diff --git a/NEWS b/NEWS index 5abe6882..b41ab08f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ lnav v0.8.3: Features: + * Support for the Bro Network Security Monitor (https://www.bro.org) log + file format. * Added an fstat() table-valued function for querying the local filesystem. * Added readlink() and realpath() SQL functions. diff --git a/docs/source/formats.rst b/docs/source/formats.rst index b6639ffc..8fc40d5c 100644 --- a/docs/source/formats.rst +++ b/docs/source/formats.rst @@ -20,6 +20,13 @@ The following log formats are built into **lnav**: :widths: 8 5 20 :file: format-table.csv +The +`Bro Network Security Monitor `_ +TSV log format is also supported in versions +v0.8.3+. The Bro log format is self-describing, so **lnav** will read the +header to determine the shape of the file. + + Defining a New Format --------------------- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 75f27cbc..c9717359 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -91,9 +91,9 @@ set(diag_STAT_SRCS auto_fd.hh auto_mem.hh auto_pid.hh + big_array.hh bottom_status_source.hh byte_array.hh - chunky_index.hh command_executor.hh concise_index.hh column_namer.hh diff --git a/src/Makefile.am b/src/Makefile.am index c897ab60..ed1deec2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -76,6 +76,7 @@ TIME_FORMATS = \ "%Y-%m" \ "%Y/%m/%d" \ "%Y/%m" \ + "%s.%f" \ $() time_fmts.cc: ptimec @@ -127,10 +128,10 @@ noinst_HEADERS = \ auto_fd.hh \ auto_mem.hh \ auto_pid.hh \ + big_array.hh \ bookmarks.hh \ bottom_status_source.hh \ byte_array.hh \ - chunky_index.hh \ column_namer.hh \ command_executor.hh \ concise_index.hh \ diff --git a/src/big_array.hh b/src/big_array.hh new file mode 100644 index 00000000..60e51e3f --- /dev/null +++ b/src/big_array.hh @@ -0,0 +1,105 @@ +/** + * Copyright (c) 2017, Timothy Stack + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of Timothy Stack nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * @file big_array.hh + */ + +#ifndef _big_array_hh +#define _big_array_hh + +#include + +#include "lnav_util.hh" + +template +struct big_array { + static const size_t DEFAULT_INCREMENT = 100 * 1000; + + big_array() : ba_ptr(nullptr), ba_size(0), ba_capacity(0) { + + }; + + bool reserve(size_t size) { + if (size < this->ba_capacity) { + return false; + } + + if (this->ba_ptr) { + munmap(this->ba_ptr, + roundup_size(this->ba_capacity * sizeof(T), getpagesize())); + } + + this->ba_capacity = size + DEFAULT_INCREMENT; + void *result = mmap(nullptr, + roundup_size(this->ba_capacity * sizeof(T), + getpagesize()), + PROT_READ|PROT_WRITE, + MAP_ANONYMOUS|MAP_PRIVATE, + -1, + 0); + + ensure(result != MAP_FAILED); + + this->ba_ptr = (T *) result; + + return true; + }; + + void clear() { + this->ba_size = 0; + }; + + size_t size() const { + return this->ba_size; + }; + + void push_back(const T &val) { + this->ba_ptr[this->ba_size] = val; + this->ba_size += 1; + }; + + T &operator[](size_t index) { + return this->ba_ptr[index]; + }; + + typedef T *iterator; + + iterator begin() { + return this->ba_ptr; + }; + + iterator end() { + return this->ba_ptr + this->ba_size; + }; + + T *ba_ptr; + size_t ba_size; + size_t ba_capacity; +}; + +#endif diff --git a/src/chunky_index.hh b/src/chunky_index.hh deleted file mode 100644 index 43eaeb92..00000000 --- a/src/chunky_index.hh +++ /dev/null @@ -1,290 +0,0 @@ -/** -* Copyright (c) 2014, Timothy Stack -* -* All rights reserved. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions are met: -* -* * Redistributions of source code must retain the above copyright notice, this -* list of conditions and the following disclaimer. -* * Redistributions in binary form must reproduce the above copyright notice, -* this list of conditions and the following disclaimer in the documentation -* and/or other materials provided with the distribution. -* * Neither the name of Timothy Stack nor the names of its contributors -* may be used to endorse or promote products derived from this software -* without specific prior written permission. -* -* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ''AS IS'' AND ANY -* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY -* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -* -* @file chunky_index.hh -*/ - -#ifndef __chunky_index_hh -#define __chunky_index_hh - -#include - -#include -#include - -#include "lnav_log.hh" - -template -class chunky_index { - -public: - - class iterator { - public: - typedef std::random_access_iterator_tag iterator_category; - typedef T value_type; - typedef T *pointer; - typedef T &reference; - typedef std::ptrdiff_t difference_type; - - iterator(chunky_index *ci = NULL, off_t offset = 0) : i_chunky(ci), i_offset(offset) { - }; - - iterator &operator++() { - this->i_offset += 1; - return *this; - }; - - T &operator*() { - return (*this->i_chunky)[this->i_offset]; - }; - - bool operator!=(const iterator &other) const { - return (this->i_chunky != other.i_chunky) || (this->i_offset != other.i_offset); - }; - - bool operator==(const iterator &other) const { - return (this->i_chunky == other.i_chunky) && (this->i_offset == other.i_offset); - }; - - difference_type operator-(const iterator &other) const { - return this->i_offset - other.i_offset; - }; - - void operator+=(difference_type n) { - this->i_offset += n; - }; - - private: - chunky_index *i_chunky; - off_t i_offset; - }; - - chunky_index() : ci_generation(0), ci_merge_chunk(NULL), ci_size(0) { - }; - - ~chunky_index() { - this->clear(); - }; - - iterator begin() { - return iterator(this); - }; - - iterator end() { - return iterator(this, this->ci_size); - }; - - size_t size() const { - return this->ci_size; - }; - - bool empty() const { - return this->ci_size == 0; - }; - - size_t chunk_count() const { - return this->ci_completed_chunks.size(); - }; - - T& operator[](size_t index) { - size_t chunk_index = index / CHUNK_SIZE; - - require(chunk_index < this->chunk_count()); - - struct chunk *target_chunk = this->ci_completed_chunks[chunk_index]; - return target_chunk->c_body[index % CHUNK_SIZE]; - }; - - void clear() { - while (!this->ci_completed_chunks.empty()) { - delete this->ci_completed_chunks.back(); - this->ci_completed_chunks.pop_back(); - } - while (!this->ci_pending_chunks.empty()) { - delete this->ci_pending_chunks.front(); - this->ci_pending_chunks.pop_front(); - } - if (this->ci_merge_chunk != NULL) { - delete this->ci_merge_chunk; - this->ci_merge_chunk = NULL; - } - this->ci_size = 0; - }; - - void reset() { - for (size_t lpc = 0; lpc < this->ci_completed_chunks.size(); lpc++) { - this->ci_pending_chunks.push_back(this->ci_completed_chunks[lpc]); - } - this->ci_completed_chunks.clear(); - this->ci_generation += 1; - }; - - template - off_t merge_value(const T &val, Comparator comparator) { - off_t retval; - - this->merge_up_to(&val, comparator); - retval = (this->ci_completed_chunks.size() * CHUNK_SIZE); - retval += this->ci_merge_chunk->c_used; - this->ci_merge_chunk->push_back(val); - - this->ci_size += 1; - - return retval; - }; - - off_t merge_value(const T &val) { - return this->merge_value(val, less_comparator()); - }; - - void finish() { - this->merge_up_to(NULL, null_comparator()); - if (this->ci_merge_chunk != NULL) { - if (this->ci_merge_chunk->empty()) { - delete this->ci_merge_chunk; - this->ci_merge_chunk = NULL; - } - else { - this->ci_completed_chunks.push_back(this->ci_merge_chunk); - this->ci_merge_chunk = NULL; - } - } - }; - -private: - template - void skip_chunks(const T *val, Comparator comparator) { - while (!this->ci_pending_chunks.empty() && - this->ci_pending_chunks.front()->skippable(val, comparator)) { - struct chunk *skipped_chunk = this->ci_pending_chunks.front(); - this->ci_pending_chunks.pop_front(); - skipped_chunk->c_consumed = 0; - skipped_chunk->c_generation = this->ci_generation; - this->ci_completed_chunks.push_back(skipped_chunk); - } - }; - - struct null_comparator { - int operator()(const T &val, const T &other) const { - return 0; - }; - }; - - struct less_comparator { - bool operator()(const T &val, const T &other) const { - return (val < other); - }; - }; - - template - void merge_up_to(const T *val, Comparator comparator) { - this->skip_chunks(val, comparator); - - do { - if (this->ci_merge_chunk != NULL && this->ci_merge_chunk->full()) { - this->ci_completed_chunks.push_back(this->ci_merge_chunk); - this->ci_merge_chunk = NULL; - } - if (this->ci_merge_chunk == NULL) { - this->ci_merge_chunk = new chunk(this->ci_generation); - } - - if (!this->ci_pending_chunks.empty()) { - struct chunk *next_chunk = this->ci_pending_chunks.front(); - while (((val == NULL) || - comparator(next_chunk->front(), *val) || - !comparator(*val, next_chunk->front())) && - !this->ci_merge_chunk->full()) { - this->ci_merge_chunk->push_back(next_chunk->consume()); - if (next_chunk->empty()) { - this->ci_pending_chunks.pop_front(); - delete next_chunk; - if (!this->ci_pending_chunks.empty()) { - next_chunk = this->ci_pending_chunks.front(); - } else { - break; - } - } - } - } - } while (this->ci_merge_chunk->full()); - }; - - struct chunk { - chunk(unsigned long gen) : c_generation(gen), c_consumed(0), c_used(0) { }; - - bool empty() const { - return this->c_consumed == this->c_used; - }; - - bool full() const { - return this->c_used == CHUNK_SIZE; - }; - - template - bool skippable(const T *val, Comparator comparator) const { - return this->c_consumed == 0 && this->full() && - (val == NULL || - comparator(this->back(), *val) || - !comparator(*val, this->back())); - }; - - const T &front() const { - return this->c_body[this->c_consumed]; - }; - - const T &consume() { - this->c_consumed += 1; - return this->c_body[this->c_consumed - 1]; - }; - - const T &back() const { - return this->c_body[this->c_used - 1]; - }; - - void push_back(const T &val) { - this->c_body[this->c_used] = val; - this->c_used += 1; - }; - - unsigned long c_generation; - T c_body[CHUNK_SIZE]; - size_t c_consumed; - size_t c_used; - }; - - unsigned long ci_generation; - std::vector ci_completed_chunks; - struct chunk *ci_merge_chunk; - std::list ci_pending_chunks; - - size_t ci_size; -}; - -#endif diff --git a/src/intern_string.cc b/src/intern_string.cc index ac266fd0..892a0fc7 100644 --- a/src/intern_string.cc +++ b/src/intern_string.cc @@ -79,6 +79,11 @@ const intern_string *intern_string::lookup(const char *str, ssize_t len) return curr; } +const intern_string *intern_string::lookup(const string_fragment &sf) +{ + return lookup(sf.data(), sf.length()); +} + const intern_string *intern_string::lookup(const std::string &str) { return lookup(str.c_str(), str.size()); diff --git a/src/intern_string.hh b/src/intern_string.hh index 8231ae1e..efa379d8 100644 --- a/src/intern_string.hh +++ b/src/intern_string.hh @@ -37,11 +37,97 @@ #include +struct string_fragment { + explicit string_fragment(const char *str, int begin = 0, int end = -1) + : sf_string(str), sf_begin(begin), sf_end(end == -1 ? strlen(str) : end) { + }; + + bool is_valid() const { + return this->sf_begin != -1; + }; + + int length() const { + return this->sf_end - this->sf_begin; + }; + + const char *data() const { + return &this->sf_string[this->sf_begin]; + } + + bool empty() const { + return length() == 0; + }; + + char operator[](int index) const { + return this->sf_string[sf_begin + index]; + }; + + bool operator==(const std::string &str) const { + if (this->length() != str.length()) { + return false; + } + + return memcmp(&this->sf_string[this->sf_begin], + str.c_str(), + str.length()) == 0; + }; + + bool operator==(const string_fragment &sf) const { + if (this->length() != sf.length()) { + return false; + } + + return memcmp(this->data(), sf.data(), sf.length()) == 0; + }; + + bool operator==(const char *str) const { + return strncmp(this->data(), str, this->length()) == 0; + }; + + const char *to_string(char *buf) { + memcpy(buf, this->data(), this->length()); + buf[this->length()] = '\0'; + + return buf; + }; + + void clear() { + this->sf_begin = 0; + this->sf_end = 0; + }; + + void invalidate() { + this->sf_begin = -1; + this->sf_end = -1; + }; + + const char *sf_string; + int sf_begin; + int sf_end; +}; + +inline bool operator<(const char *left, const string_fragment &right) { + int rc = strncmp(left, right.data(), right.length()); + return rc < 0; +} + +inline bool operator<(const string_fragment &left, const char *right) { + return strncmp(left.data(), right, left.length()) < 0; +} + +namespace std { + inline string to_string(const string_fragment &s) { + return string(s.data(), s.length()); + } +} + class intern_string { public: static const intern_string *lookup(const char *str, ssize_t len); + static const intern_string *lookup(const string_fragment &sf); + static const intern_string *lookup(const std::string &str); const char *get(void) const { @@ -88,6 +174,10 @@ public: return this->ist_interned_string; } + void clear(void) { + this->ist_interned_string = nullptr; + }; + bool empty(void) const { return this->ist_interned_string == NULL; } @@ -139,4 +229,23 @@ private: unsigned long hash_str(const char *str, size_t len); +inline bool operator<(const char *left, const intern_string_t &right) { + int rc = strncmp(left, right.get(), right.size()); + return rc < 0; +} + +inline bool operator<(const intern_string_t &left, const char *right) { + return strncmp(left.get(), right, left.size()) < 0; +} + +inline bool operator==(const intern_string_t &left, const string_fragment &sf) { + return (left.size() == sf.length()) && + (memcmp(left.get(), sf.data(), left.size())); +} + +inline bool operator==(const string_fragment &left, const intern_string_t &right) { + return (left.length() == right.size()) && + (memcmp(left.data(), right.get(), left.length()) == 0); +} + #endif diff --git a/src/lnav.cc b/src/lnav.cc index 55a3c6d3..63bed9ad 100644 --- a/src/lnav.cc +++ b/src/lnav.cc @@ -500,6 +500,15 @@ public: void promote_file(logfile *lf) { if (lnav_data.ld_log_source.insert_file(lf)) { force = true; + + log_format *format = lf->get_format(); + if (format->lf_is_self_describing) { + log_vtab_impl *vt = format->get_vtab_impl(); + + if (vt) { + lnav_data.ld_vtab_manager->register_vtab(vt); + } + } } else { this->closed_file(lf); diff --git a/src/lnav_util.cc b/src/lnav_util.cc index 05069ca0..e636d664 100644 --- a/src/lnav_util.cc +++ b/src/lnav_util.cc @@ -172,9 +172,13 @@ std::string time_ago(time_t last_time, bool convert_local) fmt = "%d days ago"; amount = delta / (24 * 60 * 60); } - else { + else if (delta < (2 * 365 * 24 * 60 * 60)) { return "over a year ago"; } + else { + fmt = "over %d years ago"; + amount = delta / (365 * 24 * 60 * 60); + } snprintf(buffer, sizeof(buffer), fmt, amount); diff --git a/src/lnav_util.hh b/src/lnav_util.hh index fbdb0faa..6d37e22c 100644 --- a/src/lnav_util.hh +++ b/src/lnav_util.hh @@ -99,9 +99,9 @@ inline int rounddown_offset(size_t size, int step, int offset) return size - ((size - offset) % step); } -inline int roundup_size(size_t size, int step) +inline size_t roundup_size(size_t size, int step) { - int retval = size + step; + size_t retval = size + step; retval -= (retval % step); @@ -164,24 +164,6 @@ std::string hash_string(const std::string &str); std::string hash_bytes(const char *str1, size_t s1len, ...); -struct string_fragment { - string_fragment(const char *str, int begin, int end) - : sf_string(str), sf_begin(begin), sf_end(end) { - }; - - bool is_valid() const { - return this->sf_begin != -1; - }; - - int length() const { - return this->sf_end - this->sf_begin; - }; - - const char *sf_string; - int sf_begin; - int sf_end; -}; - template struct object_field_t { object_field_t(UnaryFunction &func, Member &mem) diff --git a/src/log_format.cc b/src/log_format.cc index f2952010..dd1f6a22 100644 --- a/src/log_format.cc +++ b/src/log_format.cc @@ -569,7 +569,7 @@ static struct json_path_handler json_log_rewrite_handlers[] = { bool external_log_format::scan_for_partial(shared_buffer_ref &sbr, size_t &len_out) { - if (this->jlf_json) { + if (this->elf_type != ELF_TYPE_TEXT) { return false; } @@ -590,11 +590,12 @@ bool external_log_format::scan_for_partial(shared_buffer_ref &sbr, size_t &len_o return len_out > pat->p_timestamp_end; } -log_format::scan_result_t external_log_format::scan(std::vector &dst, +log_format::scan_result_t external_log_format::scan(nonstd::optional lf, + std::vector &dst, off_t offset, shared_buffer_ref &sbr) { - if (this->jlf_json) { + if (this->elf_type == ELF_TYPE_JSON) { yajlpp_parse_context &ypc = *(this->jlf_parse_context); logline ll(offset, 0, 0, logline::LEVEL_INFO); yajl_handle handle = this->jlf_yajl_handle.in(); @@ -743,7 +744,7 @@ log_format::scan_result_t external_log_format::scan(std::vector &dst, } } - dst.push_back(logline(offset, log_tv, level, mod_index, opid)); + dst.emplace_back(offset, log_tv, level, mod_index, opid); this->lf_fmt_lock = curr_fmt; return log_format::SCAN_MATCH; @@ -809,7 +810,7 @@ void external_log_format::annotate(shared_buffer_ref &line, struct line_range lr; pcre_context::capture_t *cap, *body_cap, *module_cap = NULL; - if (this->jlf_json) { + if (this->elf_type != ELF_TYPE_TEXT) { values = this->jlf_line_values; sa = this->jlf_line_attrs; return; @@ -1056,7 +1057,7 @@ static int rewrite_json_field(yajlpp_parse_context *ypc, const unsigned char *st void external_log_format::get_subline(const logline &ll, shared_buffer_ref &sbr, bool full_message) { - if (!this->jlf_json) { + if (this->elf_type == ELF_TYPE_TEXT) { return; } @@ -1452,13 +1453,13 @@ void external_log_format::build(std::vector &errors) { this->elf_pattern_order.push_back(iter->second); } - if (this->jlf_json) { + if (this->elf_type != ELF_TYPE_TEXT) { if (!this->elf_patterns.empty()) { errors.push_back("error:" + this->elf_name.to_string() + - ": JSON logs cannot have regexes"); + ": structured logs cannot have regexes"); } - if (this->jlf_json) { + if (this->elf_type == ELF_TYPE_JSON) { this->jlf_parse_context.reset( new yajlpp_parse_context(this->elf_name.to_string())); this->jlf_yajl_handle.reset(yajl_alloc( @@ -1518,7 +1519,7 @@ void external_log_format::build(std::vector &errors) { } } - if (!this->jlf_json && this->elf_samples.empty()) { + if (this->elf_type == ELF_TYPE_TEXT && this->elf_samples.empty()) { errors.push_back("error:" + this->elf_name.to_string() + ":no sample logs provided, all formats must have samples"); @@ -1831,31 +1832,12 @@ public: iter != elf.elf_value_defs.end(); ++iter) { const auto &vd = *iter->second; - int type = 0; + int type = log_vtab_impl::logline_value_to_sqlite_type(vd.vd_kind); if (vd.vd_column == -1) { continue; } - switch (vd.vd_kind) { - case logline_value::VALUE_NULL: - case logline_value::VALUE_TEXT: - case logline_value::VALUE_JSON: - case logline_value::VALUE_QUOTED: - type = SQLITE3_TEXT; - break; - case logline_value::VALUE_FLOAT: - type = SQLITE_FLOAT; - break; - case logline_value::VALUE_BOOLEAN: - case logline_value::VALUE_INTEGER: - type = SQLITE_INTEGER; - break; - case logline_value::VALUE_UNKNOWN: - case logline_value::VALUE__MAX: - ensure(0); - break; - } cols[vd.vd_column].vc_name = vd.vd_name.get(); cols[vd.vd_column].vc_type = type; cols[vd.vd_column].vc_collator = vd.vd_collate.c_str(); diff --git a/src/log_format.hh b/src/log_format.hh index 0ffdf0ed..3690f9c3 100644 --- a/src/log_format.hh +++ b/src/log_format.hh @@ -47,6 +47,7 @@ #include #include +#include "optional.hpp" #include "pcrepp.hh" #include "yajlpp.hh" #include "lnav_log.hh" @@ -58,6 +59,7 @@ #include "highlighter.hh" struct sqlite3; +class logfile; class log_format; class log_vtab_manager; struct exec_context; @@ -293,9 +295,12 @@ public: */ bool operator<(const logline &rhs) const { - return this->ll_time < rhs.ll_time || + return (this->ll_time < rhs.ll_time) || (this->ll_time == rhs.ll_time && - this->ll_millis < rhs.ll_millis); + this->ll_millis < rhs.ll_millis) || + (this->ll_time == rhs.ll_time && + this->ll_millis == rhs.ll_millis && + this->ll_offset < rhs.ll_offset); }; bool operator<(const time_t &rhs) const { return this->ll_time < rhs; }; @@ -360,6 +365,7 @@ public: VALUE_BOOLEAN, VALUE_JSON, VALUE_QUOTED, + VALUE_TIMESTAMP, VALUE__MAX }; @@ -412,6 +418,7 @@ public: case VALUE_JSON: case VALUE_TEXT: case VALUE_QUOTED: + case VALUE_TIMESTAMP: this->lv_sbr = sbr; break; @@ -464,6 +471,7 @@ public: case VALUE_JSON: case VALUE_TEXT: + case VALUE_TIMESTAMP: if (this->lv_sbr.empty()) { return this->lv_intern_string.to_string(); } @@ -713,7 +721,9 @@ public: log_format() : lf_mod_index(0), lf_fmt_lock(-1), lf_timestamp_field(intern_string::lookup("timestamp", -1)), - lf_timestamp_flags(0) { + lf_timestamp_flags(0), + lf_is_self_describing(false), + lf_time_ordered(true) { }; virtual ~log_format() { }; @@ -748,7 +758,8 @@ public: * @param prefix The contents of the line. * @param len The length of the prefix string. */ - virtual scan_result_t scan(std::vector &dst, + virtual scan_result_t scan(nonstd::optional lf, + std::vector &dst, off_t offset, shared_buffer_ref &sbr) = 0; @@ -838,6 +849,8 @@ public: std::map lf_action_defs; std::vector lf_value_stats; std::vector lf_highlighters; + bool lf_is_self_describing; + bool lf_time_ordered; protected: static std::vector lf_root_formats; @@ -965,7 +978,7 @@ public: elf_container(false), elf_has_module_format(false), elf_builtin_format(false), - jlf_json(false), + elf_type(ELF_TYPE_TEXT), jlf_hide_extra(false), jlf_cached_offset(-1), jlf_yajl_handle(yajl_free), @@ -984,7 +997,8 @@ public: return this->elf_filename_pcre->match(pc, pi); }; - scan_result_t scan(std::vector &dst, + scan_result_t scan(nonstd::optional lf, + std::vector &dst, off_t offset, shared_buffer_ref &sbr); @@ -1026,7 +1040,7 @@ public: elf->lf_fmt_lock = fmt_lock; } - if (this->jlf_json) { + if (this->elf_type == ELF_TYPE_JSON) { this->jlf_parse_context.reset(new yajlpp_parse_context(this->elf_name.to_string())); this->jlf_yajl_handle.reset(yajl_alloc( &this->jlf_parse_context->ypc_callbacks, @@ -1156,14 +1170,14 @@ public: }; std::string get_pattern_name() const { - if (this->jlf_json) { - return "json"; + if (this->elf_type != ELF_TYPE_TEXT) { + return "structured"; } return this->elf_pattern_order[this->lf_fmt_lock]->p_config_path; } std::string get_pattern_regex() const { - if (this->jlf_json) { + if (this->elf_type != ELF_TYPE_TEXT) { return ""; } return this->elf_pattern_order[this->lf_fmt_lock]->p_string; @@ -1223,6 +1237,14 @@ public: std::vector > elf_search_tables; std::vector elf_highlighter_patterns; + enum elf_type_t { + ELF_TYPE_TEXT, + ELF_TYPE_JSON, + ELF_TYPE_CSV, + }; + + elf_type_t elf_type; + void json_append_to_cache(const char *value, ssize_t len) { size_t old_size = this->jlf_cached_line.size(); this->jlf_cached_line.resize(old_size + len); @@ -1249,7 +1271,6 @@ public: } }; - bool jlf_json; bool jlf_hide_extra; std::vector jlf_line_format; std::vector jlf_line_values; diff --git a/src/log_format_impls.cc b/src/log_format_impls.cc index 7be7b7a8..9548e8d2 100644 --- a/src/log_format_impls.cc +++ b/src/log_format_impls.cc @@ -1,5 +1,5 @@ /** - * Copyright (c) 2007-2012, Timothy Stack + * Copyright (c) 2007-2017, Timothy Stack * * All rights reserved. * @@ -34,6 +34,7 @@ #include #include "pcrepp.hh" +#include "sql_util.hh" #include "log_format.hh" #include "log_vtab_impl.hh" @@ -133,7 +134,8 @@ class generic_log_format : public log_format { } }; - scan_result_t scan(vector &dst, + scan_result_t scan(nonstd::optional lf, + vector &dst, off_t offset, shared_buffer_ref &sbr) { @@ -212,4 +214,500 @@ class generic_log_format : public log_format { }; }; +string from_escaped_string(const char *str, size_t len) +{ + string retval; + + for (size_t lpc = 0; lpc < len; lpc++) { + switch (str[lpc]) { + case '\\': + if ((lpc + 3) < len && str[lpc + 1] == 'x') { + int ch; + + if (sscanf(&str[lpc + 2], "%2x", &ch) == 1) { + retval.append(1, (char) ch & 0xff); + lpc += 3; + } + } + break; + default: + retval.append(1, str[lpc]); + break; + } + } + + return retval; +} + +struct separated_string { + const char *ss_str; + size_t ss_len; + const char *ss_separator; + size_t ss_separator_len; + + separated_string(const char *str = nullptr, size_t len = -1) + : ss_str(str), ss_len(len), ss_separator(",") { + this->ss_separator_len = strlen(this->ss_separator); + }; + + separated_string &with_separator(const char *sep) { + this->ss_separator = sep; + this->ss_separator_len = strlen(sep); + return *this; + }; + + struct iterator { + const separated_string &i_parent; + const char *i_pos; + const char *i_next_pos; + size_t i_index; + + iterator(const separated_string &ss, const char *pos) + : i_parent(ss), i_pos(pos), i_index(0) { + this->update(); + }; + + void update() { + const separated_string &ss = this->i_parent; + const char *next_field; + + next_field = strnstr(this->i_pos, ss.ss_separator, + ss.ss_len - (this->i_pos - ss.ss_str)); + if (next_field == nullptr) { + this->i_next_pos = ss.ss_str + ss.ss_len; + } else { + this->i_next_pos = next_field + ss.ss_separator_len; + } + }; + + iterator &operator++() { + this->i_pos = this->i_next_pos; + this->update(); + this->i_index += 1; + + return *this; + }; + + string_fragment operator*() { + const separated_string &ss = this->i_parent; + int end; + + if (this->i_next_pos < (ss.ss_str + ss.ss_len)) { + end = this->i_next_pos - ss.ss_str - ss.ss_separator_len; + } else { + end = this->i_next_pos - ss.ss_str; + } + return string_fragment(ss.ss_str, this->i_pos - ss.ss_str, end); + }; + + bool operator==(const iterator &other) const { + return (&this->i_parent == &other.i_parent) && + (this->i_pos == other.i_pos); + }; + + bool operator!=(const iterator &other) const { + return !(*this == other); + }; + + size_t index() const { + return this->i_index; + }; + }; + + iterator begin() { + return iterator(*this, this->ss_str); + }; + + iterator end() { + return iterator(*this, this->ss_str + this->ss_len); + }; +}; + +class bro_log_format : public log_format { +public: + + struct field_def { + const intern_string_t fd_name; + logline_value::kind_t fd_kind; + bool fd_identifier; + const char *fd_collator; + int fd_numeric_index; + + field_def(const intern_string_t name) + : fd_name(name), + fd_kind(logline_value::VALUE_TEXT), + fd_identifier(false), + fd_collator(nullptr), + fd_numeric_index(-1) { + }; + + field_def &with_kind(logline_value::kind_t kind, + bool identifier = false, + const char *collator = nullptr) { + this->fd_kind = kind; + this->fd_identifier = identifier; + this->fd_collator = collator; + return *this; + }; + + field_def &with_numeric_index(int index) { + this->fd_numeric_index = index; + return *this; + } + }; + + bro_log_format() { + this->lf_is_self_describing = true; + this->lf_time_ordered = false; + }; + + intern_string_t get_name(void) const { + static intern_string_t name = intern_string::lookup("bro"); + + return this->blf_format_name.empty() ? name : this->blf_format_name; + }; + + virtual void clear(void) { + this->log_format::clear(); + this->blf_format_name.clear(); + this->blf_field_defs.clear(); + }; + + scan_result_t scan_int(std::vector &dst, + off_t offset, + shared_buffer_ref &sbr) { + static const intern_string_t STATUS_CODE = intern_string::lookup("bro_status_code"); + static const intern_string_t TS = intern_string::lookup("bro_ts"); + static const intern_string_t UID = intern_string::lookup("bro_uid"); + + separated_string ss(sbr.get_data(), sbr.length()); + struct timeval tv; + struct exttm tm; + bool found_ts = false; + logline::level_t level = logline::LEVEL_INFO; + uint8_t opid = 0; + + ss.with_separator(this->blf_separator.get()); + + for (auto iter = ss.begin(); iter != ss.end(); ++iter) { + if (iter.index() == 0 && *iter == "#close") { + return SCAN_MATCH; + } + + const field_def &fd = this->blf_field_defs[iter.index()]; + + if (TS == fd.fd_name) { + string_fragment sf = *iter; + + if (this->lf_date_time.scan(sf.data(), + sf.length(), + NULL, + &tm, + tv)) { + this->lf_timestamp_flags = tm.et_flags; + found_ts = true; + } + } else if (STATUS_CODE == fd.fd_name) { + string_fragment sf = *iter; + + if (!sf.empty() && sf[0] >= '4') { + level = logline::LEVEL_ERROR; + } + } else if (UID == fd.fd_name) { + string_fragment sf = *iter; + + opid = hash_str(sf.data(), sf.length()); + } + + if (fd.fd_numeric_index >= 0) { + switch (fd.fd_kind) { + case logline_value::VALUE_INTEGER: + case logline_value::VALUE_FLOAT: { + string_fragment sf = *iter; + char field_copy[sf.length() + 1]; + double val; + + if (sscanf(sf.to_string(field_copy), "%lf", &val) == 1) { + this->lf_value_stats[fd.fd_numeric_index].add_value(val); + } + break; + } + default: + break; + } + } + } + + if (found_ts) { + dst.emplace_back(offset, tv, level, 0, opid); + return SCAN_MATCH; + } else { + return SCAN_NO_MATCH; + } + } + + scan_result_t scan(nonstd::optional lf, + std::vector &dst, + off_t offset, + shared_buffer_ref &sbr) { + static pcrepp SEP_RE(R"(^#separator\s+(.+))"); + + if (!this->blf_format_name.empty()) { + return this->scan_int(dst, offset, sbr); + } + + if (dst.empty() || dst.size() > 20 || sbr.empty() || sbr.get_data()[0] == '#' || !lf) { + return SCAN_NO_MATCH; + } + + pcre_context_static<20> pc; + auto line_iter = dst.begin(); + string line = lf.value()->read_line(line_iter); + pcre_input pi(line); + + if (!SEP_RE.match(pc, pi)) { + return SCAN_NO_MATCH; + } + + this->clear(); + + string sep = from_escaped_string(pi.get_substr_start(pc[0]), pc[0]->length()); + this->blf_separator = intern_string::lookup(sep); + + for (++line_iter; line_iter != dst.end(); ++line_iter) { + string line = lf.value()->read_line(line_iter); + separated_string ss(line.c_str(), line.length()); + + ss.with_separator(this->blf_separator.get()); + auto iter = ss.begin(); + + string_fragment directive = *iter; + + if (directive.empty() || directive[0] != '#') { + continue; + } + + ++iter; + if (iter == ss.end()) { + continue; + } + + if (directive == "#set_separator") { + this->blf_set_separator = intern_string::lookup(*iter); + } else if (directive == "#empty_field") { + this->blf_empty_field = intern_string::lookup(*iter); + } else if (directive == "#unset_field") { + this->blf_unset_field = intern_string::lookup(*iter); + } else if (directive == "#path") { + string path = to_string(*iter); + char full_name[128]; + snprintf(full_name, sizeof(full_name), "bro_%s_log", path.c_str()); + this->blf_format_name = intern_string::lookup(full_name); + } else if (directive == "#fields") { + do { + this->blf_field_defs.emplace_back(intern_string::lookup("bro_" + sql_safe_ident(*iter))); + ++iter; + } while (iter != ss.end()); + } else if (directive == "#types") { + static const char *KNOWN_IDS[] = { + "bro_conn_uids", + "bro_fuid", + "bro_host", + "bro_info_code", + "bro_method", + "bro_mime_type", + "bro_orig_fuids", + "bro_parent_fuid", + "bro_proto", + "bro_referrer", + "bro_resp_fuids", + "bro_service", + "bro_status_code", + "bro_uid", + "bro_uri", + "bro_user_agent", + "bro_username", + }; + + int numeric_count = 0; + + do { + string_fragment field_type = *iter; + field_def &fd = this->blf_field_defs[iter.index() - 1]; + + if (field_type == "time") { + fd.with_kind(logline_value::VALUE_TIMESTAMP); + } else if (field_type == "string") { + bool ident = binary_search(begin(KNOWN_IDS), end(KNOWN_IDS), fd.fd_name); + fd.with_kind(logline_value::VALUE_TEXT, ident); + } else if (field_type == "count") { + bool ident = binary_search(begin(KNOWN_IDS), end(KNOWN_IDS), fd.fd_name); + fd.with_kind(logline_value::VALUE_INTEGER, ident) + .with_numeric_index(numeric_count); + numeric_count += 1; + } else if (field_type == "bool") { + fd.with_kind(logline_value::VALUE_BOOLEAN); + } else if (field_type == "addr") { + fd.with_kind(logline_value::VALUE_TEXT, true, "ipaddress"); + } else if (field_type == "port") { + fd.with_kind(logline_value::VALUE_INTEGER, true); + } else if (field_type == "interval") { + fd.with_kind(logline_value::VALUE_FLOAT) + .with_numeric_index(numeric_count); + numeric_count += 1; + } + + ++iter; + } while (iter != ss.end()); + + this->lf_value_stats.resize(numeric_count); + } + } + + if (!this->blf_format_name.empty() && + !this->blf_separator.empty() && + !this->blf_field_defs.empty()) { + this->blf_header_size = dst.size() - 1; + dst.clear(); + return this->scan_int(dst, offset, sbr); + } + + this->blf_format_name.clear(); + this->lf_value_stats.clear(); + + return SCAN_NO_MATCH; + }; + + void annotate(shared_buffer_ref &sbr, string_attrs_t &sa, + std::vector &values, + bool annotate_module) const { + static const intern_string_t TS = intern_string::lookup("bro_ts"); + static const intern_string_t UID = intern_string::lookup("bro_uid"); + + separated_string ss(sbr.get_data(), sbr.length()); + + ss.with_separator(this->blf_separator.get()); + + for (auto iter = ss.begin(); iter != ss.end(); ++iter) { + if (iter.index() >= this->blf_field_defs.size()) { + return; + } + + const field_def &fd = this->blf_field_defs[iter.index()]; + string_fragment sf = *iter; + logline_value::kind_t kind = fd.fd_kind; + + struct line_range lr(sf.sf_begin, sf.sf_end); + + if (sf == this->blf_empty_field) { + sf.clear(); + } else if (sf == this->blf_unset_field) { + sf.invalidate(); + kind = logline_value::VALUE_NULL; + } + + if (fd.fd_name == TS) { + sa.emplace_back(lr, &logline::L_TIMESTAMP); + } else if (fd.fd_name == UID) { + sa.emplace_back(lr, &logline::L_OPID); + } + + shared_buffer_ref value_ref; + value_ref.subset(sbr, sf.sf_begin, sf.length()); + values.emplace_back(fd.fd_name, kind, value_ref, + fd.fd_identifier, nullptr, iter.index(), + lr.lr_start, lr.lr_end, false, + this); + } + }; + + const logline_value_stats *stats_for_value(const intern_string_t &name) const { + const logline_value_stats *retval = nullptr; + + for (size_t lpc = 0; lpc < this->blf_field_defs.size(); lpc++) { + if (this->blf_field_defs[lpc].fd_name == name) { + if (this->blf_field_defs[lpc].fd_numeric_index < 0) { + break; + } + retval = &this->lf_value_stats[this->blf_field_defs[lpc].fd_numeric_index]; + break; + } + } + + return retval; + }; + + std::unique_ptr specialized(int fmt_lock = -1) { + std::unique_ptr retval = make_unique(*this); + + return unique_ptr(retval.release()); + }; + + class bro_log_table : public log_format_vtab_impl { + public: + bro_log_table(const bro_log_format &format) + : log_format_vtab_impl(format), blt_format(format) { + + } + + void get_columns(vector &cols) const { + for (const auto &fd : this->blt_format.blf_field_defs) { + int type = log_vtab_impl::logline_value_to_sqlite_type(fd.fd_kind); + + cols.emplace_back(fd.fd_name.to_string(), type, fd.fd_collator); + } + }; + + void get_foreign_keys(std::vector &keys_inout) const { + this->log_vtab_impl::get_foreign_keys(keys_inout); + + for (const auto &fd : this->blt_format.blf_field_defs) { + if (fd.fd_identifier) { + keys_inout.push_back(fd.fd_name.to_string()); + } + } + } + + const bro_log_format &blt_format; + }; + + static map &get_tables() { + static map retval; + + return retval; + }; + + log_vtab_impl *get_vtab_impl(void) const { + if (this->blf_format_name.empty()) { + return nullptr; + } + + bro_log_table *retval = nullptr; + + auto &tables = get_tables(); + auto iter = tables.find(this->blf_format_name); + if (iter == tables.end()) { + retval = new bro_log_table(*this); + tables[this->blf_format_name] = retval; + } + + return retval; + }; + + void get_subline(const logline &ll, + shared_buffer_ref &sbr, + bool full_message) { + } + + size_t blf_header_size; + intern_string_t blf_format_name; + intern_string_t blf_separator; + intern_string_t blf_set_separator; + intern_string_t blf_empty_field; + intern_string_t blf_unset_field; + vector blf_field_defs; + +}; + +log_format::register_root_format bro_log_instance; log_format::register_root_format generic_log_instance; diff --git a/src/log_format_loader.cc b/src/log_format_loader.cc index b662c8ab..e78a821c 100644 --- a/src/log_format_loader.cc +++ b/src/log_format_loader.cc @@ -167,8 +167,11 @@ static int read_format_bool(yajlpp_parse_context *ypc, int val) if (field_name == "convert-to-local-time") elf->lf_date_time.dts_local_time = val; - else if (field_name == "json") - elf->jlf_json = val; + else if (field_name == "json") { + if (val) { + elf->elf_type = external_log_format::ELF_TYPE_JSON; + } + } else if (field_name == "hide-extra") elf->jlf_hide_extra = val; else if (field_name == "multiline") @@ -524,6 +527,14 @@ struct json_path_handler sample_handlers[] = { json_path_handler() }; +static const json_path_handler_base::enum_value_t TYPE_ENUM[] = { + make_pair("text", external_log_format::elf_type_t::ELF_TYPE_TEXT), + make_pair("json", external_log_format::elf_type_t::ELF_TYPE_JSON), + make_pair("csv", external_log_format::elf_type_t::ELF_TYPE_CSV), + + json_path_handler_base::ENUM_TERMINATOR +}; + struct json_path_handler format_handlers[] = { json_path_handler("regex/(?[^/]+)/") .with_obj_provider(pattern_provider) @@ -573,6 +584,11 @@ struct json_path_handler format_handlers[] = { .with_description("A regular expression to highlight in logs of this format.") .for_field(&nullobj()->elf_highlighter_patterns), + json_path_handler("file-type") + .with_synopsis("The type of file that contains the log messages") + .with_enum_values(TYPE_ENUM) + .for_enum(&nullobj()->elf_type), + json_path_handler() }; diff --git a/src/log_vtab_impl.cc b/src/log_vtab_impl.cc index 2056ac87..aed19830 100644 --- a/src/log_vtab_impl.cc +++ b/src/log_vtab_impl.cc @@ -113,6 +113,33 @@ std::string log_vtab_impl::get_table_statement(void) return oss.str(); } +int log_vtab_impl::logline_value_to_sqlite_type(logline_value::kind_t kind) +{ + int type = 0; + + switch (kind) { + case logline_value::VALUE_NULL: + case logline_value::VALUE_TEXT: + case logline_value::VALUE_JSON: + case logline_value::VALUE_QUOTED: + case logline_value::VALUE_TIMESTAMP: + type = SQLITE3_TEXT; + break; + case logline_value::VALUE_FLOAT: + type = SQLITE_FLOAT; + break; + case logline_value::VALUE_BOOLEAN: + case logline_value::VALUE_INTEGER: + type = SQLITE_INTEGER; + break; + case logline_value::VALUE_UNKNOWN: + case logline_value::VALUE__MAX: + ensure(0); + break; + } + return type; +} + struct vtab { sqlite3_vtab base; sqlite3 * db; @@ -461,7 +488,8 @@ static int vt_column(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int col) sqlite3_result_null(ctx); break; case logline_value::VALUE_JSON: - case logline_value::VALUE_TEXT: { + case logline_value::VALUE_TEXT: + case logline_value::VALUE_TIMESTAMP: { sqlite3_result_text(ctx, lv_iter->text_value(), lv_iter->text_length(), diff --git a/src/log_vtab_impl.hh b/src/log_vtab_impl.hh index 82663faf..6c840abf 100644 --- a/src/log_vtab_impl.hh +++ b/src/log_vtab_impl.hh @@ -90,6 +90,8 @@ public: std::string vc_comment; }; + static int logline_value_to_sqlite_type(logline_value::kind_t kind); + log_vtab_impl(const intern_string_t name) : vi_supports_indexes(true), vi_name(name) { this->vi_attrs.resize(128); }; diff --git a/src/logfile.cc b/src/logfile.cc index 9d1c46de..e2b5ede6 100644 --- a/src/logfile.cc +++ b/src/logfile.cc @@ -145,14 +145,15 @@ void logfile::set_format_base_time(log_format *lf) lf->lf_date_time.set_base_time(file_time); } -void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) +bool logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) { log_format::scan_result_t found = log_format::SCAN_NO_MATCH; size_t prescan_size = this->lf_index.size(); + bool retval = false; if (this->lf_format.get() != NULL) { /* We've locked onto a format, just use that scanner. */ - found = this->lf_format->scan(this->lf_index, offset, sbr); + found = this->lf_format->scan(this, this->lf_index, offset, sbr); } else if (this->lf_options.loo_detect_format && this->lf_index.size() < MAX_UNRECOGNIZED_LINES) { @@ -173,7 +174,7 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) (*iter)->clear(); this->set_format_base_time(*iter); - found = (*iter)->scan(this->lf_index, offset, sbr); + found = (*iter)->scan(this, this->lf_index, offset, sbr); if (found == log_format::SCAN_MATCH) { #if 0 require(this->lf_index.size() == 1 || @@ -200,6 +201,7 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) this->lf_index[lpc].set_time(last_line.get_time()); this->lf_index[lpc].set_millis(last_line.get_millis()); } + break; } } } @@ -211,19 +213,26 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) logline &latest = this->lf_index[prescan_size]; if (latest < second_to_last) { - log_debug("%s:%d: out-of-time-order line detected %d.%03d < %d.%03d", - this->lf_filename.c_str(), - prescan_size, - latest.get_time(), - latest.get_millis(), - second_to_last.get_time(), - second_to_last.get_millis()); - for (size_t lpc = prescan_size; lpc < this->lf_index.size(); lpc++) { - logline &line_to_update = this->lf_index[lpc]; + if (this->lf_format->lf_time_ordered) { + log_debug( + "%s:%d: out-of-time-order line detected %d.%03d < %d.%03d", + this->lf_filename.c_str(), + prescan_size, + latest.get_time(), + latest.get_millis(), + second_to_last.get_time(), + second_to_last.get_millis()); + for (size_t lpc = prescan_size; + lpc < this->lf_index.size(); lpc++) { + logline &line_to_update = this->lf_index[lpc]; - line_to_update.set_time_skew(true); - line_to_update.set_time(second_to_last.get_time()); - line_to_update.set_millis(second_to_last.get_millis()); + line_to_update.set_time_skew(true); + line_to_update.set_time(second_to_last.get_time()); + line_to_update.set_millis( + second_to_last.get_millis()); + } + } else { + retval = true; } } } @@ -261,12 +270,14 @@ void logfile::process_prefix(off_t offset, shared_buffer_ref &sbr) case log_format::SCAN_INCOMPLETE: break; } + + return retval; } -bool logfile::rebuild_index() +logfile::rebuild_result_t logfile::rebuild_index() throw (line_buffer::error, logfile::error) { - bool retval = false; + rebuild_result_t retval = RR_NO_NEW_LINES; struct stat st; this->lf_activity.la_polls += 1; @@ -280,7 +291,7 @@ throw (line_buffer::error, logfile::error) log_info("truncated file detected, closing -- %s", this->lf_filename.c_str()); this->close(); - return false; + return RR_NO_NEW_LINES; } else if (this->lf_line_buffer.is_data_available(this->lf_index_size, st.st_size)) { this->lf_activity.la_reads += 1; @@ -320,7 +331,7 @@ throw (line_buffer::error, logfile::error) log_info("overwritten file detected, closing -- %s", this->lf_filename.c_str()); this->close(); - return false; + return RR_NO_NEW_LINES; } } } @@ -331,6 +342,9 @@ throw (line_buffer::error, logfile::error) if (this->lf_logline_observer != NULL) { this->lf_logline_observer->logline_restart(*this); } + + bool sort_needed = false; + while (this->lf_line_buffer.read_line(off, sbr, &lv)) { size_t old_size = this->lf_index.size(); @@ -344,9 +358,13 @@ throw (line_buffer::error, logfile::error) this->lf_longest_line = std::max(this->lf_longest_line, sbr.length()); this->lf_partial_line = lv.lv_partial; - this->process_prefix(last_off, sbr); + sort_needed = this->process_prefix(last_off, sbr) || sort_needed; last_off = off; + if (old_size > this->lf_index.size()) { + old_size = 0; + } + for (logfile::iterator iter = this->begin() + old_size; iter != this->end(); ++iter) { if (this->lf_logline_observer != NULL) { @@ -365,6 +383,7 @@ throw (line_buffer::error, logfile::error) break; } } + if (this->lf_logline_observer != NULL) { this->lf_logline_observer->logline_eof(*this); } @@ -389,7 +408,11 @@ throw (line_buffer::error, logfile::error) this->lf_index_size = off; this->lf_stat = st; - retval = true; + if (sort_needed) { + retval = RR_NEW_ORDER; + } else { + retval = RR_NEW_LINES; + } } this->lf_index_time = this->lf_line_buffer.get_file_time(); diff --git a/src/logfile.hh b/src/logfile.hh index 6f8c8ece..7df4b4c6 100644 --- a/src/logfile.hh +++ b/src/logfile.hh @@ -335,6 +335,12 @@ public: void read_full_message(iterator ll, shared_buffer_ref &msg_out, int max_lines=50); + enum rebuild_result_t { + RR_NO_NEW_LINES, + RR_NEW_LINES, + RR_NEW_ORDER, + }; + /** * Index any new data in the log file. * @@ -342,7 +348,7 @@ public: * indexing. * @return True if any new lines were indexed. */ - bool rebuild_index() + rebuild_result_t rebuild_index() throw (line_buffer::error, logfile::error); void reobserve_from(iterator iter); @@ -391,7 +397,7 @@ protected: * @param prefix The contents of the line. * @param len The length of the 'prefix' string. */ - void process_prefix(off_t offset, shared_buffer_ref &sbr); + bool process_prefix(off_t offset, shared_buffer_ref &sbr); void set_format_base_time(log_format *lf); diff --git a/src/logfile_sub_source.cc b/src/logfile_sub_source.cc index 200d9c79..a5208274 100644 --- a/src/logfile_sub_source.cc +++ b/src/logfile_sub_source.cc @@ -146,11 +146,10 @@ void logfile_sub_source::text_value_for_line(textview_curses &tc, if ((this->lss_token_file->is_time_adjusted() || format->lf_timestamp_flags & ETF_MACHINE_ORIENTED) && format->lf_date_time.dts_fmt_lock != -1) { - struct line_range time_range; - - time_range = find_string_attr_range( + auto time_attr = find_string_attr( this->lss_token_attrs, &logline::L_TIMESTAMP); - if (time_range.is_valid()) { + if (time_attr != this->lss_token_attrs.end()) { + const struct line_range time_range = time_attr->sa_range; struct timeval adjusted_time; struct exttm adjusted_tm; char buffer[128]; @@ -181,9 +180,6 @@ void logfile_sub_source::text_value_for_line(textview_curses &tc, value_out.insert(time_range.lr_start, padding, ' '); - shift_string_attrs(this->lss_token_attrs, - time_range.lr_start + 1, - padding); } value_out.replace(time_range.lr_start, len, @@ -426,7 +422,7 @@ bool logfile_sub_source::rebuild_index(bool force) { iterator iter; size_t total_lines = 0; - bool retval = force; + bool retval = force, full_sort = false; int file_count = 0; for (iter = this->lss_files.begin(); @@ -439,14 +435,26 @@ bool logfile_sub_source::rebuild_index(bool force) } } else { - if ((*iter)->get_file()->rebuild_index()) { - retval = true; + switch ((*iter)->get_file()->rebuild_index()) { + case logfile::RR_NEW_LINES: + retval = true; + break; + case logfile::RR_NEW_ORDER: + retval = true; + force = true; + break; } file_count += 1; total_lines += (*iter)->get_file()->size(); } } + + if (this->lss_index.reserve(total_lines)) { + force = true; + } + if (force) { + full_sort = true; for (iter = this->lss_files.begin(); iter != this->lss_files.end(); iter++) { @@ -460,50 +468,73 @@ bool logfile_sub_source::rebuild_index(bool force) if (retval || force) { size_t index_size = 0, start_size = this->lss_index.size(); + logline_cmp line_cmper(*this); - kmerge_tree_c merge(file_count); - - for (iter = this->lss_files.begin(); - iter != this->lss_files.end(); - iter++) { - logfile_data *ld = *iter; + for (auto ld : this->lss_files) { logfile *lf = ld->get_file(); - if (lf == NULL) { + + if (lf == nullptr) { continue; } - - merge.add(ld, - lf->begin() + ld->ld_lines_indexed, - lf->end()); - index_size += lf->size(); - this->lss_longest_line = std::max(this->lss_longest_line, lf->get_longest_line_length()); + this->lss_longest_line = std::max( + this->lss_longest_line, lf->get_longest_line_length()); } - this->lss_index.reset(); + if (full_sort) { + for (auto ld : this->lss_files) { + logfile *lf = ld->get_file(); - merge.execute(); - for (;;) { - logfile::iterator lf_iter; - logfile_data *ld; + if (lf == nullptr) { + continue; + } - if (!merge.get_top(ld, lf_iter)) { - break; + for (size_t line_index = 0; line_index < lf->size(); line_index++) { + content_line_t con_line(ld->ld_file_index * MAX_LINES_PER_FILE + + line_index); + + this->lss_index.push_back(con_line); + } } - int file_index = ld->ld_file_index; - int line_index = lf_iter - ld->get_file()->begin(); + sort(this->lss_index.begin(), this->lss_index.end(), line_cmper); + } else { + kmerge_tree_c merge( + file_count); - content_line_t con_line(file_index * MAX_LINES_PER_FILE + - line_index); + for (iter = this->lss_files.begin(); + iter != this->lss_files.end(); + iter++) { + logfile_data *ld = *iter; + logfile *lf = ld->get_file(); + if (lf == NULL) { + continue; + } - off_t insert_point = this->lss_index.merge_value( - con_line, logline_cmp(*this)); - if (insert_point < (off_t)start_size) { - start_size = 0; - this->lss_filtered_index.clear(); + merge.add(ld, + lf->begin() + ld->ld_lines_indexed, + lf->end()); + index_size += lf->size(); } - merge.next(); + merge.execute(); + for (;;) { + logfile::iterator lf_iter; + logfile_data *ld; + + if (!merge.get_top(ld, lf_iter)) { + break; + } + + int file_index = ld->ld_file_index; + int line_index = lf_iter - ld->get_file()->begin(); + + content_line_t con_line(file_index * MAX_LINES_PER_FILE + + line_index); + + this->lss_index.push_back(con_line); + + merge.next(); + } } for (iter = this->lss_files.begin(); @@ -515,8 +546,6 @@ bool logfile_sub_source::rebuild_index(bool force) (*iter)->ld_lines_indexed = (*iter)->get_file()->size(); } - this->lss_index.finish(); - this->lss_filtered_index.reserve(this->lss_index.size()); uint32_t filter_in_mask, filter_out_mask; diff --git a/src/logfile_sub_source.hh b/src/logfile_sub_source.hh index e569b804..89a7efd1 100644 --- a/src/logfile_sub_source.hh +++ b/src/logfile_sub_source.hh @@ -45,7 +45,7 @@ #include "strong_int.hh" #include "logfile.hh" #include "bookmarks.hh" -#include "chunky_index.hh" +#include "big_array.hh" #include "textview_curses.hh" #include "filter_observer.hh" @@ -609,7 +609,7 @@ private: unsigned long lss_flags; std::vector lss_files; - chunky_index lss_index; + big_array lss_index; std::vector lss_filtered_index; bookmarks::type lss_user_marks; diff --git a/src/sql_util.cc b/src/sql_util.cc index bc5d2670..bc982ca4 100644 --- a/src/sql_util.cc +++ b/src/sql_util.cc @@ -610,6 +610,23 @@ char *sql_quote_ident(const char *ident) return retval; } +string sql_safe_ident(const string_fragment &ident) +{ + string retval = to_string(ident); + + for (size_t lpc = 0; lpc < retval.size(); lpc++) { + char ch = retval[lpc]; + + if (isalnum(ch) || ch == '_') { + retval[lpc] = ch; + } else { + retval[lpc] = '_'; + } + } + + return retval; +} + void sql_compile_script(sqlite3 *db, const char *src_name, const char *script_orig, diff --git a/src/sql_util.hh b/src/sql_util.hh index 0bb66d97..62958c44 100644 --- a/src/sql_util.hh +++ b/src/sql_util.hh @@ -81,6 +81,8 @@ bool sql_ident_needs_quote(const char *ident); char *sql_quote_ident(const char *ident); +std::string sql_safe_ident(const string_fragment &ident); + void sql_compile_script(sqlite3 *db, const char *src_name, const char *script, diff --git a/src/view_curses.cc b/src/view_curses.cc index b8213519..40a076a9 100644 --- a/src/view_curses.cc +++ b/src/view_curses.cc @@ -240,6 +240,21 @@ void attr_line_t::split_lines(std::vector &lines) const lines.emplace_back(this->subline(pos)); } +struct tab_mapping { + size_t tm_origin; + size_t tm_dst_start; + size_t tm_dst_end; + + tab_mapping(size_t origin, size_t dst_start, size_t dst_end) + : tm_origin(origin), tm_dst_start(dst_start), tm_dst_end(dst_end) { + + }; + + size_t length() const { + return this->tm_dst_end - this->tm_dst_start; + }; +}; + void view_curses::mvwattrline(WINDOW *window, int y, int x, @@ -250,8 +265,8 @@ void view_curses::mvwattrline(WINDOW *window, int text_attrs, attrs, line_width; string_attrs_t & sa = al.get_attrs(); string & line = al.get_string(); - string_attrs_t::iterator iter; - std::map > tab_list; + string_attrs_t::const_iterator iter; + vector tab_list; int tab_count = 0; char *expanded_line; size_t exp_index = 0; @@ -264,13 +279,15 @@ void view_curses::mvwattrline(WINDOW *window, expanded_line = (char *)alloca(line.size() + tab_count * 8 + 1); for (size_t lpc = 0; lpc < line.size(); lpc++) { + int exp_start_index = exp_index; + switch (line[lpc]) { case '\t': do { expanded_line[exp_index] = ' '; exp_index += 1; } while (exp_index % 8); - tab_list[lpc] = exp_index; + tab_list.emplace_back(lpc, exp_start_index, exp_index); break; case '\r': @@ -310,24 +327,24 @@ void view_curses::mvwattrline(WINDOW *window, stable_sort(sa.begin(), sa.end()); for (iter = sa.begin(); iter != sa.end(); ++iter) { struct line_range attr_range = iter->sa_range; - std::map::iterator tab_iter; require(attr_range.lr_start >= 0); require(attr_range.lr_end >= -1); - tab_iter = tab_list.lower_bound(attr_range.lr_start); - if (tab_iter != tab_list.end()) { - if ((size_t)attr_range.lr_start > tab_iter->first) { - attr_range.lr_start += (tab_iter->second - tab_iter->first) - 1; + for (auto tab_iter = tab_list.rbegin(); + tab_iter != tab_list.rend(); + ++tab_iter) { + if (tab_iter->tm_origin < attr_range.lr_start) { + attr_range.lr_start += tab_iter->length() - 1; } } if (attr_range.lr_end != -1) { - tab_iter = tab_list.lower_bound(attr_range.lr_end); - if (tab_iter != tab_list.end()) { - if ((size_t)attr_range.lr_end > tab_iter->first) { - attr_range.lr_end += ( - tab_iter->second - tab_iter->first) - 1; + for (auto tab_iter = tab_list.rbegin(); + tab_iter != tab_list.rend(); + ++tab_iter) { + if (tab_iter->tm_origin < attr_range.lr_end) { + attr_range.lr_end += tab_iter->length() - 1; } } } @@ -341,7 +358,7 @@ void view_curses::mvwattrline(WINDOW *window, attr_range.lr_end - lr.lr_start); if (attr_range.lr_end > attr_range.lr_start) { - string_attrs_t::iterator range_iter; + string_attrs_t::const_iterator range_iter; int awidth = attr_range.length(); int color_pair = -1; diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index f83ef52d..eaf26e14 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -1,7 +1,6 @@ include_directories(../../lbuild/src ../src/ /opt/local/include) -add_executable(test_chunky_index test_chunky_index.cc) add_executable(test_pcrepp test_pcrepp.cc ../src/lnav_log.cc ../src/pcrepp.cc) add_executable(test_reltime test_reltime.cc ../src/relative_time.cc diff --git a/test/Makefile.am b/test/Makefile.am index 54703846..7792995c 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -38,7 +38,6 @@ check_PROGRAMS = \ test_auto_fd \ test_auto_mem \ test_bookmarks \ - test_chunky_index \ test_concise \ test_date_time_scanner \ test_grep_proc2 \ @@ -82,9 +81,6 @@ test_auto_mem_SOURCES = test_auto_mem.cc test_bookmarks_SOURCES = test_bookmarks.cc test_bookmarks_LDADD = ../src/libdiag.a -test_chunky_index_SOURCES = test_chunky_index.cc -test_chunky_index_LDADD = ../src/libdiag.a - test_date_time_scanner_SOURCES = test_date_time_scanner.cc test_date_time_scanner_LDADD = ../src/libdiag.a $(SQLITE3_LIBS) @@ -290,6 +286,8 @@ dist_noinst_DATA = \ logfile_access_log.1 \ logfile_bad_access_log.0 \ logfile_bad_syslog.0 \ + logfile_bro_conn.log.0 \ + logfile_bro_http.log.0 \ logfile_blued.0 \ logfile_empty.0 \ logfile_epoch.0 \ @@ -356,7 +354,6 @@ TESTS = \ test_auto_fd \ test_auto_mem \ test_bookmarks \ - test_chunky_index \ test_date_time_scanner \ test_format_installer.sh \ test_format_loader.sh \ diff --git a/test/drive_data_scanner.cc b/test/drive_data_scanner.cc index b1e8c672..a4246e43 100644 --- a/test/drive_data_scanner.cc +++ b/test/drive_data_scanner.cc @@ -150,7 +150,7 @@ int main(int argc, char *argv[]) iter != root_formats.end() && !found; ++iter) { (*iter)->clear(); - if ((*iter)->scan(index, 13, sbr) == log_format::SCAN_MATCH) { + if ((*iter)->scan(nonstd::nullopt, index, 13, sbr) == log_format::SCAN_MATCH) { format = (*iter)->specialized(); found = true; } diff --git a/test/logfile_bro_conn.log.0 b/test/logfile_bro_conn.log.0 new file mode 100644 index 00000000..305e3681 --- /dev/null +++ b/test/logfile_bro_conn.log.0 @@ -0,0 +1,101 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2017-04-16-21-36-10 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1320279554.496300 Cg9xqq3JAcZusspA86 192.168.2.76 52025 208.85.42.28 80 tcp - 2.125850 0 1092421 SF - - 0 ^dAfFa 400 20800 756 1131733 (empty) +1320279567.181431 CdysLK1XpcrXOpVDuh 192.168.2.76 52034 174.129.249.33 80 tcp http 0.082899 389 1495 SF - - 0 ShADdfFa 5 613 4 1667 (empty) +1320279567.452735 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 tcp http 2.561940 905 731 SF - - 0 ShADadfF 9 1289 8 1063 (empty) +1320279567.181050 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 tcp http 3.345539 1856 1445 SF - - 0 ShADadfF 15 2480 13 1969 (empty) +1320279572.537165 Cg66JO6sKx3fvUkQa 192.168.2.76 52014 132.235.215.117 80 tcp - 0.005881 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279578.886650 CIJIDL1ULo4HpT24Gl 192.168.2.76 52052 63.241.108.124 80 tcp http 0.498720 1566 2543 SF - - 0 ShADadfF 6 1830 5 2747 (empty) +1320279577.453637 CEh6Ka2HInkNSH01L2 192.168.2.76 52044 216.34.181.48 80 tcp http 5.077548 596 576 SF - - 0 ShADadfF 6 920 5 848 (empty) +1320279581.284239 CSvRlm1gGNFXUOrtRj 192.168.2.76 52059 207.171.163.23 80 tcp - 5.056486 0 0 SF - - 0 ShAFf 4 184 2 92 (empty) +1320279577.507914 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 tcp http 11.654832 2603 181933 SF - - 0 ShADadfF 80 6775 134 188913 (empty) +1320279590.558878 CKeb0i4BZy3XEHQGvb 192.168.2.76 52077 74.125.225.78 80 tcp - 5.048744 0 0 SF - - 0 ShAFf 4 220 2 112 (empty) +1320279601.552309 CK957ERTz8lBycly4 192.168.2.76 52085 199.59.148.201 80 tcp http 0.237418 883 1071 SF - - 0 ShADadfF 6 1207 5 1339 (empty) +1320279600.826685 CaPClb1Bf0RrRGtyWi 192.168.2.76 52083 192.150.187.43 80 tcp http 5.233472 442 31353 SF - - 0 ShADadfF 20 1494 26 32713 (empty) +1320279600.826441 CmWpSw3VtjiAceBCwf 192.168.2.76 52081 192.150.187.43 80 tcp http 5.233763 446 24258 SF - - 0 ShADadfF 14 1186 21 25358 (empty) +1320279600.826004 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 tcp http 5.404390 886 16577 SF - - 0 ShADadfF 14 1626 17 17469 (empty) +1320279600.825492 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 tcp http 5.496459 1309 17849 SF - - 0 ShADadfF 16 2153 18 18793 (empty) +1320279600.826607 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 tcp http 5.515177 1746 14412 SF - - 0 ShADadfF 14 2486 16 15252 (empty) +1320279600.581672 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 tcp http 5.825503 1599 80801 SF - - 0 ShADadfF 37 3535 63 84085 (empty) +1320279607.998777 CKskol4qPFKjkV6273 192.168.2.76 52022 74.125.225.68 80 tcp - 0.021505 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279607.998577 CtBtCj3jZ4UVo657Dc 192.168.2.76 52023 209.85.145.101 80 tcp - 0.031533 0 0 SF - - 0 FfA 2 104 1 52 (empty) +1320279611.527848 CurHpb1TGZOktTRNP1 192.168.2.76 52092 199.59.148.201 80 tcp http 0.349795 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty) +1320279612.495344 CuUKOQ1R3CqKBgeTdf 192.168.2.76 52093 199.59.148.201 80 tcp http 0.279806 907 1070 SF - - 0 ShADadfF 6 1231 5 1338 (empty) +1320279613.968096 C3xkHgJnzZszVSTpi 192.168.2.76 52094 199.59.148.201 80 tcp http 0.486591 902 1070 SF - - 0 ShADadfF 6 1226 5 1338 (empty) +1320279611.171273 CINVx040XRWPWdQIOd 192.168.2.76 52091 192.150.187.43 80 tcp - 5.081864 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279601.552622 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 tcp http 15.200059 4078 9556 SF - - 0 ShADadfF 12 4714 13 10240 (empty) +1320279610.744212 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 tcp http 6.499438 1669 37688 SF - - 0 ShADadFf 26 3033 31 39308 (empty) +1320279616.742259 CMrjgF2XLmRh9C9TR4 192.168.2.76 52095 208.85.41.42 80 tcp http 0.604819 546 59445 SF - - 0 ShADadfF 29 2066 45 61793 (empty) +1320279630.486420 CD69521bDXIAb4IkW 192.168.2.76 52097 199.59.148.201 80 tcp http 0.166288 903 1070 SF - - 0 ShADadfF 6 1227 5 1338 (empty) +1320279630.021607 C2vQ8sVgyADHjtEda 192.168.2.76 52096 192.150.187.43 80 tcp http 5.199366 421 15397 SF - - 0 ShADadfF 13 1109 15 16185 (empty) +1320279637.215536 CmxyBl2c8XAMTuHEk4 192.168.2.76 52100 199.59.148.201 80 tcp http 0.264911 905 1068 SF - - 0 ShADadFf 7 1281 5 1336 (empty) +1320279577.687091 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 tcp http 61.298320 1465 22567 SF - - 0 ShADadfF 19 2465 21 23667 (empty) +1320279639.698701 CBX0254QJoklXNbvv2 192.168.2.76 52110 199.59.148.201 80 tcp http 0.283987 901 1067 SF - - 0 ShADadfF 6 1225 5 1335 (empty) +1320279638.450681 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 tcp http 5.709781 758 19809 SF - - 0 ShADadFf 16 1602 20 20857 (empty) +1320279638.954157 C4pHul1H3OeWYz7o7i 192.168.2.76 52102 192.150.187.43 80 tcp http 5.228420 371 498 SF - - 0 ShADadFf 7 747 5 766 (empty) +1320279638.957224 C7Lcvr4vsTf6eYpBva 192.168.2.76 52104 192.150.187.43 80 tcp http 5.231185 340 1443 SF - - 0 ShADadFf 7 716 5 1711 (empty) +1320279638.955996 CV8faD4L1sLL5kDwN9 192.168.2.76 52103 192.150.187.43 80 tcp http 5.243925 338 24829 SF - - 0 ShADadFf 18 1286 22 25981 (empty) +1320279639.349306 CvfUrT2DgYXXoZw9Ah 192.168.2.76 52109 192.150.187.43 80 tcp http 4.862785 400 7004 SF - - 0 ShADadFf 9 880 8 7428 (empty) +1320279639.147746 C6MrHk2C7rLuJqhjsg 192.168.2.76 52107 192.150.187.43 80 tcp http 5.066841 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty) +1320279639.205080 Ccc26E2f7mpxWWj5L2 192.168.2.76 52108 192.150.187.43 80 tcp - 5.009511 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279639.052091 CyiluB4nGodFLEMnX5 192.168.2.76 52105 192.150.187.43 80 tcp - 5.162501 0 0 SF - - 0 ShAFf 5 272 3 172 (empty) +1320279639.147610 CxyAKs10ppnHFP6O8i 192.168.2.76 52106 192.150.187.43 80 tcp http 5.066984 404 491 SF - - 0 ShADadFf 6 728 4 707 (empty) +1320279636.698841 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 tcp http 7.515757 1219 28929 SF - - 0 ShADadFf 23 2427 24 30185 (empty) +1320279630.486859 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 tcp http 15.198762 2050 4776 SF - - 0 ShADadfF 8 2478 9 5252 (empty) +1320279673.118128 CRNn9f1zKNlzHSM5pa 192.168.2.76 52112 199.59.148.201 80 tcp http 0.351267 902 1068 SF - - 0 ShADadfF 6 1226 5 1336 (empty) +1320279672.273571 C6Ym6jvMgikT0xTTc 192.168.2.76 52111 192.150.187.43 80 tcp http 5.564817 419 48038 SF - - 0 ShADadfF 23 1627 38 50022 (empty) +1320279579.393218 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 tcp http 0.045584 2503 21124 S1 - - 0 ShADad 13 3191 18 22068 (empty) +1320279567.515293 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 tcp http 23.090143 6335 4537 S1 - - 0 ShADad 18 7283 11 5117 (empty) +1320279581.817559 CGv2Tp4Ngt8MmKmVRd 192.168.2.76 52062 132.235.215.119 80 tcp http 0.007172 600 248 S1 - - 0 ShADad 4 820 3 412 (empty) +1320279571.543053 CsBgiE1WmGP4Yo749h 192.168.2.76 52039 69.171.228.39 80 tcp http 0.308956 417 10451 S1 - - 0 ShADd 9 897 9 10931 (empty) +1320279587.101825 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 tcp http 0.614423 2544 2981 S1 - - 0 ShADad 6 2868 6 3301 (empty) +1320279577.686971 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 tcp http 6.945222 2240 31147 S1 - - 0 ShADad 21 3344 26 32507 (empty) +1320279589.315281 CBHHuR1xFnm5C5CQBc 192.168.2.76 52074 74.125.225.76 80 tcp http 0.059880 373 1158 S1 - - 0 ShADad 4 593 3 1322 (empty) +1320279590.557604 C0K9DaoPFkfnzwlZa 192.168.2.76 52076 74.125.225.78 80 tcp http 0.048630 717 342 S1 - - 0 ShADad 4 937 3 506 (empty) +1320279581.472457 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 tcp http 0.704763 4835 51573 S1 - - 0 ShADad 30 6407 46 53973 (empty) +1320279585.726876 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 tcp http 1.386549 1233 8739 S1 - - 0 ShADad 10 1765 10 9267 (empty) +1320279566.795729 CdrfXZ1NOFPEawF218 192.168.2.76 52028 72.21.211.173 80 tcp http 115.121914 380 2260 SF - - 0 ShADdFf 6 644 4 2432 (empty) +1320279584.599525 Cs5yEZ3ELZTeuTOsP4 192.168.2.76 52064 204.246.169.252 80 tcp http 0.391939 370 64350 S1 - - 0 ShADad 28 1838 47 66802 (empty) +1320279601.555241 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 tcp http 71.619232 4280 704 S1 - - 0 ShADad 10 4812 6 1024 (empty) +1320279580.303255 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 tcp http 0.118609 844 1440 S1 - - 0 ShADad 6 1168 4 1656 (empty) +1320279600.900056 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 tcp http 72.274459 8979 8637 S1 - - 0 ShADad 23 10187 16 9477 (empty) +1320279571.880419 CtANmVrHYMtkWqPE5 192.168.2.76 52041 132.235.215.117 80 tcp http 0.013122 374 1813 S1 - - 0 ShADad 4 594 4 2029 (empty) +1320279577.686764 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 tcp http 6.975476 1916 71870 S1 - - 0 ShADad 37 3852 55 74738 (empty) +1320279581.287819 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 tcp http 0.686395 1601 40796 S1 - - 0 ShADad 21 2705 33 42520 (empty) +1320279586.006470 CbUCgw1DrIGcXzONB7 192.168.2.76 52071 204.246.169.217 80 tcp http 0.092010 381 1322 S1 - - 0 ShADad 4 601 3 1486 (empty) +1320279566.795779 CJwUi9bdB9c1lLW44 192.168.2.76 52029 72.21.211.173 80 tcp http 115.121339 380 2658 SF - - 0 ShADdFf 6 644 4 2830 (empty) +1320279571.880174 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 tcp http 0.673383 1507 12558 S1 - - 0 ShADad 13 2195 14 13302 (empty) +1320279581.284163 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 tcp http 0.335801 736 1674 S1 - - 0 ShADad 6 1000 5 1886 (empty) +1320279577.686914 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 tcp http 6.967534 2207 28633 S1 - - 0 ShADad 22 3363 24 29889 (empty) +1320279586.001630 CWJhMU2cTLEnseTmCb 192.168.2.76 52067 204.246.169.217 80 tcp http 0.136158 381 5225 S1 - - 0 ShADad 5 653 6 5545 (empty) +1320279567.684168 CdZUPH2DKOE7zzCLE3 192.168.2.76 52038 132.235.215.119 80 tcp http 115.202498 449 9019 SF - - 0 ShADadFf 9 929 10 9547 (empty) +1320279579.442948 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 tcp http 0.274905 1028 1071 S1 - - 0 ShADd 6 1292 3 1195 (empty) +1320279579.803083 CaP2LpLGvsmX7yJO 192.168.2.76 52056 74.125.225.91 80 tcp http 0.046347 400 360 S1 - - 0 ShADad 4 620 3 524 (empty) +1320279586.002799 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 tcp http 0.120253 762 3509 S1 - - 0 ShADad 6 1086 6 3829 (empty) +1320279567.667107 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 tcp http 32.451792 6668 13531 S1 - - 0 ShADad 29 8188 29 15047 (empty) +1320279566.795888 CT0JIh479jXIGt0Po1 192.168.2.76 52031 72.21.211.173 80 tcp http 115.121506 380 1981 SF - - 0 ShADdFf 6 644 4 2153 (empty) +1320279566.447996 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 tcp http 116.438679 2063 18235 SF - - 0 ShADadFf 15 2855 18 19179 (empty) +1320279577.686850 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 tcp http 6.973070 1921 280972 S1 - - 0 ShADadt 144 11093 199 291328 (empty) +1320279566.795830 CJxSUgkInyKSHiju1 192.168.2.76 52030 72.21.211.173 80 tcp http 115.121810 380 2686 SF - - 0 ShADdFf 6 644 4 2858 (empty) +1320279601.554581 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 tcp http 35.738404 4220 704 S1 - - 0 ShADad 10 4752 7 1076 (empty) +1320279566.795628 CoX7zA3OJKGUOSCBY2 192.168.2.76 52027 72.21.211.173 80 tcp http 115.121837 380 2948 SF - - 0 ShADdFf 6 644 5 3160 (empty) +1320279577.687031 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 tcp http 6.947920 2582 34114 S1 - - 0 ShADad 26 3946 30 35682 (empty) +1320279584.610492 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 tcp http 4.847647 1218 131460 S1 - - 0 ShADad 55 4090 94 136356 (empty) +1320279588.157960 CYYyja3FFNEnftw3K6 192.168.2.76 52073 74.125.225.72 80 tcp http 0.346895 378 174833 S1 - - 0 ShADadt 77 4718 127 181445 (empty) +1320279571.880844 C4uDKU5tpeRU9Su19 192.168.2.76 52043 132.235.215.117 80 tcp http 0.027676 389 803 S1 - - 0 ShADad 4 609 3 967 (empty) +1320279571.880785 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 tcp http 0.698402 813 45320 S1 - - 0 ShADad 22 1969 34 47096 (empty) +1320279586.004044 C2KnU34GcVV6amo8va 192.168.2.76 52069 204.246.169.217 80 tcp http 0.094285 381 1903 S1 - - 0 ShADad 4 601 4 2119 (empty) +1320279582.210392 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 tcp http 7.278092 1971 508090 S1 - - 0 ShADadt 225 15495 355 526558 (empty) +1320279590.556280 CD1jfU3p9abEm77mzf 192.168.2.76 52075 74.125.225.78 80 tcp http 0.047887 714 342 S1 - - 0 ShADad 4 934 3 506 (empty) +1320279586.005337 C5vx4911iSMAJuShFd 192.168.2.76 52070 204.246.169.217 80 tcp http 0.093133 381 2493 S1 - - 0 ShADad 4 601 4 2709 (empty) +1320279673.118549 CJLgi92kpp2gLgGTE5 192.168.2.76 52113 199.59.148.20 80 tcp http 10.247819 1023 2388 SF - - 0 ShADadfF 6 1347 6 2708 (empty) +1320279579.731320 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 tcp http 0.522914 1493 54251 S1 - - 0 ShADad 30 3065 46 56651 (empty) +1320279601.553361 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 tcp http 71.658218 3168 19975 S1 - - 0 ShADadt 23 4388 29 21491 (empty) +1320279566.796068 C6Q4Vm14ZJIlZhsXqk 192.168.2.76 52032 72.21.211.173 80 tcp http 115.119217 380 2628 SF - - 0 ShADadFf 6 644 5 2840 (empty) +#close 2017-04-16-21-36-10 diff --git a/test/logfile_bro_http.log.0 b/test/logfile_bro_http.log.0 new file mode 100644 index 00000000..8f69becd --- /dev/null +++ b/test/logfile_bro_http.log.0 @@ -0,0 +1,206 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2017-04-16-21-36-10 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +1320279566.452687 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 1 GET www.reddit.com / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 109978 200 OK - - (empty) - - - - - - Ftw3fJ2JJF3ntMTL2 - text/html +1320279566.831619 CJxSUgkInyKSHiju1 192.168.2.76 52030 72.21.211.173 80 1 GET e.thumbs.redditmedia.com /E-pbDbmiBclPkDaX.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2300 200 OK - - (empty) - - - - - - FFTf9Zdgk3YkfCKo3 - image/jpeg +1320279566.831563 CJwUi9bdB9c1lLW44 192.168.2.76 52029 72.21.211.173 80 1 GET f.thumbs.redditmedia.com /BP5bQfy4o-C7cF6A.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2272 200 OK - - (empty) - - - - - - FfXtOj3o7aub4vbs2j - image/jpeg +1320279566.831473 CoX7zA3OJKGUOSCBY2 192.168.2.76 52027 72.21.211.173 80 1 GET e.thumbs.redditmedia.com /SVUtep3Rhg5FTRn4.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2562 200 OK - - (empty) - - - - - - F21Ybs3PTqS6O4Q2Zh - image/jpeg +1320279566.831643 CT0JIh479jXIGt0Po1 192.168.2.76 52031 72.21.211.173 80 1 GET f.thumbs.redditmedia.com /uuy31444rLSyKdHS.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1595 200 OK - - (empty) - - - - - - Fdk0MZ1wQmKWAJ4WH4 - image/jpeg +1320279566.831666 C6Q4Vm14ZJIlZhsXqk 192.168.2.76 52032 72.21.211.173 80 1 GET a.thumbs.redditmedia.com /BoVp7eG0DUodTIfr.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2242 200 OK - - (empty) - - - - - - FwCCcC3lGkQAwhCDX3 - image/jpeg +1320279566.831535 CdrfXZ1NOFPEawF218 192.168.2.76 52028 72.21.211.173 80 1 GET c.thumbs.redditmedia.com /IEeSI3Q47xHE0UEz.jpg http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1874 200 OK - - (empty) - - - - - - FHK4nO28ZC5rrBZPqa - image/jpeg +1320279567.211407 CdysLK1XpcrXOpVDuh 192.168.2.76 52034 174.129.249.33 80 1 GET www.redditmedia.com /ads/ http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3258 200 OK - - (empty) - - - - - - Fv5xxZ7iP0eQKziM2 - text/html +1320279567.211031 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 1 GET pixel.redditmedia.com /pixel/of_destiny.png?v=32tb6zakMbpImUZWtz+pksVc/8wYRc822cfKz091HT0oAKWHwZGxGpDcvvwUpyjwU8nJsyGc4cw=&r=296143927 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - F5EJmr1cvlMkJFqSSk - image/png +1320279567.296908 CwFs1P2UcUdlSxD2La 192.168.2.76 52026 132.235.215.119 80 2 GET www.reddit.com /static/bg-button-positive-unpressed.png http://www.reddit.com/static/reddit.RZTLMiZ4gTk.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279567.451885 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 2 GET pixel.redditmedia.com /fetch-trackers?callback=jQuery16107779853632052074_1320279566998&ids[]=t5_6&ids[]=t3_lsfmb&ids[]=t3_lsejk&_=1320279567192 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 206 200 OK - - (empty) - - - - - - FGxLzB2hPvGVceWXuf - text/plain +1320279567.482546 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 1 GET pixel.redditmedia.com /fetch-trackers?callback=jQuery16107779853632052074_1320279566999&ids[]=t5_6&ids[]=t3_lsfmb&ids[]=t3_lsejk&_=1320279567197 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 206 200 OK - - (empty) - - - - - - FJ5XTZ1P1mJV2IhFth - text/plain +1320279567.536586 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=872724630&utmhn=www.reddit.com&utme=8(site*srpath*usertype*uitype)9( reddit.com* reddit.com-GET_listing*guest*web)11(3!2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=reddit: the front page of the internet&utmhid=1425264550&utmr=-&utmp=/&utmac=UA-12131688-1&utmcc=__utma=55650728.1984705726.1319611466.1320276256.1320279567.22;+__utmz=55650728.1319747429.7.7.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=appengine%20python%20mobile%20analytics;&utmu=qQ~ http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FilkiN33J86y8uYEF7 - image/gif +1320279567.689996 CdZUPH2DKOE7zzCLE3 192.168.2.76 52038 132.235.215.119 80 1 GET feeds.bbci.co.uk /news/rss.xml?edition=int - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 44841 200 OK - - (empty) - - - - - - FscOrx3YnSFtKUa9uh - text/atom +1320279567.680708 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 3 GET pixel.redditmedia.com /pixel/of_doom.png?id=t5_6&hash=e962d119a7ff69901bb4ceaa7f3ba1224fd704b7&r=741109704 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - F6kKwQdgasTZr1aL3 - image/png +1320279567.683031 C6nSoj1Qco9PGyslz6 192.168.2.76 52035 184.72.234.3 80 2 GET pixel.redditmedia.com /pixel/of_doom.png?id=t3_lsfmb&hash=1c635ac04668546a1c33c2faf3c4814cd6c4f96a&r=1492956402 http://www.reddit.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - FmHLsN1LHERYFmp4e2 - image/png +1320279567.690049 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 1 GET ad.doubleclick.net /adj/reddit.dart/reddit.com;kw=reddit.com;tile=1;sz=300x250;ord=5117434431991380? http://www.redditmedia.com/ads/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 491 200 OK - - (empty) - - - - - - Fabf7l1EL26N2KoFX6 - application/javascript +1320279568.281910 CtgxRAqDLvrRUQdqe 192.168.2.76 52033 184.72.234.3 80 4 GET pixel.redditmedia.com /pixel/of_defenestration.png?hash=a8ababd2e4912c8b21d72252ad18ebb5d8e27ea3&id=dart_reddit.com&random=5012335803517919 http://www.redditmedia.com/ads/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 105 200 OK - - (empty) - - - - - - FcDkzJ3PNtrAn4aZu6 - image/png +1320279571.625521 CsBgiE1WmGP4Yo749h 192.168.2.76 52039 69.171.228.39 80 1 GET www.facebook.com / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 31379 200 OK - - (empty) - - - - - - FSRE0d2Zg3eeFyEBhf - text/html +1320279571.883692 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yt/r/svonORc8tTu.css http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 20200 200 OK - - (empty) - - - - - - F2U3Y12HmvdWxdclQ1 - text/plain +1320279571.883724 CtANmVrHYMtkWqPE5 192.168.2.76 52041 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yZ/r/ejLIIb8vBQK.css http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6968 200 OK - - (empty) - - - - - - FRGXkT2UUJEXviZzgf - text/plain +1320279571.884016 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yp/r/kk8dc2UJYJ4.png http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2209 200 OK - - (empty) - - - - - - FJroqp2fMBIRhSjj6j - image/png +1320279571.884052 C4uDKU5tpeRU9Su19 192.168.2.76 52043 132.235.215.117 80 1 GET static.ak.fbcdn.net /rsrc.php/v1/yb/r/GsNJNwuI-UM.gif http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 522 200 OK - - (empty) - - - - - - FkTSSMSu95IbbWyPk - image/gif +1320279571.930335 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 2 GET static.ak.fbcdn.net /rsrc.php/yi/r/q9U99v3_saj.ico - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 152 200 OK - - (empty) - - - - - - FA4O2QKRGwGeMhyWg - image/png +1320279572.530622 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 3 GET static.ak.fbcdn.net /rsrc.php/v1/yB/r/TwAHgQi2ZPB.png http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/svonORc8tTu.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1203 200 OK - - (empty) - - - - - - FIp9Ei7407PZotrLf - image/png +1320279572.541605 CYfHyC28tAhkLYkXB7 192.168.2.76 52040 132.235.215.117 80 4 GET static.ak.fbcdn.net /rsrc.php/v1/yu/r/O03OuHGGSjF.js http://www.facebook.com/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14481 200 OK - - (empty) - - - - - - FXCacf3k0I8Jmv40V6 - text/plain +1320279572.531333 CSTH8n1O1nv0ztxNQd 192.168.2.76 52042 132.235.215.117 80 2 GET static.ak.fbcdn.net /rsrc.php/v1/yi/r/OBaVg52wtTZ.png http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/svonORc8tTu.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42565 200 OK - - (empty) - - - - - - FKd4ju2Q2pBLbL2g5j - image/png +1320279577.475501 CEh6Ka2HInkNSH01L2 192.168.2.76 52044 216.34.181.48 80 1 GET www.slashdot.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 297 301 Moved Permanently - - (empty) - - - - - - FlEa1o4YEPG5x7R5mh - text/html +1320279577.662818 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 2 GET www.google-analytics.com /siteopt.js?v=1&utmxkey=2467390112&utmx=9273847.00017148082467390112:2:4&utmxx=9273847.00017148082467390112:1320193640:2592000&utmxtime=1320279577646 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3968 200 OK - - (empty) - - - - - - Fe6QOa3PksIXzVHTE4 - text/plain +1320279577.706621 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/nasa_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3599 200 OK - - (empty) - - - - - - FS2GsS2N4xpsInXkc5 - image/png +1320279577.706671 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/redhat_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1708 200 OK - - (empty) - - - - - - FbrtkF2Bsf8qono1hl - image/png +1320279577.727833 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 3 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=2075689467&utmhn=slashdot.org&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/2467390112/test&utmac=UA-32013-38&utmcc=__utma=9273847.1625321166.1320279578.1320279578.1320279578.1;+__utmz=9273847.1320279578.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);+__utmx=9273847.00017148082467390112:2:4;&utmu=qACg~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FMI1K94zPiqlNScu2b - image/gif +1320279577.526624 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 1 GET slashdot.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 92235 200 OK - - (empty) - - - - - - FC6fny4bS2LdWArKCd - text/html +1320279577.706646 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/apple_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5316 200 OK - - (empty) - - - - - - FrzGSm1jOZoVQ2Hx9k - image/png +1320279577.746860 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/news_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4791 200 OK - - (empty) - - - - - - FFzyL22N09AR4kpGqj - image/png +1320279577.744727 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/windows_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6070 200 OK - - (empty) - - - - - - FSY7De4YLIkMbdkgub - image/png +1320279577.792926 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/microsoft_64100.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4684 200 OK - - (empty) - - - - - - F1ZWL920coZQCa5hB6 - image/png +1320279577.786697 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/bug_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 7200 200 OK - - (empty) - - - - - - FkTxkx1LuAiF22kjQ5 - image/png +1320279577.706695 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 1 GET a.fsdn.com /sd/topics/science_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6820 200 OK - - (empty) - - - - - - FqSWHi2S4omFxuoqE8 - image/png +1320279577.796082 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/privacy_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5372 200 OK - - (empty) - - - - - - FEDr4Q1KVBpZpYyCvf - image/png +1320279577.831213 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/games_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4858 200 OK - - (empty) - - - - - - Fsf46e3M0rnbBBosjb - image/png +1320279577.855921 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/java_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5985 200 OK - - (empty) - - - - - - FzE9vp3dywOexb5lOj - image/png +1320279577.706506 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 1 GET a.fsdn.com /sd/classic.css?release_20111101.01 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 102898 200 OK - - (empty) - - - - - - FeeI2T3XazYNxR2Aff - text/plain +1320279577.885356 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/facebook_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 935 200 OK - - (empty) - - - - - - F0pvzI2hxCu7CPDES4 - image/png +1320279577.874879 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 2 GET a.fsdn.com /sd/topics/topickde.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3503 200 OK - - (empty) - - - - - - FaZ03A6N9Jr41XtA9 - image/gif +1320279577.898479 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/technology_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 7000 200 OK - - (empty) - - - - - - Ft1wSRxSA94TeB9vk - image/png +1320279577.706532 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 1 GET a.fsdn.com /sd/all-minified.js?release_20111101.01 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 265231 200 OK - - (empty) - - - - - - FV4WlAnhOGEzG8yNf - text/plain +1320279578.786070 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 4 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=1&utmn=1576123726&utmhn=slashdot.org&utme=8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qRCg~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FPFdR81eU5ibximh1c - image/gif +1320279578.786348 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 2 GET slashdot.org /favicon.ico - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 318 200 OK - - (empty) - - - - - - FNUo213hZ5nZPeveCg - image/x-icon +1320279578.786168 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 2 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p1_leader;pg=index2;logged_in=0;tile=1;sz=728x90;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1102 200 OK - - (empty) - - - - - - FX5LMT3stFxRIOJTy6 - application/javascript +1320279578.927905 CIJIDL1ULo4HpT24Gl 192.168.2.76 52052 63.241.108.124 80 1 GET bs.serving-sys.com /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=3258172&PluID=0&w=728&h=90&ord=5919911&ucm=true&ncu=$$http://ad.doubleclick.net/click;h=v8/3bb4/3/0/*/i;246771152;0-0;0;47077322;3454-728/90;44177745/44195532/1;u=;~okv=;pg=index2;logged_in=0;tile=1;sz=728x90;u=;bsg=100834;bsg=100849;bsg=100972;bsg=100974;bsg=109739;~sscs=?$$ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2445 200 OK - - (empty) - - - - - - F1gfQ01LTJYKrGF5f6 - text/plain +1320279579.395786 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 1 GET ds.serving-sys.com /BurstingCachedScripts//SBTemplates_2_4_11/StdBanner.js?ai=6818549 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 25789 200 OK - - (empty) - - - - - - FsP7B41SP02n8qy4Q4 - text/plain +1320279579.411954 CLsqp41RLUd83arUQb 192.168.2.76 52053 132.235.215.119 80 2 GET ds.serving-sys.com /BurstingRes///Site-16990/Type-0/0c04460f-7d5c-47c7-bb52-d55a6cb9dfcc.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 13402 200 OK - - (empty) - - - - - - Fwc35U3WIVMb3eEMih - image/gif +1320279579.414248 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 3 GET ad.doubleclick.net /adj/ostg.slashdot/mainpage_p33_powerswitch;pg=index2;logged_in=0;tile=2;sz=980x66;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 350 200 OK - - (empty) - - - - - - FHYUQHQwRCXF6z6m1 - application/javascript +1320279579.446304 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 2 GET a.fsdn.com /sd/logo_w_l.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 916 200 OK - - (empty) - - - - - - Fq8jKs4ZEeQ86XLwHb - image/png +1320279579.446541 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 2 GET a.fsdn.com /sd/classic/img/glyphish-icons-16.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 34897 200 OK - - (empty) - - - - - - Fp4mTFtTxLfj1aZ0k - image/png +1320279579.494380 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 1 GET data.cmcore.com /imp?tid=17&ci=90378805&vn1=4.1.1&vn2=imp&ec=UTF-8&cm_mmc=CL11Display-_-Geeknet-_-728x90-_-SimpleQ4 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 302 Found - - (empty) - - - - - - - - - +1320279579.635947 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 3 GET a.fsdn.com /sd/classic/img/facebook_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1145 200 OK - - (empty) - - - - - - FrO4DB3JrPQuySFXqb - image/png +1320279579.635700 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 3 GET a.fsdn.com /sd/classic/img/twitter_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1131 200 OK - - (empty) - - - - - - FwOft14FasgQFevesf - image/png +1320279579.636241 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 4 GET a.fsdn.com /sd/classic/img/rss_24.png http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1394 200 OK - - (empty) - - - - - - Fg51Vl4RyzuxqyZong - image/png +1320279579.660927 CbCciH11995WKkobR1 192.168.2.76 52054 74.121.134.156 80 2 GET data.cmcore.com /imp?tid=17&ci=90378805&vn1=4.1.1&vn2=imp&ec=UTF-8&cm_mmc=CL11Display-_-Geeknet-_-728x90-_-SimpleQ4&cvdone=s http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FsfXhn4B6h8Cjd8sS8 - image/gif +1320279579.605985 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 4 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p83_medrec;pg=index2;logged_in=0;tile=3;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 37631 200 OK - - (empty) - - - - - - FKjsb32g87yJd7WC59 - application/javascript +1320279579.754251 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 1 GET s0.2mdn.net /1251057/plcr_44606913_1318531591501.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 16859 200 OK - - (empty) - - - - - - F8zvi64uyBZnSFW7X9 - text/plain +1320279579.731050 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 5 GET ad.doubleclick.net /ad/N815.slashdot/B5855285.36;sz=1x1 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 302 Moved Temporarily - - (empty) - - - - - - - - - +1320279579.788781 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 2 GET s0.2mdn.net /879366/inpageGlobalTemplate_v2_62_06.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47618 200 OK - - (empty) - - - - - - F1x0AK2HfI8zKiGCpc - text/plain +1320279579.826149 CaP2LpLGvsmX7yJO 192.168.2.76 52056 74.125.225.91 80 1 GET s0.2mdn.net /viewad/3000209/14-1x1.gif http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FwHSAt162BDr8cAtJc - image/gif +1320279580.110519 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 3 GET s0.2mdn.net /1251057/PID_1778428_MABQrgjDNeiVz7Kj.swf http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 30158 200 OK - - (empty) - - - - - - FiWyYW1UE23Xn9Du4c - application/x-shockwave-flash +1320279580.134281 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 6 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p31_lower_poll_spons;pg=index;logged_in=0;tile=4;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 481 200 OK - - (empty) - - - - - - FHGSmj2OR6IRPOR1Rg - application/javascript +1320279580.212196 ClcvKE1dqsEFQu46m9 192.168.2.76 52055 74.125.225.91 80 4 GET s0.2mdn.net /viewad/1251080/peelUp2.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 9700 200 OK - - (empty) - - - - - - FDXrgk2emoeMrxUO52 - image/png +1320279580.212311 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 7 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_CPL_medrec;pg=index;logged_in=0;tile=5;sz=300x250;ord=6795061899455057;? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 346 200 OK - - (empty) - - - - - - FcCddr4x0GnKCSZ8q1 - application/javascript +1320279580.339065 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 1 GET d1clfvuu2240eh.cloudfront.net /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 76 200 OK - - (empty) - - - - - - FkbZHZVBBE3Z1ZgDh - text/x-cross-domain-policy +1320279580.382077 CNbPns4mOMGgjI8Ele 192.168.2.76 52057 204.246.169.3 80 2 GET d1clfvuu2240eh.cloudfront.net /t.gif?m=a:W5Tk9EhlHtS1pyYL+RycSdDuNycgbdBawaGo+otmkKetUyhIY6Wu7kA=&m=b:JnQ9aW1wcmVzc2lvbiZyPTc2 - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 43 200 OK - - (empty) - - - - - - FMHtHn3vMLs8pHW5O4 - image/gif +1320279580.341750 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 8 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_p85_medrec;pg=index2;logged_in=0;tile=6;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 857 200 OK - - (empty) - - - - - - FcmK3c38gruwiDs6xe - application/javascript +1320279581.309602 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 1 GET pagead2.googlesyndication.com /pagead/show_ads.js http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279581.313348 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 1 GET farm.sproutbuilder.com /crossdomain.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FRmk7R24HzVNTD5jM5 - text/x-cross-domain-policy +1320279581.510471 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 5 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=2&utmn=949132929&utmhn=slashdot.org&utmt=event&utme=5(Firehose*FirehoseMore*10)8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=6RCgAAAAAAAAAAAAQ~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FFCJkh2igAZa2JEKsg - image/gif +1320279581.442967 CKzjfhsJ8vrn2rrfg 192.168.2.76 52058 207.171.163.23 80 2 GET farm.sproutbuilder.com /runtime.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 853 200 OK - - (empty) - - - - - - FM2Cma4R3x8nKUayJ1 - application/xml +1320279581.425927 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 9 GET ad.doubleclick.net /adj/ostg.slashdot/pg_index_google_medrec;pg=index2;logged_in=0;tile=7;sz=300x250,300x600;u=;ord=6795061899455057? http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 862 200 OK - - (empty) - - - - - - FVjOxU23aI5BNmJX2h - application/javascript +1320279581.494295 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 1 GET googleads.g.doubleclick.net /pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=books_sd_pages®ion=default&ad_type=text,image,flash,html&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http://slashdot.org/&adsafe=high&dt=1320279581339&bpp=3&shv=r20111026&jsv=r20110914&correlator=1320279581423&frm=4&adk=3033987521&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&ga_wpids=UA-32013-5&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=1333&biw=1265&bih=617&fu=0&ifi=1&dtd=128&xpc=ZMG9awPxwx&p=http://slashdot.org http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4365 200 OK - - (empty) - - - - - - F3NRgf4pxU4hVreqGi - text/html +1320279581.820179 CGv2Tp4Ngt8MmKmVRd 192.168.2.76 52062 132.235.215.119 80 1 GET b.scorecardresearch.com /b?c1=2&c2=6035546&rn=0.8987666179077362&c7=http://slashdot.org/&c3=&c4=&c5=&c6=&c10=&c15=&c16=&c8=Slashdot: News for nerds, stuff that matters&c9=&cv=1.7 http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 204 No Content - - (empty) - - - - - - - - - +1320279581.866795 C185u7u9Q4qhJPhzl 192.168.2.76 52060 74.125.225.92 80 2 GET pagead2.googlesyndication.com /pagead/imgad?id=CICAgMDOnZWCUxCsAhj6ATIICPPzdVZiN_g http://googleads.g.doubleclick.net/pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=books_sd_pages®ion=default&ad_type=text%2Cimage%2Cflash%2Chtml&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http%3A%2F%2Fslashdot.org%2F&adsafe=high&dt=1320279581339&bpp=3&shv=r20111026&jsv=r20110914&correlator=1320279581423&frm=4&adk=3033987521&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&ga_wpids=UA-32013-5&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=1333&biw=1265&bih=617&fu=0&ifi=1&dtd=128&xpc=ZMG9awPxwx&p=http%3A//slashdot.org 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 40252 200 OK - - (empty) - - - - - - FpH8io1fXFSErb0719 - application/x-shockwave-flash +1320279581.833299 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 2 GET googleads.g.doubleclick.net /pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=slashdot_imu_geo_us®ion=default&ad_type=text,image,flash,html&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http://slashdot.org/&adsafe=high&dt=1320279581648&bpp=3&shv=r20111026&jsv=r20110914&prev_fmts=300x250_pas_abgnc&correlator=1320279581423&frm=4&adk=2897144109&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=3468&biw=1265&bih=617&fu=0&ifi=2&dtd=172&xpc=8j2egD1P4r&p=http://slashdot.org http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2878 200 OK - - (empty) - - - - - - FNIXjx45CYFKs7kZF5 - text/html +1320279582.056477 CiIjAe1n5MnPOVpQ9f 192.168.2.76 52061 74.125.225.90 80 3 GET googleads.g.doubleclick.net /pagead/imgad?id=CLK48PnasdKuNxCsAhj6ATII1hcxUl9z8x8 http://googleads.g.doubleclick.net/pagead/ads?client=ca-ostg_js&format=300x250_pas_abgnc&output=html&h=250&w=300&lmt=1320279577&channel=slashdot_imu_geo_us®ion=default&ad_type=text%2Cimage%2Cflash%2Chtml&adtest=off&alt_color=ffffff&color_bg=cccccc&color_border=bababa&color_line=c8c8c8&color_link=002f2f&color_text=000000&oe=utf8&flash=10.1.102&url=http%3A%2F%2Fslashdot.org%2F&adsafe=high&dt=1320279581648&bpp=3&shv=r20111026&jsv=r20110914&prev_fmts=300x250_pas_abgnc&correlator=1320279581423&frm=4&adk=2897144109&ga_vid=473684895.1320279581&ga_sid=1320279581&ga_hid=756102172&ga_fc=0&u_tz=-240&u_his=3&u_java=0&u_h=800&u_w=1280&u_ah=726&u_aw=1280&u_cd=24&u_nplug=4&u_nmime=64&dff=arial&dfs=13&adx=939&ady=3468&biw=1265&bih=617&fu=0&ifi=2&dtd=172&xpc=8j2egD1P4r&p=http%3A//slashdot.org 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47034 200 OK - - (empty) - - - - - - FsE8Xf1Is5TGXnetD5 - image/gif +1320279582.246333 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 1 GET edge.sproutbuilder.com /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FVXCaI2T2NHgtAv0tb - text/x-cross-domain-policy +1320279582.411626 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 4 GET a.fsdn.com /sd/spinner_ffffff_on_004242.gif http://a.fsdn.com/sd/classic.css?release_20111101.01 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1849 200 OK - - (empty) - - - - - - FlloV02bcrqQfmom13 - image/gif +1320279582.409055 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 6 GET www.google-analytics.com /__utm.gif?utmwv=5.2.0&utms=3&utmn=246596971&utmhn=slashdot.org&utmt=event&utme=5(Firehose*FirehoseMore*20)8(User Type*Page)9(Anon*index2)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-32013-5&utmcc=__utma=57409013.1111154037.1320279579.1320279579.1320279579.1;+__utmz=57409013.1320279579.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=6RCgAAAAAAAAAAAAQ~ http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - F0yeUn1hZB9Y7yejMj - image/gif +1320279582.288447 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 2 GET edge.sproutbuilder.com /code/1319516275/player.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 291690 200 OK - - (empty) - - - - - - FA1xCj2DTlHjcsG0H7 - application/x-shockwave-flash +1320279582.366695 CjPGiy13ncXKxU765j 192.168.2.76 52045 216.34.181.45 80 3 POST slashdot.org /ajax.pl http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 584 88073 200 OK - - (empty) - - - FCo92D1aKZZwcho8T3 - text/plain FzIP4GoO5f5PVho8l - text/json +1320279584.545928 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/medicine_64.png?refresh=now http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2377 200 OK - - (empty) - - - - - - F8qktS1RoJMLjjMYX - image/png +1320279584.546009 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/government_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4069 200 OK - - (empty) - - - - - - FTA0804fE7gZIXNT9b - image/png +1320279584.546848 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/censorship_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4975 200 OK - - (empty) - - - - - - FbZkOe38GSLykHirIa - image/png +1320279584.544804 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/business_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6221 200 OK - - (empty) - - - - - - FboOO11NKqIFhA2jAi - image/png +1320279584.546073 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 3 GET a.fsdn.com /sd/topics/power_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4293 200 OK - - (empty) - - - - - - FnNo9O1IVWySYiWof3 - image/png +1320279584.582221 CjinlH2fzDtvzI9637 192.168.2.76 52049 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/hp_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6772 200 OK - - (empty) - - - - - - F52lFL2Slu0Yj1b9h3 - image/png +1320279584.591410 Cedw7H3ddE2yLiLoXc 192.168.2.76 52050 184.29.211.172 80 7 GET a.fsdn.com /sd/topics/security_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4562 200 OK - - (empty) - - - - - - FiL1v32LLpGAfCoxGj - image/png +1320279584.595893 CaEFHq2HVQ5iGJQiD9 192.168.2.76 52048 184.29.211.172 80 6 GET a.fsdn.com /sd/topics/court_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5591 200 OK - - (empty) - - - - - - FvuG3B1pRIwIYLWXb8 - image/png +1320279584.544227 Ct6ixh35y9AEr7J7o9 192.168.2.76 52047 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/china_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10079 200 OK - - (empty) - - - - - - FEjKFT1N7SHLlgUDie - image/png +1320279584.602215 CPoz7NUpXISemlNSd 192.168.2.76 52046 184.29.211.172 80 5 GET a.fsdn.com /sd/topics/money_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5459 200 OK - - (empty) - - - - - - FwxTAhFrD0SefH1Sj - image/png +1320279584.624590 CAUlC249svUfE6q0g3 192.168.2.76 52051 184.29.211.172 80 4 GET a.fsdn.com /sd/topics/idle_64.png http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6556 200 OK - - (empty) - - - - - - Fs2vnI3rv9Lzrna8m - image/png +1320279584.594900 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 3 GET edge.sproutbuilder.com /font/Tahoma.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 60686 200 OK - - (empty) - - - - - - FM0cqy3Sr1FMqQu4R4 - application/x-shockwave-flash +1320279584.635813 Cs5yEZ3ELZTeuTOsP4 192.168.2.76 52064 204.246.169.252 80 1 GET edge.sproutbuilder.com /font/Futura.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 63675 200 OK - - (empty) - - - - - - FgA7fUcDv9ymIxGik - application/x-shockwave-flash +1320279584.651727 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 1 GET edge.sproutbuilder.com /font/Archer.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 77236 200 OK - - (empty) - - - - - - FraIcD2n6aVym9cqsc - application/x-shockwave-flash +1320279585.764353 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 1 GET edgy.sproutbuilder.com /crossdomain.xml - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 75 200 OK - - (empty) - - - - - - FZiisa2oO1yLpfxavf - text/x-cross-domain-policy +1320279585.653934 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 4 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.components.video.VideoComponent.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 100368 200 OK - - (empty) - - - - - - FzRX504YyLGx2Mqk8b - application/x-shockwave-flash +1320279585.839709 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 2 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.components.button.ButtonComponent.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 27471 200 OK - - (empty) - - - - - - FZR5pf1Sn9SSiYJF37 - application/x-shockwave-flash +1320279586.039240 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/aADeSoj6NM7TVgD-.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1170 200 OK - - (empty) - - - - - - F0NexnjX9pfFNWVmk - image/png +1320279586.039757 C2KnU34GcVV6amo8va 192.168.2.76 52069 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/wwCdFIihNP2BVYdd.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1248 200 OK - - (empty) - - - - - - Fmjv7q4q8sYJInU3C - image/png +1320279586.041164 C5vx4911iSMAJuShFd 192.168.2.76 52070 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/3ADTPIg3NBsgWP5u.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1838 200 OK - - (empty) - - - - - - FtXp4r2NHB0rsNJVZ9 - image/png +1320279586.052831 CbUCgw1DrIGcXzONB7 192.168.2.76 52071 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/qABVt4hSNIK2WmTu.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 668 200 OK - - (empty) - - - - - - FuM3Px3V9iLL9UWuR6 - image/png +1320279586.081611 CejI402rKGtdBXij4f 192.168.2.76 52068 204.246.169.217 80 2 GET edgy.sproutbuilder.com /asset/UgDmFIiWNOMoVJD_.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1031 200 OK - - (empty) - - - - - - FzSLhC1MkvDzSRPqMh - image/png +1320279586.037832 CWJhMU2cTLEnseTmCb 192.168.2.76 52067 204.246.169.217 80 1 GET edgy.sproutbuilder.com /asset/dQA7E4gKNDB1UJoP.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 4570 200 OK - - (empty) - - - - - - FZL5uJ1ZdfYUKShkVb - image/png +1320279586.000195 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 2 GET edgy.sproutbuilder.com /asset/vgBY54hjNDESTf27.jpg - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6921 200 OK - - (empty) - - - - - - FGB1Ugi2qN3KCeA3j - image/jpeg +1320279587.052749 CRgW2I2zo3SInm6iT8 192.168.2.76 52066 204.246.169.217 80 3 GET edgy.sproutbuilder.com /asset/qABVt4hSNIK2WmTu.png - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279587.124669 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 1 GET www.youtube.com /crossdomain.xml - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 306 200 OK - - (empty) - - - - - - FAyeVc3FzNroUbHvdi - text/x-cross-domain-policy +1320279587.627640 C96j2X1DixgLTj2Oi8 192.168.2.76 52072 74.125.225.64 80 2 GET www.youtube.com /apiplayer?version=3 - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2177 200 OK - - (empty) - - - - - - FvuQ063vjYp4OXZCkj - application/x-shockwave-flash +1320279588.180462 CYYyja3FFNEnftw3K6 192.168.2.76 52073 74.125.225.72 80 1 GET s.ytimg.com /yt/swfbin/apiplayer3-vflmM-6Dr.swf - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 174499 200 OK - - (empty) - - - - - - FSARBI7PBlWKampzk - application/x-shockwave-flash +1320279589.337053 CBHHuR1xFnm5C5CQBc 192.168.2.76 52074 74.125.225.76 80 1 GET i4.ytimg.com /vi/gDbg_GeuiSY/hqdefault.jpg - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 893 404 Not Found - - (empty) - - - - - - F2GiAw3j1m22R2yIg2 - image/jpeg +1320279589.319143 Cu4gIx1BDNtGOl7Ht2 192.168.2.76 52065 204.246.169.252 80 3 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.platforms.DoubleClickPlatform.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 24725 200 OK - - (empty) - - - - - - FkCpou1t1Vt0YinJq6 - application/x-shockwave-flash +1320279589.317863 C5DisEMFU77Wk9Kae 192.168.2.76 52063 204.246.169.252 80 5 GET edge.sproutbuilder.com /code/1319516275/com.sproutbuilder.platforms.GoogleAnalyticsPlatform.swf - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 51897 200 OK - - (empty) - - - - - - FiBTwJ2zXXVZZ3aI0d - application/x-shockwave-flash +1320279590.080406 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 10 GET ad.doubleclick.net /activity;src=1251057;met=1;v=1;pid=47077323;aid=247206211;ko=11;cid=44589125;rid=44606913;rv=1;×tamp=1320279590078;eid1=2;ecn1=1;etm1=8; http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42 200 OK - - (empty) - - - - - - Fa4s1w3OIKrgQOmn1c - image/gif +1320279590.554429 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 7 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=1977361745&utmhn=s0.2mdn.net&utmt=event&utme=5(cachedCodeMiss*MABQrgjDNeiVz7Kj* )(0)&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/&utmac=UA-5905822-1&utmcc=__utma=83256788.1532070249585310700.1304822985.1320193646.1320279590.297; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FoZQYe34dgjuHgb1Sd - image/gif +1320279590.579330 CD1jfU3p9abEm77mzf 192.168.2.76 52075 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=754945709&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/sprout/MABQrgjDNeiVz7Kj/view&utmac=UA-5905822-1&utmcc=__utma=83256788.1532070249585310700.1304822985.1320193646.1320279590.297; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - Fyq8F21bTZJAyHUxIb - image/gif +1320279590.581157 CN5hnY3x51j6Hr1v4 192.168.2.76 52036 74.125.225.78 80 8 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=1428329940&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/MABQrgjDNeiVz7Kj&utmac=UA-32013-47&utmcc=__utma=83256788.1532070249585310700.1304822985.1320279590.1320279590.298; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - FHnvsV2OYtFTWZGPM9 - image/gif +1320279590.581430 C0K9DaoPFkfnzwlZa 192.168.2.76 52076 74.125.225.78 80 1 GET www.google-analytics.com /__utm.gif?utmwv=4.3as&utmn=223025521&utmhn=s0.2mdn.net&utmcs=UTF-8&utmsr=1280x800&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=10.1 r102&utmdt=Slashdot: News for nerds, stuff that matters&utmhid=756102172&utmr=-&utmp=/MABQrgjDNeiVz7Kj/Untitled Page&utmac=UA-32013-47&utmcc=__utma=83256788.1532070249585310700.1304822985.1320279590.1320279590.298; - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 35 200 OK - - (empty) - - - - - - Feqm4J3iuQBtNnTEre - image/gif +1320279600.078941 CmWpC33jXuKpXNLcie 192.168.2.76 52037 74.125.225.91 80 11 GET ad.doubleclick.net /activity;src=1251057;met=1;v=1;pid=47077323;aid=247206211;ko=11;cid=44589125;rid=44606913;rv=1;×tamp=1320279600077;eid1=2;ecn1=0;etm1=10; http://slashdot.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 42 200 OK - - (empty) - - - - - - FC2TUu4ohZGmou4as - image/gif +1320279600.921844 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 1 GET www.google.com /jsapi http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 23184 200 OK - - (empty) - - - - - - Fhm2NC27oehfBrVKsd - text/plain +1320279600.688672 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 1 GET www.bro-ids.org / - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14258 200 OK - - (empty) - - - - - - FY05u72qZWO5o7Z2a - text/html +1320279600.921091 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 1 GET www.bro-ids.org /css/pygments.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2957 200 OK - - (empty) - - - - - - FR5Qvt1sx1p8pzmdtj - text/plain +1320279600.924479 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 1 GET www.bro-ids.org /css/print.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 334 200 OK - - (empty) - - - - - - FgV8RW27C5HTHOolrk - text/plain +1320279600.921641 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 1 GET www.bro-ids.org /css/960.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5600 200 OK - - (empty) - - - - - - FcT6ak3zlX7zUFMefh - text/plain +1320279601.025685 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.zrssfeed.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3324 200 OK - - (empty) - - - - - - FhKTDH1mwUptcDlgU9 - text/plain +1320279600.995522 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.fancybox-1.3.4.pack.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 15669 200 OK - - (empty) - - - - - - FqFURH1MR5BhnnvfZh - text/plain +1320279601.021907 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.tweet.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 8894 200 OK - - (empty) - - - - - - FeFVLI3Awcp2Tgpdxj - text/plain +1320279601.130463 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 3 GET www.bro-ids.org /js/superfish.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3833 200 OK - - (empty) - - - - - - FoAMYj4is1GDyS2dZi - text/plain +1320279601.201354 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 3 GET www.bro-ids.org /js/hoverIntent.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3257 200 OK - - (empty) - - - - - - FO8dv4OWQKKWRq0M7 - text/plain +1320279601.219818 Cd8s2R3OGDgkhnvSu9 192.168.2.76 52079 192.150.187.43 80 3 GET www.bro-ids.org /js/general.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5108 200 OK - - (empty) - - - - - - FJQxkp6TVhaNdhg6f - text/plain +1320279601.127352 CBeaXe4Iyj1gXd2Iq 192.168.2.76 52080 192.150.187.43 80 2 GET www.bro-ids.org /js/jquery.tableofcontents.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10384 200 OK - - (empty) - - - - - - FYKJ0y2gwKzVqIPOu5 - text/plain +1320279600.921817 CmWpSw3VtjiAceBCwf 192.168.2.76 52081 192.150.187.43 80 1 GET www.bro-ids.org /css/bro-ids.css http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 23964 200 OK - - (empty) - - - - - - FtYub54s8HXI8r2JT1 - text/plain +1320279601.239924 CX1GjC4vn52UY1uDv6 192.168.2.76 52082 192.150.187.43 80 4 GET www.bro-ids.org /js/jquery.collapse.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 5735 200 OK - - (empty) - - - - - - F0xM1j3wDeCr0UqNS1 - text/plain +1320279600.925084 CaPClb1Bf0RrRGtyWi 192.168.2.76 52083 192.150.187.43 80 1 GET www.bro-ids.org /js/jquery.cycle.all.min.js http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 31052 200 OK - - (empty) - - - - - - FSQQ8nplvGBhBLgz8 - text/plain +1320279601.385890 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 2 GET www.google.com /uds/?file=search&v=1&hl=en http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 615 200 OK - - (empty) - - - - - - FDwylw2NdwC19wGS77 - text/plain +1320279601.554052 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 3 GET www.google.com /uds/?file=ads&v=3&packages=search&async=2 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 441 200 OK - - (empty) - - - - - - FietVd1NOjUCHJiqpa - text/plain +1320279601.305092 CbQAWi3GX2bCmX5L56 192.168.2.76 52078 192.150.187.43 80 4 GET www.bro-ids.org /images/bro-eyes.png http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 46415 200 OK - - (empty) - - - - - - FxO0Mzcsll6F6W5If - image/png +1320279601.576535 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 1 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279601.576629 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 1 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279601.585473 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 1 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279601362&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - F1zJJe3NVHAaTYoSB2 - text/plain +1320279601.636171 CK957ERTz8lBycly4 192.168.2.76 52085 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279601360 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fu8xI43gbfnTmSOEh - text/plain +1320279601.631059 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279601361 http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - F6HZ0A3TyUou56RR2i - text/plain +1320279610.842497 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 1 GET www.bro-ids.org /download/index.html http://www.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 18981 200 OK - - (empty) - - - - - - FQ5FRM2xyT1BwXV8d2 - text/html +1320279611.147279 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 2 GET www.bro-ids.org /js/breadcrumbs.js http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 2021 200 OK - - (empty) - - - - - - FatmzL3v37tIyHwqBd - text/plain +1320279611.248377 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 3 GET www.bro-ids.org /images/icons/download.png http://www.bro-ids.org/css/bro-ids.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 716 200 OK - - (empty) - - - - - - FdcBQFJQuOKnBUiN7 - image/png +1320279611.530084 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 4 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279611.530359 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 2 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279611.527729 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 2 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279611010&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FJ1t1Z2EpTTMw2Rrdk - text/plain +1320279611.527499 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 2 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279611009 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FWPC0B25vmDQsn5Uid - text/plain +1320279611.615559 CurHpb1TGZOktTRNP1 192.168.2.76 52092 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279611008 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F1zPyq3ZCdx2Przg4d - text/plain +1320279612.151517 CO5QKYQkcSdxQFA35 192.168.2.76 52090 192.150.187.43 80 4 GET www.bro-ids.org /documentation/index.html http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 14762 200 OK - - (empty) - - - - - - FAhpvZ1Au5PG4I7Aah - text/html +1320279612.497234 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 5 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279612.497348 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 2 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279612.495602 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 3 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279612311&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FUcAdl1oIIu09uHxQh - text/plain +1320279612.495458 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 3 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279612310 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - Fk2gkj3kfAL1hYWbG5 - text/plain +1320279612.574308 CuUKOQ1R3CqKBgeTdf 192.168.2.76 52093 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279612309 http://www.bro-ids.org/documentation/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - FpSSeZ2ZRioppjrZji - text/plain +1320279613.969241 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 6 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279613.970081 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 3 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279613.968918 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 4 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279613813&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FraFOz3DFPTGZNaJC6 - text/plain +1320279613.968841 C3TZMB4CrUwYfkGJy1 192.168.2.76 52086 199.59.148.20 80 4 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279613812 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FmB8iY3WlgS5hBY7Wf - text/plain +1320279614.052578 C3xkHgJnzZszVSTpi 192.168.2.76 52094 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279613811 http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F762sm4bW4MkAIJJGe - text/plain +1320279616.824058 CMrjgF2XLmRh9C9TR4 192.168.2.76 52095 208.85.41.42 80 1 GET cont-sjl-1.pandora.com /images/public/amz/0/9/0/0/842694020090_500W_433H.jpg app:/desktop.swf 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/531.9 (KHTML, like Gecko) AdobeAIR/2.6 0 59209 200 OK - - (empty) - - - - - - FipMsu3eD5AnIRq2N - image/jpeg +1320279630.119515 C2vQ8sVgyADHjtEda 192.168.2.76 52096 192.150.187.43 80 1 GET www.bro-ids.org /community/index.html http://www.bro-ids.org/download/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 15087 200 OK - - (empty) - - - - - - FeyKb7qKmO9eR5OKi - text/html +1320279630.488327 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 7 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279630.488443 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 3 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279630.486761 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 5 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279630306&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - F9xd37OdlAikt5No5 - text/plain +1320279630.565603 CD69521bDXIAb4IkW 192.168.2.76 52097 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279630304 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - FQPsz94ybCmQu6Xiq4 - text/plain +1320279630.566430 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279630305 http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FgGEuUcNVvhufCFR3 - text/plain +1320279636.797267 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 1 GET www.bro-ids.org /development/index.html http://www.bro-ids.org/community/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 18428 200 OK - - (empty) - - - - - - FNbqYH3mmO41rlz20h - text/html +1320279637.219103 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 8 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279637.219249 CibfNy1QQW4ImDWRq5 192.168.2.76 52088 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279637.215608 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 6 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279636956&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FAnyyncILgPoNLSa - text/plain +1320279637.303129 CmxyBl2c8XAMTuHEk4 192.168.2.76 52100 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279636954 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - F7JE7E2W4ihR5mCZhe - text/plain +1320279637.215272 CC3vUI3gFB04zLvWRa 192.168.2.76 52098 199.59.148.20 80 2 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279636955 http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - F3SK3Te5UYn22w7ji - text/plain +1320279638.548436 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 1 GET git.bro-ids.org / http://www.bro-ids.org/development/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 10073 200 OK - - (empty) - - - - - - F4qJsD4pKcjLtpeXEa - text/html +1320279639.050631 C4pHul1H3OeWYz7o7i 192.168.2.76 52102 192.150.187.43 80 1 GET git.bro-ids.org /static/git-logo.png http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 207 200 OK - - (empty) - - - - - - F5il8p3yYIq690qvNc - image/png +1320279639.053683 C7Lcvr4vsTf6eYpBva 192.168.2.76 52104 192.150.187.43 80 1 GET git.bro-ids.org /static/git-favicon.png - 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1150 200 OK - - (empty) - - - - - - FBCz8D1BQ3SiYOv7m9 - image/x-icon +1320279639.047586 CSvs6v26bQqFylkk6l 192.168.2.76 52101 192.150.187.43 80 2 GET git.bro-ids.org /static/gitweb.css http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 9186 200 OK - - (empty) - - - - - - FyTRixVp6ulaxUUq2 - text/plain +1320279639.244415 CxyAKs10ppnHFP6O8i 192.168.2.76 52106 192.150.187.43 80 1 GET www-new.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 225 302 Found - - (empty) - - - - - - FrucKB2amhlamv0ivb - text/html +1320279639.244463 C6MrHk2C7rLuJqhjsg 192.168.2.76 52107 192.150.187.43 80 1 GET www-new.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 225 302 Found - - (empty) - - - - - - FpddCQ3BDmmGcuG9C3 - text/html +1320279639.348046 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 2 GET www.bro-ids.org /frames/header.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 3516 200 OK - - (empty) - - - - - - Fzea5XNhn9eNRMvx7 - text/html +1320279639.053730 CV8faD4L1sLL5kDwN9 192.168.2.76 52103 192.150.187.43 80 1 GET git.bro-ids.org /static/gitweb.js http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 24528 200 OK - - (empty) - - - - - - F983UxQF0o4kjJjuf - text/plain +1320279639.463465 C7Krri4g9tZfHniGXh 192.168.2.76 52099 192.150.187.43 80 3 GET www.bro-ids.org /images/logo-bro-small.png http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6075 200 OK - - (empty) - - - - - - Fw6FlF4WtotJFNXmHb - image/png +1320279639.448670 CvfUrT2DgYXXoZw9Ah 192.168.2.76 52109 192.150.187.43 80 1 GET www.bro-ids.org /frames/footer.html http://git.bro-ids.org/ 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6695 200 OK - - (empty) - - - - - - FkCp6k4tqksK3tiSy7 - text/html +1320279639.786857 CBX0254QJoklXNbvv2 192.168.2.76 52110 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279639636 http://www.bro-ids.org/frames/footer.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Feut0t346XEHsQ0OC7 - text/plain +1320279672.372857 C6Ym6jvMgikT0xTTc 192.168.2.76 52111 192.150.187.43 80 1 GET www.bro-ids.org /research/index.html http://www.bro-ids.org/frames/header.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 47728 200 OK - - (empty) - - - - - - FOze0l2aT79uPyMiv7 - text/html +1320279673.123842 CTRXSR3blXJE5ZE7Ij 192.168.2.76 52089 74.125.225.83 80 4 GET www.google.com /uds/css/clear.gif http://www.google.com/uds/api/search/1.0/473bb688d0c0dd605119ad983f5a4386/default+en.css 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279673.123121 CbNCgO1MzloHRNeY4f 192.168.2.76 52084 74.125.225.83 80 9 GET www.google.com /uds/css/small-logo.png http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 0 304 Not Modified - - (empty) - - - - - - - - - +1320279673.121725 CnGze54kQWWpKqrrZ4 192.168.2.76 52087 209.85.145.95 80 7 GET ajax.googleapis.com /ajax/services/feed/load?v=1.0&callback=jsonp1320279672539&q=http://blog.bro-ids.org/feeds/posts/default&num=5 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6584 200 OK - - (empty) - - - - - - FXEXQEMH8DrEuAdg8 - text/plain +1320279673.204466 CJLgi92kpp2gLgGTE5 192.168.2.76 52113 199.59.148.20 80 1 GET api.twitter.com /1/statuses/user_timeline.json?screen_name=Bro_IDS&count=2&include_rts=1&callback=jsonp1320279672538 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 6095 200 OK - - (empty) - - - - - - FAVIuu2XZQyVznfnq8 - text/plain +1320279673.198815 CRNn9f1zKNlzHSM5pa 192.168.2.76 52112 199.59.148.201 80 1 GET search.twitter.com /search.json?&q=#BroIDS&rpp=2&callback=jsonp1320279672537 http://www.bro-ids.org/research/index.html 1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 0 1543 200 OK - - (empty) - - - - - - Fzjgwn8xXem3Esvk - text/plain +#close 2017-04-16-21-36-10 diff --git a/test/test_chunky_index.cc b/test/test_chunky_index.cc deleted file mode 100644 index 5eac9d15..00000000 --- a/test/test_chunky_index.cc +++ /dev/null @@ -1,102 +0,0 @@ - -#include "config.h" - -#include -#include - -#include "chunky_index.hh" -#include "../src/chunky_index.hh" - -int main(int argc, char *argv[]) -{ - int retval = EXIT_SUCCESS; - - { - chunky_index ci; - - ci.reset(); - ci.finish(); - assert(ci.chunk_count() == 0); - } - - { - chunky_index ci; - off_t off; - - ci.reset(); - off = ci.merge_value(1); - assert(off == 0); - ci.finish(); - ci.reset(); - off = ci.merge_value(2); - assert(off == 1); - ci.finish(); - - assert(ci.size() == 2); - assert(ci[0] == 1); - assert(ci[1] == 2); - assert(ci.chunk_count() == 1); - - ci.clear(); - assert(ci.size() == 0); - assert(ci.chunk_count() == 0); - } - - { - int expected[] = {0, 10, 11, 20, 30, 40, 50, 60, 70, 80, 90, 100}; - chunky_index ci; - off_t off; - - ci.reset(); - for (int lpc = 0; lpc < 11; lpc++) { - ci.merge_value(lpc * 10); - } - ci.finish(); - ci.reset(); - off = ci.merge_value(11); - assert(off == 2); - ci.finish(); - for (int lpc = 0; lpc < 12; lpc++) { - assert(expected[lpc] == ci[lpc]); - } - assert(ci.chunk_count() == 3); - } - - { - int expected[] = {0, 10, 20, 30, 40, 50, 51, 60, 70, 80, 90, 100}; - chunky_index ci; - - ci.reset(); - for (int lpc = 0; lpc < 11; lpc++) { - ci.merge_value(lpc * 10); - } - ci.finish(); - ci.reset(); - ci.merge_value(51); - ci.finish(); - for (int lpc = 0; lpc < 12; lpc++) { - assert(expected[lpc] == ci[lpc]); - } - assert(ci.chunk_count() == 3); - } - - { - int expected[] = {0, 10, 20, 30, 40, 50, 60, 70, 80, 90, 100, 110}; - chunky_index ci; - - ci.reset(); - for (int lpc = 0; lpc < 11; lpc++) { - ci.merge_value(lpc * 10); - } - ci.finish(); - ci.reset(); - ci.merge_value(110); - ci.finish(); - for (int lpc = 0; lpc < 12; lpc++) { - assert(expected[lpc] == ci[lpc]); - } - assert(ci.chunk_count() == 3); - } - - return retval; -} diff --git a/test/test_logfile.sh b/test/test_logfile.sh index d155e3e7..6bbb5e76 100644 --- a/test/test_logfile.sh +++ b/test/test_logfile.sh @@ -36,6 +36,14 @@ run_test ./drive_logfile -f zblued_log ${srcdir}/logfile_blued.0 on_error_fail_with "Didn't infer blued_log that collides with syslog?" +run_test ./drive_logfile -f bro_http_log ${srcdir}/logfile_bro_http.log.0 + +on_error_fail_with "Didn't infer bro_http_log log format?" + +run_test ./drive_logfile -f bro_conn_log ${srcdir}/logfile_bro_conn.log.0 + +on_error_fail_with "Didn't infer bro_conn_log log format?" + run_test ./drive_logfile ${srcdir}/logfile_empty.0 diff --git a/test/test_reltime.cc b/test/test_reltime.cc index 9b49d098..65d1130f 100644 --- a/test/test_reltime.cc +++ b/test/test_reltime.cc @@ -31,8 +31,12 @@ #include +#include + #include "relative_time.hh" +using namespace std; + static struct { const char *reltime; const char *expected; diff --git a/test/test_sql.sh b/test/test_sql.sh index 3e8a9028..6104811b 100644 --- a/test/test_sql.sh +++ b/test/test_sql.sh @@ -2,6 +2,49 @@ lnav_test="${top_builddir}/src/lnav-test" +run_test ${lnav_test} -n \ + -c ";SELECT bro_conn_log.bro_duration as duration, bro_conn_log.bro_uid, group_concat( distinct (bro_method || ' ' || bro_host)) as req from bro_http_log, bro_conn_log where bro_http_log.bro_uid = bro_conn_log.bro_uid group by bro_http_log.bro_uid order by duration desc limit 10" \ + -c ":write-csv-to -" \ + ${test_dir}/logfile_bro_http.log.0 ${test_dir}/logfile_bro_conn.log.0 + +check_output "bro logs are not recognized?" <,2011-11-02 17:19:26.452,0,info,0,1320279566.452687,CwFs1P2UcUdlSxD2La,192.168.2.76,52026,132.235.215.119,80,1,GET,www.reddit.com,/,,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,109978,200,OK,,,,,,,,,,Ftw3fJ2JJF3ntMTL2,,text/html +1,,2011-11-02 17:19:26.831,379,info,0,1320279566.831619,CJxSUgkInyKSHiju1,192.168.2.76,52030,72.21.211.173,80,1,GET,e.thumbs.redditmedia.com,/E-pbDbmiBclPkDaX.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2300,200,OK,,,,,,,,,,FFTf9Zdgk3YkfCKo3,,image/jpeg +2,,2011-11-02 17:19:26.831,0,info,0,1320279566.831563,CJwUi9bdB9c1lLW44,192.168.2.76,52029,72.21.211.173,80,1,GET,f.thumbs.redditmedia.com,/BP5bQfy4o-C7cF6A.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2272,200,OK,,,,,,,,,,FfXtOj3o7aub4vbs2j,,image/jpeg +3,,2011-11-02 17:19:26.831,0,info,0,1320279566.831473,CoX7zA3OJKGUOSCBY2,192.168.2.76,52027,72.21.211.173,80,1,GET,e.thumbs.redditmedia.com,/SVUtep3Rhg5FTRn4.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,2562,200,OK,,,,,,,,,,F21Ybs3PTqS6O4Q2Zh,,image/jpeg +4,,2011-11-02 17:19:26.831,0,info,0,1320279566.831643,CT0JIh479jXIGt0Po1,192.168.2.76,52031,72.21.211.173,80,1,GET,f.thumbs.redditmedia.com,/uuy31444rLSyKdHS.jpg,http://www.reddit.com/,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,1595,200,OK,,,,,,,,,,Fdk0MZ1wQmKWAJ4WH4,,image/jpeg +EOF + +run_test ${lnav_test} -n \ + -c ";SELECT * FROM bro_http_log WHERE log_level = 'error'" \ + -c ":write-csv-to -" \ + ${test_dir}/logfile_bro_http.log.0 + +check_output "bro logs are not recognized?" <,2011-11-02 17:19:49.337,18,error,0,1320279589.337053,CBHHuR1xFnm5C5CQBc,192.168.2.76,52074,74.125.225.76,80,1,GET,i4.ytimg.com,/vi/gDbg_GeuiSY/hqdefault.jpg,,1.1,Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1,0,893,404,Not Found,,,,,,,,,,F2GiAw3j1m22R2yIg2,,image/jpeg +EOF + run_test ${lnav_test} -n \ -c ';select log_time from access_log where log_line > 100000' \ -c ':switch-to-view db' \