Skip to content

Commit 05add4c

Browse files
Lukas955Lukas955
committed
Unirec output: update conversion map (replace CESNET & MUNI IEs with Flowmon)
1 parent 150d6b3 commit 05add4c

File tree

1 file changed

+49
-81
lines changed

1 file changed

+49
-81
lines changed

extra_plugins/output/unirec/config/unirec-elements.txt

Lines changed: 49 additions & 81 deletions
Original file line numberDiff line numberDiff line change
@@ -44,93 +44,61 @@ PACKETS_REV uint32 e29305id2
4444
TCP_FLAGS_REV uint8 e29305id6
4545

4646
# --- DNS specific fields ---
47-
DNS_ID uint16 e39499id110 # DNS transaction id
48-
DNS_FLAGS uint16 e39499id111 # DNS header flags
49-
DNS_CNT_QUESTIONS uint16 e39499id112 # DNS questions
50-
DNS_CNT_ANSWERS uint16 e39499id113 # DNS answers
51-
DNS_CNT_AUTHS uint16 e39499id114 # DNS auth. records
52-
DNS_CNT_ADDIT uint16 e39499id115 # DNS additional records
53-
DNS_Q_NAME string e39499id121 # DNS query name
54-
DNS_Q_TYPE uint16 e39499id122 # DNS query type
55-
DNS_Q_CLASS uint16 e39499id123 # DNS query class
56-
DNS_RR_NAME string e39499id116 # DNS RR name
57-
DNS_RR_TYPE uint16 e39499id117 # DNS RR type
58-
DNS_RR_CLASS uint16 e39499id118 # DNS RR class
59-
DNS_RR_TTL uint32 e39499id119 # DNS RR ttl
60-
DNS_RR_RDATA bytes e39499id120 # DNS RR rdata
61-
DNS_RR_RLENGTH uint16 e39499id124 # DNS RR rlenght
47+
DNS_ID uint16 flowmon:dnsId # DNS transaction id
48+
DNS_FLAGS uint16 flowmon:dnsFlagsCodes # DNS header flags
49+
DNS_CNT_QUESTIONS uint16 flowmon:dnsQuestionCount # DNS questions
50+
DNS_CNT_ANSWERS uint16 flowmon:dnsAnswrecCount # DNS answers
51+
DNS_CNT_AUTHS uint16 flowmon:dnsAuthrecCount # DNS auth. records
52+
DNS_CNT_ADDIT uint16 flowmon:dnsAddtrecCount # DNS additional records
53+
DNS_Q_NAME string flowmon:dnsQname # DNS query name
54+
DNS_Q_TYPE uint16 flowmon:dnsQtype # DNS query type
55+
DNS_Q_CLASS uint16 flowmon:dnsQclass # DNS query class
56+
DNS_RR_NAME string flowmon:dnsCrrName # DNS RR name
57+
DNS_RR_TYPE uint16 flowmon:dnsCrrType # DNS RR type
58+
DNS_RR_CLASS uint16 flowmon:dnsCrrClass # DNS RR class
59+
DNS_RR_TTL uint32 flowmon:dnsCrrTtl # DNS RR ttl
60+
DNS_RR_RDATA bytes flowmon:dnsCrrRdata # DNS RR rdata
61+
DNS_RR_RLENGTH uint16 flowmon:dnsCrrRdataLen # DNS RR rlenght
6262
# Note: Old fields DNS_RCODE, DNS_PSIDE and DNS_DO are not available anymore...
6363

64-
# --- SMTP specific fields ---
65-
#SMTP_FLAGS uint8 e8057id200 # SMTP flags
66-
SMTP_COMMAND_FLAGS uint32 e8057id810 # SMTP command flags
67-
SMTP_MAIL_CMD_COUNT uint32 e8057id811 # SMTP MAIL command count
68-
SMTP_RCPT_CMD_COUNT uint32 e8057id812 # SMTP RCPT command count
69-
SMTP_FIRST_SENDER string e8057id813 # SMTP first sender
70-
SMTP_FIRST_RECIPIENT string e8057id814 # SMTP first recipient
71-
SMTP_STAT_CODE_FLAGS uint32 e8057id815 # SMTP status code flags
72-
SMTP_2XX_STAT_CODE_COUNT uint32 e8057id816 # SMTP 2XX status code count
73-
SMTP_3XX_STAT_CODE_COUNT uint32 e8057id817 # SMTP 3XX status code count
74-
SMTP_4XX_STAT_CODE_COUNT uint32 e8057id818 # SMTP 4XX status code count
75-
SMTP_5XX_STAT_CODE_COUNT uint32 e8057id819 # SMTP 5XX status code count
76-
SMTP_DOMAIN string e8057id820 # SMTP domain
77-
7864
# --- SIP specific fields ---
79-
SIP_MSG_TYPE uint16 e8057id100 # SIP message type
80-
SIP_STATUS_CODE uint16 e8057id101 # SIP status code
81-
SIP_CALL_ID string e8057id102 # SIP call id
82-
SIP_CALLING_PARTY string e8057id103 # SIP from
83-
SIP_CALLED_PARTY string e8057id104 # SIP to
84-
SIP_VIA string e8057id105 # SIP VIA
85-
SIP_USER_AGENT string e8057id106 # SIP user agent
86-
SIP_REQUEST_URI string e8057id107 # SIP request uri
87-
SIP_CSEQ string e8057id108 # SIP CSeq
88-
89-
# --- HTTP elements --- (Flowmon HTTP plugin in MUNI PEN, and CESNET sdm-http(s) plugin in CESNET PEN)
90-
HTTP_REQUEST_METHOD_ID uint32 e16982id500,e8057id800 # HTTP request method id
91-
HTTP_REQUEST_HOST string e16982id501,e8057id801,e8057id808 # HTTP(S) request host
92-
HTTP_REQUEST_URL string e16982id502,e8057id802 # HTTP request url
93-
HTTP_REQUEST_AGENT_ID uint32 e16982id503 # HTTP request agent id
94-
HTTP_REQUEST_AGENT string e16982id504,e8057id804 # HTTP request agent
95-
HTTP_REQUEST_REFERER string e16982id505,e8057id803 # HTTP referer
96-
HTTP_RESPONSE_STATUS_CODE uint32 e16982id506,e8057id805 # HTTP response status code
97-
HTTP_RESPONSE_CONTENT_TYPE string e16982id507,e8057id806 # HTTP response content type
98-
HTTP_REQUEST_RANGE bytes e8057id821 # HTTP range
99-
HTTP_RESPONSE_TIME uint64 e8057id807,e8057id809 # HTTP(S) application response time
100-
101-
# --- Flowmon (former Invea) specific fields
102-
INVEA_VOIP_PACKET_TYPE uint8 e39499id32 # VOIP packet type
103-
INVEA_SIP_CALL_ID string e39499id33 # SIP call ID
104-
INVEA_SIP_CALLING_PARTY string e39499id34 # SIP calling party
105-
INVEA_SIP_CALLED_PARTY string e39499id35 # SIP called party
106-
INVEA_SIP_VIA string e39499id36 # SIP VIA
107-
INVEA_SIP_INVITE_RINGING_TIME time e39499id37 # SIP INVITE ringing time
108-
INVEA_SIP_OK_TIME time e39499id38 # SIP OK time
109-
INVEA_SIP_BYE_TIME time e39499id39 # SIP BYE time
110-
INVEA_SIP_RTP_IP4 ipaddr e39499id40 # SIP RTP IPv4
111-
INVEA_SIP_RTP_IP6 ipaddr e39499id41 # SIP RTP IPv6
112-
INVEA_SIP_RTP_AUDIO uint16 e39499id42 # SIP RTP audio
113-
INVEA_SIP_RTP_VIDEO uint16 e39499id43 # SIP RTP video
114-
INVEA_SIP_STATS uint64 e39499id44 # SIP stats
115-
INVEA_RTP_CODEC uint8 e39499id45 # RTP codec
116-
INVEA_RTP_JITTER uint32 e39499id46 # RTP jitter
117-
INVEA_RTCP_LOST uint32 e39499id47 # RTCP lost
118-
INVEA_RTCP_PACKETS uint64 e39499id48 # RTCP packets
119-
INVEA_RTCP_OCTETS uint64 e39499id49 # RTCP octets
120-
INVEA_RTCP_SOURCE_COUNT uint8 e39499id50 # RTCP source count
121-
INVEA_SIP_USER_AGENT string e39499id51 # SIP User Agent
122-
INVEA_SIP_REQUEST_URI string e39499id52 # SIP Request-URI
65+
VOIP_PACKET_TYPE uint8 flowmon:voipPacketType
66+
SIP_CALL_ID string flowmon:sipCallId
67+
SIP_CALLING_PARTY string flowmon:sipCallingParty
68+
SIP_CALLED_PARTY string flowmon:sipCalledParty
69+
SIP_VIA string flowmon:sipVia
70+
SIP_INVITE_RINGING_TIME uint64 flowmon:sipInviteRingingTime
71+
SIP_OK_TIME uint64 flowmon:sipOkTime
72+
SIP_BYE_TIME uint64 flowmon:sipByeTime
73+
SIP_RTP_IP4 ipaddr flowmon:sipRtpIp4
74+
SIP_RTP_IP6 ipaddr flowmon:sipRtpIp6
75+
SIP_RTP_AUDIO uint16 flowmon:sipRtpAudio
76+
SIP_RTP_VIDEO uint16 flowmon:sipRtpVideo
77+
SIP_STATS bytes flowmon:sipStats
78+
RTP_CODEC uint8 flowmon:rtpCodec
79+
RTP_JITTER uint32 flowmon:rtpJitter
80+
RTCP_LOST uint32 flowmon:rtcpLost
81+
RTCP_PACKETS uint64 flowmon:rtcpPackets
82+
RTCP_OCTETS uint64 flowmon:rtcpOctets
83+
RTCP_SOURCE_COUNT uint8 flowmon:rtcpSourceCount
12384

124-
# --- Heartbeat detection fields ---
125-
HB_TYPE uint8 e8057id700 # TLS content type
126-
HB_DIR uint8 e8057id701 # Heartbeat request/response byte
127-
HB_SIZE_MSG uint16 e8057id702 # Heartbeat message size
128-
HB_SIZE_PAYLOAD uint16 e8057id703 # Heartbeat payload size
85+
# --- HTTP elements ---
86+
HTTP_REQUEST_HOST string flowmon:httpHost
87+
HTTP_REQUEST_URL string flowmon:httpUrl
88+
HTTP_REQUEST_REFERER string flowmon:httpReferer
89+
HTTP_METHOD_MASK uint16 flowmon:httpMethodMask
90+
HTTP_RESPONSE_CONTENT_TYPE string flowmon:httpContentType
91+
HTTP_RESPONSE_STATUS_CODE uint16 flowmon:httpStatusCode
92+
HTTP_UA_OS uint16 flowmon:httpUaOs
93+
HTTP_UA_OS_MAJ uint16 flowmon:httpUaOsMaj
94+
HTTP_UA_OS_MIN uint16 flowmon:httpUaOsMin
95+
HTTP_UA_OS_BLD uint16 flowmon:httpUaOsBld
96+
HTTP_UA_APP uint16 flowmon:httpUaApp
97+
HTTP_UA_APP_MAJ uint16 flowmon:httpUaAppMaj
98+
HTTP_UA_APP_MIN uint16 flowmon:httpUaAppMin
99+
HTTP_UA_APP_BLD uint16 flowmon:httpUaAppBld
129100

130101
# --- Other fields ---
131-
#FLOWDIR_SYN uint8 e8057id299 # Packet with SYN flag only flag
132-
VENOM uint8 e8057id1001 # Venom rootkit detection
133-
IPV6_TUN_TYPE uint8 e16982id405 # IPv6 tunnel type
134102
APP_ID bytes e0id95 # Application ID from libprotoident / NBAR2 / Flowmon's NBAR plugin
135103

136104
# --- Flowmon TLS fields

0 commit comments

Comments
 (0)