Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- so16@so16:~$ cat conn.log | sed 's:id\.orig_p:id_orig_p:g' | sed 's:id\.resp_h:id_resp_h:g'| sed 's:id\.resp_p:id_resp_p:g' | sed 's:id\.orig_h:id_orig_h:g' | sed 's/\(:[0-9][0-9]\)\.[0-9]\{6\}/\1/g' | eql query "any where id_orig_h == '192.168.4.57'"
- {"conn_state": "SHR", "duration": 0.000368, "history": "^d", "id_orig_h": "192.168.4.57", "id_orig_p": 42051, "id_resp_h": "192.168.4.1", "id_resp_p": 53, "local_orig": true, "local_resp": true, "missed_bytes": 0, "orig_bytes": 0, "orig_ip_bytes": 0, "orig_pkts": 0, "proto": "udp", "resp_bytes": 234, "resp_ip_bytes": 290, "resp_pkts": 2, "sensorname": "so16-enp0s8", "service": "dns", "ts": "2019-03-14T23:59:49Z", "uid": "CPQ9vC2my8sIGasb3a"}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
