I am trying to see what kind of traffic is listed in the Stream Log,
what each column in the log file say,
need to parse the log to understand it,
thanks
Meir
Article Comments
The "best trick" to analyze them is to copy them out of the StreamLog folder. Then, open the file in notepad (or similar) and add the following to the begining of the file:
SEP=,
It should look like this:
SEP=,
01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,56321,6,10.0.0.1,286,01-DC-40-59-C6-B7,10.0.0.2,139,01-DC-40-59-C6-B7,44427,3008,255,10.0.11.65,0,0,65535,65535
01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,23875,6,10.0.0.1,500,43-5D-42-59-C6-B7,10.0.0.2,947,43-5D-42-59-C6-B7,72430,3009,255,10.0.11.65,0,0,65535,65535
01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,972,6,10.0.0.1,386,CC-03-44-59-C6-B7,10.0.0.2,144,CC-03-44-59-C6-B7,77595,3009,255,10.0.11.65,0,0,65535,65535
[...]
Now, you can open the file in excel and it should be legible. Something like this(This is from a Packet Sniffer sensor):
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 56321 | 6 | 10.0.0.1 | 286 | 01-DC-40-59-C6-B7 | 10.0.0.2 | 139 | 01-DC-40-59-C6-B7 | 44427 | 3008 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 23875 | 6 | 10.0.0.1 | 500 | 43-5D-42-59-C6-B7 | 10.0.0.2 | 947 | 43-5D-42-59-C6-B7 | 72430 | 3009 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 972 | 6 | 10.0.0.1 | 386 | CC-03-44-59-C6-B7 | 10.0.0.2 | 144 | CC-03-44-59-C6-B7 | 77595 | 3009 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
The fields will include the information listed here:
Basically you'll have some general properties, and then the IP/Port/Mac Source and the IP/Port/Mac destination.
Mar, 2017 - Permalink
hey,
thanks for quick respond,
but now how i know what the meaning of every column ?
first,second,third column is date of what ?
what is 56231,6,10.0.0.1,286, and so on until the end,
sorry if i don't explain my question,
I add few lines to show ..
|28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|27678|1|199.203.158.61|13509|00-00-00-00-00-00|199.203.1.20|53|00-00-00-00-00-00|122|1018|0|199.203.158.61|2|7|0|0|0|0|0.0.0.0|0|0|
|28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|63317|17|199.203.1.20|53|00-00-00-00-00-00|199.203.158.61|13509|00-00-00-00-00-00|116|1004|0|199.203.158.61|7|2|0|0|0|0|0.0.0.0|0|0|
|28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|14636|1|199.203.158.61|30772|00-00-00-00-00-00|199.203.1.20|53|00-00-00-00-00-00|135|1018|0|199.203.158.61|2|7|0|0|0|0|0.0.0.0|0|0|
thanks again
Mar, 2017 - Permalink
This is the heading for the Netflow streamlog:
Now,FromDateTime,ToDateTime,EthernetType,Protocol,SourceIP,SourcePort,SourceMAC,DestinationIP,DestinationPort,DestinationMAC,Size,ChannelID,ToS,SenderIP,InboundInterface,OutboundInterface,SourceASI,DestinationASI,SourceMask,DestinationMask,NextHop,SourceVLAN,DestinationVLAN
Mar, 2017 - Permalink
thanks for your help,
this is what I look for,
thanks again.
Meir
May, 2017 - Permalink
The "best trick" to analyze them is to copy them out of the StreamLog folder. Then, open the file in notepad (or similar) and add the following to the begining of the file:
SEP=,
It should look like this:
Now, you can open the file in excel and it should be legible. Something like this(This is from a Packet Sniffer sensor):
The fields will include the information listed here:
Basically you'll have some general properties, and then the IP/Port/Mac Source and the IP/Port/Mac destination.
Mar, 2017 - Permalink