cmcore.com /imp?tid=17&ci=90378805&vn1=4.1.1&vn2=imp&ec=UTF-8&cm_mmc=CL11Display-_-Geeknet-_-728x90-_-SimpleQ4&cvdone=s http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FsfXhn4B6h8Cjd8sS8 - image/gif
1320279579.605985 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 4 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p83_medrec;pg=index2;logged_in=0;tile=3;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 37631 200 OK - - (empty) - - - - - - FKjsb32g87yJd7WC59 - application/javascript
1320279579.754251 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 1 GET s0.2mdn.net /1251057/plcr_44606913_1318531591501.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 16859 200 OK - - (empty) - - - - - - F8zvi64uyBZnSFW7X9 - text/plain
1320279579.731050 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 5 GET ad.doubleclick.net /ad/N815.slashdot/B5855285.36;sz=1x1 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 302 Moved Temporarily - - (empty) - - - - - - - - -
1320279579.788781 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 2 GET s0.2mdn.net /879366/inpageGlobalTemplate_v2_62_06.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47618 200 OK - - (empty) - - - - - - F1x0AK2HfI8zKiGCpc - text/plain
1320279579.826149 CaP2LpLGvsmX7yJO 192.168.2.76 52056 74.125.225.91 80 1 GET s0.2mdn.net /viewad/3000209/14-1x1.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FwHSAt162BDr8cAtJc - image/gif
1320279580.110519 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 3 GET s0.2mdn.net /1251057/PID_1778428_MABQrgjDNeiVz7Kj.swf http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 30158 200 OK - - (empty) - - - - - - FiWyYW1UE23Xn9Du4c - application/x-shockwave-flash
1320279580.134281 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 6 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p31_lower_poll_spons;pg=index;logged_in=0;tile=4;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 481 200 OK - - (empty) - - - - - - FHGSmj2OR6IRPOR1Rg - application/javascript
1320279580.212196 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 4 GET s0.2mdn.net /viewad/1251080/peelUp2.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 9700 200 OK - - (empty) - - - - - - FDXrgk2emoeMrxUO52 - image/png
1320279580.212311 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 7 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_CPL_medrec;pg=index;logged_in=0;tile=5;sz=300x250;ord=6795061899455057;? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 346 200 OK - - (empty) - - - - - - FcCddr4x0GnKCSZ8q1 - application/javascript
1320279580.339065 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 1 GET d1clfvuu2240eh.cloudfront.net /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 76 200 OK - - (empty) - - - - - - FkbZHZVBBE3Z1ZgDh - text/x-cross-domain-policy
1320279580.382077 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 2 GET d1clfvuu2240eh.cloudfront.net /t.gif?m=a:W5Tk9EhlHtS1pyYL+RycSdDuNycgbdBawaGo+otmkKetUyhIY6Wu7kA=&m=b:JnQ9aW1wcmVzc2lvbiZyPTc2 - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FMHtHn3vMLs8pHW5O4 - image/gif
1320279580.341750 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 8 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p85_medrec;pg=index2;logged_in=0;tile=6;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 857 200 OK - - (empty) - - - - - - FcmK3c38gruwiDs6xe - application/javascript
1320279581.309602 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 1 GET pagead2.googlesyndication.com /pagead/show_ads.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279581.313348 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 1 GET farm.sproutbuilder.com /crossdomain.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FRmk7R24HzVNTD5jM5 - text/x-cross-domain-policy
1320279581.510471 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 5 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=2&utmn=949132929&utmhn=slashdot.org&utmt=event&utme=5(Firehose*FirehoseMore*10)8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=6RCgAAAAAAAAAAAAQ~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FFCJkh2igAZa2JEKsg - image/gif
1320279581.442967 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 2 GET farm.sproutbuilder.com /runtime.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 853 200 OK - - (empty) - - - - - - FM2Cma4R3x8nKUayJ1 - application/xml
1320279581.425927 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 9 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_google_medrec;pg=index2;logged_in=0;tile=7;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 862 200 OK - - (empty) - - - - - - FVjOxU23aI5BNmJX2h - application/javascript
1320279581.494295 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 1 GET googleads.g.doubleclick.net /pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=books_sd_pages&region=default&ad_type=text,image,flash,html&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http://slashdot.org/&adsafe=high&dt=1320279581339&bpp=3&shv=r20111026&jsv=r20110914&correlator=1320279581423&frm=4&adk=3033987521&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&ga_wpids=UA-32013-5&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=1333&biw=1265&bih=617&fu=0&ifi=1&dtd=128&xpc=ZMG9awPxwx&p=http://slashdot.org http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4365 200 OK - - (empty) - - - - - - F3NRgf4pxU4hVreqGi - text/html
1320279581.820179 CGv2Tp4Ngt8MmKmVRd 192.168.2.76 52062 132.235.215.119 80 1 GET b.scorecardresearch.com /b?c1=2&c2=6035546&rn=0.8987666179077362&c7=http://slashdot.org/&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=Slashdot: News for nerds, stuff that matters&c9=&cv=1.7 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 204 No Content - - (empty) - - - - - - - - -
1320279581.866795 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 2 GET pagead2.googlesyndication.com /pagead/imgad?id=CICAgMDOnZWCUxCsAhj6ATIICPPzdVZiN_g http://googleads.g.doubleclick.net/pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=books_sd_pages&region=default&ad_type=text%2Cimage%2Cflash%2Chtml&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http%3A%2F%2Fslashdot.org%2F&adsafe=high&dt=1320279581339&bpp=3&shv=r20111026&jsv=r20110914&correlator=1320279581423&frm=4&adk=3033987521&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&ga_wpids=UA-32013-5&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=1333&biw=1265&bih=617&fu=0&ifi=1&dtd=128&xpc=ZMG9awPxwx&p=http%3A//slashdot.org 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 40252 200 OK - - (empty) - - - - - - FpH8io1fXFSErb0719 - application/x-shockwave-flash
1320279581.833299 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 2 GET googleads.g.doubleclick.net /pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=slashdot_imu_geo_us&region=default&ad_type=text,image,flash,html&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http://slashdot.org/&adsafe=high&dt=1320279581648&bpp=3&shv=r20111026&jsv=r20110914&prev_fmts=300x250_pas_abgnc&correlator=1320279581423&frm=4&adk=2897144109&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=3468&biw=1265&bih=617&fu=0&ifi=2&dtd=172&xpc=8j2egD1P4r&p=http://slashdot.org http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2878 200 OK - - (empty) - - - - - - FNIXjx45CYFKs7kZF5 - text/html
1320279582.056477 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 3 GET googleads.g.doubleclick.net /pagead/imgad?id=CLK48PnasdKuNxCsAhj6ATII1hcxUl9z8x8 http://googleads.g.doubleclick.net/pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=slashdot_imu_geo_us&region=default&ad_type=text%2Cimage%2Cflash%2Chtml&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http%3A%2F%2Fslashdot.org%2F&adsafe=high&dt=1320279581648&bpp=3&shv=r20111026&jsv=r20110914&prev_fmts=300x250_pas_abgnc&correlator=1320279581423&frm=4&adk=2897144109&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=3468&biw=1265&bih=617&fu=0&ifi=2&dtd=172&xpc=8j2egD1P4r&p=http%3A//slashdot.org 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47034 200 OK - - (empty) - - - - - - FsE8Xf1Is5TGXnetD5 - image/gif
1320279582.246333 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 1 GET edge.sproutbuilder.com /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FVXCaI2T2NHgtAv0tb - text/x-cross-domain-policy
1320279582.411626 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 4 GET a.fsdn.com /sd/spinner_ffffff_on_004242.gif http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1849 200 OK - - (empty) - - - - - - FlloV02bcrqQfmom13 - image/gif
1320279582.409055 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 6 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=3&utmn=246596971&utmhn=slashdot.org&utmt=event&utme=5(Firehose*FirehoseMore*20)8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=6RCgAAAAAAAAAAAAQ~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - F0yeUn1hZB9Y7yejMj - image/gif
1320279582.288447 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 2 GET edge.sproutbuilder.com /code/1319516275/player.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 291690 200 OK - - (empty) - - - - - - FA1xCj2DTlHjcsG0H7 - application/x-shockwave-flash
1320279582.366695 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 3 POST slashdot.org /ajax.pl http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 584 88073 200 OK - - (empty) - - - FCo92D1aKZZwcho8T3 - text/plain FzIP4GoO5f5PVho8l - text/json
1320279584.545928 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/medicine_64.png?refresh=now http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2377 200 OK - - (empty) - - - - - - F8qktS1RoJMLjjMYX - image/png
1320279584.546009 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/government_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4069 200 OK - - (empty) - - - - - - FTA0804fE7gZIXNT9b - image/png
1320279584.546848 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/censorship_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4975 200 OK - - (empty) - - - - - - FbZkOe38GSLykHirIa - image/png
1320279584.544804 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/business_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6221 200 OK - - (empty) - - - - - - FboOO11NKqIFhA2jAi - image/png
1320279584.546073 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/power_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4293 200 OK - - (empty) - - - - - - FnNo9O1IVWySYiWof3 - image/png
1320279584.582221 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/hp_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6772 200 OK - - (empty) - - - - - - F52lFL2Slu0Yj1b9h3 - image/png
1320279584.591410 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 7 GET a.fsdn.com /sd/topics/security_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4562 200 OK - - (empty) - - - - - - FiL1v32LLpGAfCoxGj - image/png
1320279584.595893 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/court_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5591 200 OK - - (empty) - - - - - - FvuG3B1pRIwIYLWXb8 - image/png
1320279584.544227 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/china_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10079 200 OK - - (empty) - - - - - - FEjKFT1N7SHLlgUDie - image/png
1320279584.602215 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/money_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5459 200 OK - - (empty) - - - - - - FwxTAhFrD0SefH1Sj - image/png
1320279584.624590 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/idle_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6556 200 OK - - (empty) - - - - - - Fs2vnI3rv9Lzrna8m - image/png
1320279584.594900 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 3 GET edge.sproutbuilder.com /font/Tahoma.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 60686 200 OK - - (empty) - - - - - - FM0cqy3Sr1FMqQu4R4 - application/x-shockwave-flash
1320279584.635813 Cs5yEZ3ELZTeuTOsP4 192.168.2.76 52064 204.246.169.252 80 1 GET edge.sproutbuilder.com /font/Futura.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 63675 200 OK - - (empty) - - - - - - FgA7fUcDv9ymIxGik - application/x-shockwave-flash
1320279584.651727 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 1 GET edge.sproutbuilder.com /font/Archer.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 77236 200 OK - - (empty) - - - - - - FraIcD2n6aVym9cqsc - application/x-shockwave-flash
1320279585.764353 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 1 GET edgy.sproutbuilder.com /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FZiisa2oO1yLpfxavf - text/x-cross-domain-policy
1320279585.653934 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 4 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.components.video.VideoComponent.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 100368 200 OK - - (empty) - - - - - - FzRX504YyLGx2Mqk8b - application/x-shockwave-flash
1320279585.839709 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 2 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.components.button.ButtonComponent.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 27471 200 OK - - (empty) - - - - - - FZR5pf1Sn9SSiYJF37 - application/x-shockwave-flash
1320279586.039240 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/aADeSoj6NM7TVgD-.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1170 200 OK - - (empty) - - - - - - F0NexnjX9pfFNWVmk - image/png
1320279586.039757 C2KnU34GcVV6amo8va 192.168.2.76 52069 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/wwCdFIihNP2BVYdd.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1248 200 OK - - (empty) - - - - - - Fmjv7q4q8sYJInU3C - image/png
1320279586.041164 C5vx4911iSMAJuShFd 192.168.2.76 52070 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/3ADTPIg3NBsgWP5u.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1838 200 OK - - (empty) - - - - - - FtXp4r2NHB0rsNJVZ9 - image/png
1320279586.052831 CbUCgw1DrIGcXzONB7 192.168.2.76 52071 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/qABVt4hSNIK2WmTu.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 668 200 OK - - (empty) - - - - - - FuM3Px3V9iLL9UWuR6 - image/png
1320279586.081611 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 2 GET edgy.sproutbuilder.com /asset/UgDmFIiWNOMoVJD_.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1031 200 OK - - (empty) - - - - - - FzSLhC1MkvDzSRPqMh - image/png
1320279586.037832 CWJhMU2cTLEnseTmCb 192.168.2.76 52067 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/dQA7E4gKNDB1UJoP.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4570 200 OK - - (empty) - - - - - - FZL5uJ1ZdfYUKShkVb - image/png
1320279586.000195 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 2 GET edgy.sproutbuilder.com /asset/vgBY54hjNDESTf27.jpg - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6921 200 OK - - (empty) - - - - - - FGB1Ugi2qN3KCeA3j - image/jpeg
1320279587.052749 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 3 GET edgy.sproutbuilder.com /asset/qABVt4hSNIK2WmTu.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279587.124669 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 1 GET www.youtube.com /crossdomain.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 306 200 OK - - (empty) - - - - - - FAyeVc3FzNroUbHvdi - text/x-cross-domain-policy
1320279587.627640 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 2 GET www.youtube.com /apiplayer?version=3 - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2177 200 OK - - (empty) - - - - - - FvuQ063vjYp4OXZCkj - application/x-shockwave-flash
1320279588.180462 CYYyja3FFNEnftw3K6 192.168.2.76 52073 74.125.225.72 80 1 GET s.ytimg.com /yt/swfbin/apiplayer3-vflmM-6Dr.swf - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 174499 200 OK - - (empty) - - - - - - FSARBI7PBlWKampzk - application/x-shockwave-flash
1320279589.337053 CBHHuR1xFnm5C5CQBc 192.168.2.76 52074 74.125.225.76 80 1 GET i4.ytimg.com /vi/gDbg_GeuiSY/hqdefault.jpg - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 893 404 Not Found - - (empty) - - - - - - F2GiAw3j1m22R2yIg2 - image/jpeg
1320279589.319143 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 3 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.platforms.DoubleClickPlatform.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 24725 200 OK - - (empty) - - - - - - FkCpou1t1Vt0YinJq6 - application/x-shockwave-flash
1320279589.317863 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 5 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.platforms.GoogleAnalyticsPlatform.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 51897 200 OK - - (empty) - - - - - - FiBTwJ2zXXVZZ3aI0d - application/x-shockwave-flash
1320279590.080406 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 10 GET ad.doubleclick.net /activity;src=1251057;met=1;v=1;pid=47077323;aid=247206211;ko=11;cid=44589125;rid=44606913;rv=1;&timestamp=1320279590078;eid1=2;ecn1=1;etm1=8; http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42 200 OK - - (empty) - - - - - - Fa4s1w3OIKrgQOmn1c - image/gif
1320279590.554429 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 7 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=1977361745&utmhn=s0.2mdn.net&utmt=event&utme=5(cachedCodeMiss*MABQrgjDNeiVz7Kj* )(0)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-5905822-1&utmcc=__utma=83256788.1532070249585310700.1304822985.1320193646.1320279590.297; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FoZQYe34dgjuHgb1Sd - image/gif
1320279590.579330 CD1jfU3p9abEm77mzf 192.168.2.76 52075 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=754945709&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/sprout/MABQrgjDNeiVz7Kj/view&utmac=UA-5905822-1&utmcc=__utma=83256788.1532070249585310700.1304822985.1320193646.1320279590.297; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - Fyq8F21bTZJAyHUxIb - image/gif
1320279590.581157 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 8 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=1428329940&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/MABQrgjDNeiVz7Kj&utmac=UA-32013-47&utmcc=__utma=83256788.1532070249585310700.1304822985.1320279590.1320279590.298; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FHnvsV2OYtFTWZGPM9 - image/gif
1320279590.581430 C0K9DaoPFkfnzwlZa 192.168.2.76 52076 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=223025521&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/MABQrgjDNeiVz7Kj/Untitled Page&utmac=UA-32013-47&utmcc=__utma=83256788.1532070249585310700.1304822985.1320279590.1320279590.298; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - Feqm4J3iuQBtNnTEre - image/gif
1320279600.078941 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 11 GET ad.doubleclick.net /activity;src=1251057;met=1;v=1;pid=47077323;aid=247206211;ko=11;cid=44589125;rid=44606913;rv=1;&timestamp=1320279600077;eid1=2;ecn1=0;etm1=10; http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42 200 OK - - (empty) - - - - - - FC2TUu4ohZGmou4as - image/gif
1320279600.921844 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 1 GET www.google.com /jsapi http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 23184 200 OK - - (empty) - - - - - - Fhm2NC27oehfBrVKsd - text/plain
1320279600.688672 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 1 GET www.bro-ids.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14258 200 OK - - (empty) - - - - - - FY05u72qZWO5o7Z2a - text/html
1320279600.921091 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 1 GET www.bro-ids.org /css/pygments.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2957 200 OK - - (empty) - - - - - - FR5Qvt1sx1p8pzmdtj - text/plain
1320279600.924479 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 1 GET www.bro-ids.org /css/print.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 334 200 OK - - (empty) - - - - - - FgV8RW27C5HTHOolrk - text/plain
1320279600.921641 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 1 GET www.bro-ids.org /css/960.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5600 200 OK - - (empty) - - - - - - FcT6ak3zlX7zUFMefh - text/plain
1320279601.025685 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.zrssfeed.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3324 200 OK - - (empty) - - - - - - FhKTDH1mwUptcDlgU9 - text/plain
1320279600.995522 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.fancybox-1.3.4.pack.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 15669 200 OK - - (empty) - - - - - - FqFURH1MR5BhnnvfZh - text/plain
1320279601.021907 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.tweet.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 8894 200 OK - - (empty) - - - - - - FeFVLI3Awcp2Tgpdxj - text/plain
1320279601.130463 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 3 GET www.bro-ids.org /js/superfish.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3833 200 OK - - (empty) - - - - - - FoAMYj4is1GDyS2dZi - text/plain
1320279601.201354 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 3 GET www.bro-ids.org /js/hoverIntent.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3257 200 OK - - (empty) - - - - - - FO8dv4OWQKKWRq0M7 - text/plain
1320279601.219818 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 3 GET www.bro-ids.org /js/general.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5108 200 OK - - (empty) - - - - - - FJQxkp6TVhaNdhg6f - text/plain
1320279601.127352 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.tableofcontents.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10384 200 OK - - (empty) - - - - - - FYKJ0y2gwKzVqIPOu5 - text/plain
1320279600.921817 CmWpSw3VtjiAceBCwf 192.168.2.76 52081 192.150.187.43 80 1 GET www.bro-ids.org /css/bro-ids.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 23964 200 OK - - (empty) - - - - - - FtYub54s8HXI8r2JT1 - text/plain
1320279601.239924 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 4 GET www.bro-ids.org /js/jquery.collapse.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5735 200 OK - - (empty) - - - - - - F0xM1j3wDeCr0UqNS1 - text/plain
1320279600.925084 CaPClb1Bf0RrRGtyWi 192.168.2.76 52083 192.150.187.43 80 1 GET www.bro-ids.org /js/jquery.cycle.all.min.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 31052 200 OK - - (empty) - - - - - - FSQQ8nplvGBhBLgz8 - text/plain
1320279601.385890 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 2 GET www.google.com /uds/?file=search&v=1&hl=en http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 615 200 OK - - (empty) - - - - - - FDwylw2NdwC19wGS77 - text/plain
1320279601.554052 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 3 GET www.google.com /uds/?file=ads&v=3&packages=search&async=2 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 441 200 OK - - (empty) - - - - - - FietVd1NOjUCHJiqpa - text/plain
1320279601.305092 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 4 GET www.bro-ids.org /images/bro-eyes.png http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 46415 200 OK - - (empty) - - - - - - FxO0Mzcsll6F6W5If - image/png
1320279601.576535 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 1 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279601.576629 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 1 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279601.585473 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 1 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279601362&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - F1zJJe3NVHAaTYoSB2 - text/plain
1320279601.636171 CK957ERTz8lBycly4 192.168.2.76 52085 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279601360 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fu8xI43gbfnTmSOEh - text/plain
1320279601.631059 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279601361 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - F6HZ0A3TyUou56RR2i - text/plain
1320279610.842497 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 1 GET www.bro-ids.org /download/index.html http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 18981 200 OK - - (empty) - - - - - - FQ5FRM2xyT1BwXV8d2 - text/html
1320279611.147279 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 2 GET www.bro-ids.org /js/breadcrumbs.js http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2021 200 OK - - (empty) - - - - - - FatmzL3v37tIyHwqBd - text/plain
1320279611.248377 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 3 GET www.bro-ids.org /images/icons/download.png http://www.bro-ids.org/css/bro-ids.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 716 200 OK - - (empty) - - - - - - FdcBQFJQuOKnBUiN7 - image/png
1320279611.530084 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 4 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279611.530359 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 2 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279611.527729 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 2 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279611010&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FJ1t1Z2EpTTMw2Rrdk - text/plain
1320279611.527499 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 2 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279611009 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FWPC0B25vmDQsn5Uid - text/plain
1320279611.615559 CurHpb1TGZOktTRNP1 192.168.2.76 52092 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279611008 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F1zPyq3ZCdx2Przg4d - text/plain
1320279612.151517 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 4 GET www.bro-ids.org /documentation/index.html http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14762 200 OK - - (empty) - - - - - - FAhpvZ1Au5PG4I7Aah - text/html
1320279612.497234 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 5 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279612.497348 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 2 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279612.495602 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 3 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279612311&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FUcAdl1oIIu09uHxQh - text/plain
1320279612.495458 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 3 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279612310 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - Fk2gkj3kfAL1hYWbG5 - text/plain
1320279612.574308 CuUKOQ1R3CqKBgeTdf 192.168.2.76 52093 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279612309 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - FpSSeZ2ZRioppjrZji - text/plain
1320279613.969241 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 6 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279613.970081 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 3 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279613.968918 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 4 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279613813&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FraFOz3DFPTGZNaJC6 - text/plain
1320279613.968841 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 4 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279613812 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FmB8iY3WlgS5hBY7Wf - text/plain
1320279614.052578 C3xkHgJnzZszVSTpi 192.168.2.76 52094 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279613811 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F762sm4bW4MkAIJJGe - text/plain
1320279616.824058 CMrjgF2XLmRh9C9TR4 192.168.2.76 52095 208.85.41.42 80 1 GET cont-sjl-1.pandora.com /images/public/amz/0/9/0/0/842694020090_500W_433H.jpg app:/desktop.swf 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/531.9 (KHTML, like Gecko) AdobeAIR/2.6 0 59209 200 OK - - (empty) - - - - - - FipMsu3eD5AnIRq2N - image/jpeg
1320279630.119515 C2vQ8sVgyADHjtEda 192.168.2.76 52096 192.150.187.43 80 1 GET www.bro-ids.org /community/index.html http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 15087 200 OK - - (empty) - - - - - - FeyKb7qKmO9eR5OKi - text/html
1320279630.488327 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 7 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279630.488443 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 3 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279630.486761 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 5 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279630306&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - F9xd37OdlAikt5No5 - text/plain
1320279630.565603 CD69521bDXIAb4IkW 192.168.2.76 52097 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279630304 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - FQPsz94ybCmQu6Xiq4 - text/plain
1320279630.566430 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279630305 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FgGEuUcNVvhufCFR3 - text/plain
1320279636.797267 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 1 GET www.bro-ids.org /development/index.html http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 18428 200 OK - - (empty) - - - - - - FNbqYH3mmO41rlz20h - text/html
1320279637.219103 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 8 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279637.219249 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279637.215608 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 6 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279636956&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FAnyyncILgPoNLSa - text/plain
1320279637.303129 CmxyBl2c8XAMTuHEk4 192.168.2.76 52100 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279636954 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F7JE7E2W4ihR5mCZhe - text/plain
1320279637.215272 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 2 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279636955 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - F3SK3Te5UYn22w7ji - text/plain
1320279638.548436 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 1 GET git.bro-ids.org / http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10073 200 OK - - (empty) - - - - - - F4qJsD4pKcjLtpeXEa - text/html
1320279639.050631 C4pHul1H3OeWYz7o7i 192.168.2.76 52102 192.150.187.43 80 1 GET git.bro-ids.org /static/git-logo.png http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 207 200 OK - - (empty) - - - - - - F5il8p3yYIq690qvNc - image/png
1320279639.053683 C7Lcvr4vsTf6eYpBva 192.168.2.76 52104 192.150.187.43 80 1 GET git.bro-ids.org /static/git-favicon.png - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1150 200 OK - - (empty) - - - - - - FBCz8D1BQ3SiYOv7m9 - image/x-icon
1320279639.047586 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 2 GET git.bro-ids.org /static/gitweb.css http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 9186 200 OK - - (empty) - - - - - - FyTRixVp6ulaxUUq2 - text/plain
1320279639.244415 CxyAKs10ppnHFP6O8i 192.168.2.76 52106 192.150.187.43 80 1 GET www-new.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 225 302 Found - - (empty) - - - - - - FrucKB2amhlamv0ivb - text/html
1320279639.244463 C6MrHk2C7rLuJqhjsg 192.168.2.76 52107 192.150.187.43 80 1 GET www-new.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 225 302 Found - - (empty) - - - - - - FpddCQ3BDmmGcuG9C3 - text/html
1320279639.348046 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html
1320279639.053730 CV8faD4L1sLL5kDwN9 192.168.2.76 52103 192.150.187.43 80 1 GET git.bro-ids.org /static/gitweb.js http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 24528 200 OK - - (empty) - - - - - - F983UxQF0o4kjJjuf - text/plain
1320279639.463465 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png
1320279639.448670 CvfUrT2DgYXXoZw9Ah 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html
1320279639.786857 CBX0254QJoklXNbvv2 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain
1320279672.372857 C6Ym6jvMgikT0xTTc 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html
1320279673.123842 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279673.123121 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - -
1320279673.121725 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain
1320279673.204466 CJLgi92kpp2gLgGTE5 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain
1320279673.198815 CRNn9f1zKNlzHSM5pa 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain
#close 2017-04-16-21-36-10

102
test/test_chunky_index.cc
Unescape Escape View File

@ -1,102 +0,0 @@
#include "config.h"
#include <stdlib.h>
#include <assert.h>
#include "chunky_index.hh"
#include "../src/chunky_index.hh"
int main(int argc, char *argv[])
{
int retval = EXIT_SUCCESS;
{
chunky_index<int> ci;
ci.reset();
ci.finish();
assert(ci.chunk_count() == 0);
}
{
chunky_index<int> ci;
off_t off;
ci.reset();
off = ci.merge_value(1);
assert(off == 0);
ci.finish();
ci.reset();
off = ci.merge_value(2);
assert(off == 1);
ci.finish();
assert(ci.size() == 2);
assert(ci[0] == 1);
assert(ci[1] == 2);
assert(ci.chunk_count() == 1);
ci.clear();
assert(ci.size() == 0);
assert(ci.chunk_count() == 0);
}
{
int expected[] = {0, 10, 11, 20, 30, 40, 50, 60, 70, 80, 90, 100};
chunky_index<int, 4> ci;
off_t off;
ci.reset();
for (int lpc = 0; lpc < 11; lpc++) {
ci.merge_value(lpc * 10);
}
ci.finish();
ci.reset();
off = ci.merge_value(11);
assert(off == 2);
ci.finish();
for (int lpc = 0; lpc < 12; lpc++) {
assert(expected[lpc] == ci[lpc]);
}
assert(ci.chunk_count() == 3);
}
{
int expected[] = {0, 10, 20, 30, 40, 50, 51, 60, 70, 80, 90, 100};
chunky_index<int, 4> ci;
ci.reset();
for (int lpc = 0; lpc < 11; lpc++) {
ci.merge_value(lpc * 10);
}
ci.finish();
ci.reset();
ci.merge_value(51);
ci.finish();
for (int lpc = 0; lpc < 12; lpc++) {
assert(expected[lpc] == ci[lpc]);
}
assert(ci.chunk_count() == 3);
}
{
int expected[] = {0, 10, 20, 30, 40, 50, 60, 70, 80, 90, 100, 110};
chunky_index<int, 4> ci;
ci.reset();
for (int lpc = 0; lpc < 11; lpc++) {
ci.merge_value(lpc * 10);
}
ci.finish();
ci.reset();
ci.merge_value(110);
ci.finish();
for (int lpc = 0; lpc < 12; lpc++) {
assert(expected[lpc] == ci[lpc]);
}
assert(ci.chunk_count() == 3);
}
return retval;
}

8
test/test_logfile.sh
Unescape Escape View File

@ -36,6 +36,14 @@ run_test ./drive_logfile -f zblued_log ${srcdir}/logfile_blued.0
on_error_fail_with "Didn't infer blued_log that collides with syslog?"
run_test ./drive_logfile -f bro_http_log ${srcdir}/logfile_bro_http.log.0
on_error_fail_with "Didn't infer bro_http_log log format?"
run_test ./drive_logfile -f bro_conn_log ${srcdir}/logfile_bro_conn.log.0
on_error_fail_with "Didn't infer bro_conn_log log format?"
run_test ./drive_logfile ${srcdir}/logfile_empty.0

4
test/test_reltime.cc
Unescape Escape View File

@ -31,8 +31,12 @@
#include <assert.h>
#include <intern_string.hh>
#include "relative_time.hh"
using namespace std;
static struct {
const char *reltime;
const char *expected;

43
test/test_sql.sh
Unescape Escape View File

@ -2,6 +2,49 @@
lnav_test="${top_builddir}/src/lnav-test"
run_test ${lnav_test} -n \
-c ";SELECT bro_conn_log.bro_duration as duration, bro_conn_log.bro_uid, group_concat( distinct (bro_method || ' ' || bro_host)) as req from bro_http_log, bro_conn_log where bro_http_log.bro_uid = bro_conn_log.bro_uid group by bro_http_log.bro_uid order by duration desc limit 10" \
-c ":write-csv-to -" \
${test_dir}/logfile_bro_http.log.0 ${test_dir}/logfile_bro_conn.log.0
check_output "bro logs are not recognized?" <<EOF
duration,bro_uid,req
116.438679,CwFs1P2UcUdlSxD2La,GET www.reddit.com
115.202498,CdZUPH2DKOE7zzCLE3,GET feeds.bbci.co.uk
115.121914,CdrfXZ1NOFPEawF218,GET c.thumbs.redditmedia.com
115.121837,CoX7zA3OJKGUOSCBY2,GET e.thumbs.redditmedia.com
115.12181,CJxSUgkInyKSHiju1,GET e.thumbs.redditmedia.com
115.121506,CT0JIh479jXIGt0Po1,GET f.thumbs.redditmedia.com
115.121339,CJwUi9bdB9c1lLW44,GET f.thumbs.redditmedia.com
115.119217,C6Q4Vm14ZJIlZhsXqk,GET a.thumbs.redditmedia.com
72.274459,CbNCgO1MzloHRNeY4f,GET www.google.com
71.658218,CnGze54kQWWpKqrrZ4,GET ajax.googleapis.com
EOF
run_test ${lnav_test} -n \
-c ";SELECT * FROM bro_http_log LIMIT 5" \
-c ":write-csv-to -" \
${test_dir}/logfile_bro_http.log.0
check_output "bro logs are not recognized?" <<EOF
log_line,log_part,log_time,log_idle_msecs,log_level,log_mark,bro_ts,bro_uid,bro_id_orig_h,bro_id_orig_p,bro_id_resp_h,bro_id_resp_p,bro_trans_depth,bro_method,bro_host,bro_uri,bro_referrer,bro_version,bro_user_agent,bro_request_body_len,bro_response_body_len,bro_status_code,bro_status_msg,bro_info_code,bro_info_msg,bro_tags,bro_username,bro_password,bro_proxied,bro_orig_fuids,bro_orig_filenames,bro_orig_mime_types,bro_resp_fuids,bro_resp_filenames,bro_resp_mime_types
0,<NULL>,2011-11-02 17:19:26.452,0,info,0,1320279566.452687,CwFs1P2UcUdlSxD2La,192.168.2.76,52026,132.235.215.119,80,1,GET,www.reddit.com,/,<NULL>,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,109978,200,OK,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,Ftw3fJ2JJF3ntMTL2,<NULL>,text/html
1,<NULL>,2011-11-02 17:19:26.831,379,info,0,1320279566.831619,CJxSUgkInyKSHiju1,192.168.2.76,52030,72.21.211.173,80,1,GET,e.thumbs.redditmedia.com,/E-pbDbmiBclPkDaX.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2300,200,OK,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,FFTf9Zdgk3YkfCKo3,<NULL>,image/jpeg
2,<NULL>,2011-11-02 17:19:26.831,0,info,0,1320279566.831563,CJwUi9bdB9c1lLW44,192.168.2.76,52029,72.21.211.173,80,1,GET,f.thumbs.redditmedia.com,/BP5bQfy4o-C7cF6A.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2272,200,OK,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,FfXtOj3o7aub4vbs2j,<NULL>,image/jpeg
3,<NULL>,2011-11-02 17:19:26.831,0,info,0,1320279566.831473,CoX7zA3OJKGUOSCBY2,192.168.2.76,52027,72.21.211.173,80,1,GET,e.thumbs.redditmedia.com,/SVUtep3Rhg5FTRn4.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2562,200,OK,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,F21Ybs3PTqS6O4Q2Zh,<NULL>,image/jpeg
4,<NULL>,2011-11-02 17:19:26.831,0,info,0,1320279566.831643,CT0JIh479jXIGt0Po1,192.168.2.76,52031,72.21.211.173,80,1,GET,f.thumbs.redditmedia.com,/uuy31444rLSyKdHS.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,1595,200,OK,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,Fdk0MZ1wQmKWAJ4WH4,<NULL>,image/jpeg
EOF
run_test ${lnav_test} -n \
-c ";SELECT * FROM bro_http_log WHERE log_level = 'error'" \
-c ":write-csv-to -" \
${test_dir}/logfile_bro_http.log.0
check_output "bro logs are not recognized?" <<EOF
log_line,log_part,log_time,log_idle_msecs,log_level,log_mark,bro_ts,bro_uid,bro_id_orig_h,bro_id_orig_p,bro_id_resp_h,bro_id_resp_p,bro_trans_depth,bro_method,bro_host,bro_uri,bro_referrer,bro_version,bro_user_agent,bro_request_body_len,bro_response_body_len,bro_status_code,bro_status_msg,bro_info_code,bro_info_msg,bro_tags,bro_username,bro_password,bro_proxied,bro_orig_fuids,bro_orig_filenames,bro_orig_mime_types,bro_resp_fuids,bro_resp_filenames,bro_resp_mime_types
118,<NULL>,2011-11-02 17:19:49.337,18,error,0,1320279589.337053,CBHHuR1xFnm5C5CQBc,192.168.2.76,52074,74.125.225.76,80,1,GET,i4.ytimg.com,/vi/gDbg_GeuiSY/hqdefault.jpg,<NULL>,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,893,404,Not Found,<NULL>,<NULL>,,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,<NULL>,F2GiAw3j1m22R2yIg2,<NULL>,image/jpeg
EOF
run_test ${lnav_test} -n \
-c ';select log_time from access_log where log_line > 100000' \
-c ':switch-to-view db' \

Write Preview
Loading…
Cancel
Save