Skip to content

Commit 659a5b2

Browse files
hynekkarhynekkar
committed
Unirec output plugin: update list of UniRec elements
1 parent 8eb4954 commit 659a5b2

File tree

1 file changed

+104
-19
lines changed

1 file changed

+104
-19
lines changed

extra_plugins/output/unirec/config/unirec-elements.txt

Lines changed: 104 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,20 @@ BYTES_REV uint64 e29305id1
4343
PACKETS_REV uint32 e29305id2
4444
TCP_FLAGS_REV uint8 e29305id6
4545

46+
4647
# --- DNS specific fields ---
47-
DNS_ID uint16 flowmon:dnsId # DNS transaction id
48+
DNS_ANSWERS uint16 e8057id14 # DNS answers
49+
DNS_RCODE uint8 e8057id1 # DNS rcode
50+
DNS_NAME string e8057id2 # DNS name
51+
DNS_QTYPE uint16 e8057id3 # DNS qtype
52+
DNS_CLASS uint16 e8057id4 # DNS class
53+
DNS_RR_TTL uint32 e8057id5,flowmon:dnsCrrTtl # DNS rr ttl
54+
DNS_RLENGTH uint16 e8057id6 # DNS rlenght
55+
DNS_RDATA bytes e8057id7 # DNS rdata
56+
DNS_PSIZE uint16 e8057id8 # DNS payload size
57+
DNS_DO uint8 e8057id9 # DNS DNSSEC OK bit
58+
DNS_ID uint16 e8057id10,flowmon:dnsId # DNS transaction id
59+
4860
DNS_FLAGS uint16 flowmon:dnsFlagsCodes # DNS header flags
4961
DNS_CNT_QUESTIONS uint16 flowmon:dnsQuestionCount # DNS questions
5062
DNS_CNT_ANSWERS uint16 flowmon:dnsAnswrecCount # DNS answers
@@ -56,17 +68,37 @@ DNS_Q_CLASS uint16 flowmon:dnsQclass # DNS que
5668
DNS_RR_NAME string flowmon:dnsCrrName # DNS RR name
5769
DNS_RR_TYPE uint16 flowmon:dnsCrrType # DNS RR type
5870
DNS_RR_CLASS uint16 flowmon:dnsCrrClass # DNS RR class
59-
DNS_RR_TTL uint32 flowmon:dnsCrrTtl # DNS RR ttl
6071
DNS_RR_RDATA bytes flowmon:dnsCrrRdata # DNS RR rdata
6172
DNS_RR_RLENGTH uint16 flowmon:dnsCrrRdataLen # DNS RR rlenght
6273
# Note: Old fields DNS_RCODE, DNS_PSIDE and DNS_DO are not available anymore...
6374

75+
76+
# --- SMTP specific fields ---
77+
#SMTP_FLAGS uint8 e8057id200 # SMTP flags
78+
SMTP_COMMAND_FLAGS uint32 e8057id810 # SMTP command flags
79+
SMTP_MAIL_CMD_COUNT uint32 e8057id811 # SMTP MAIL command count
80+
SMTP_RCPT_CMD_COUNT uint32 e8057id812 # SMTP RCPT command count
81+
SMTP_FIRST_SENDER string e8057id813 # SMTP first sender
82+
SMTP_FIRST_RECIPIENT string e8057id814 # SMTP first recipient
83+
SMTP_STAT_CODE_FLAGS uint32 e8057id815 # SMTP status code flags
84+
SMTP_2XX_STAT_CODE_COUNT uint32 e8057id816 # SMTP 2XX status code count
85+
SMTP_3XX_STAT_CODE_COUNT uint32 e8057id817 # SMTP 3XX status code count
86+
SMTP_4XX_STAT_CODE_COUNT uint32 e8057id818 # SMTP 4XX status code count
87+
SMTP_5XX_STAT_CODE_COUNT uint32 e8057id819 # SMTP 5XX status code count
88+
SMTP_DOMAIN string e8057id820 # SMTP domain
89+
6490
# --- SIP specific fields ---
91+
SIP_MSG_TYPE uint16 e8057id100 # SIP message type
92+
SIP_STATUS_CODE uint16 e8057id101 # SIP status code
93+
SIP_CALL_ID string e8057id102,flowmon:sipCallId # SIP call id
94+
SIP_CALLING_PARTY string e8057id103,flowmon:sipCallingParty # SIP from
95+
SIP_CALLED_PARTY string e8057id104,flowmon:sipCalledParty # SIP to
96+
SIP_VIA string e8057id105,flowmon:sipVia # SIP VIA
97+
SIP_USER_AGENT string e8057id106 # SIP user agent
98+
SIP_REQUEST_URI string e8057id107 # SIP request uri
99+
SIP_CSEQ string e8057id108 # SIP CSeq
100+
65101
VOIP_PACKET_TYPE uint8 flowmon:voipPacketType
66-
SIP_CALL_ID string flowmon:sipCallId
67-
SIP_CALLING_PARTY string flowmon:sipCallingParty
68-
SIP_CALLED_PARTY string flowmon:sipCalledParty
69-
SIP_VIA string flowmon:sipVia
70102
SIP_INVITE_RINGING_TIME uint64 flowmon:sipInviteRingingTime
71103
SIP_OK_TIME uint64 flowmon:sipOkTime
72104
SIP_BYE_TIME uint64 flowmon:sipByeTime
@@ -82,13 +114,21 @@ RTCP_PACKETS uint64 flowmon:rtcpPackets
82114
RTCP_OCTETS uint64 flowmon:rtcpOctets
83115
RTCP_SOURCE_COUNT uint8 flowmon:rtcpSourceCount
84116

117+
118+
119+
85120
# --- HTTP elements ---
86-
HTTP_REQUEST_HOST string flowmon:httpHost
87-
HTTP_REQUEST_URL string flowmon:httpUrl
88-
HTTP_REQUEST_REFERER string flowmon:httpReferer
89-
HTTP_METHOD_MASK uint16 flowmon:httpMethodMask
90-
HTTP_RESPONSE_CONTENT_TYPE string flowmon:httpContentType
91-
HTTP_RESPONSE_STATUS_CODE uint16 flowmon:httpStatusCode
121+
HTTP_REQUEST_METHOD_ID uint32 e16982id500 # HTTP request method id
122+
HTTP_REQUEST_HOST string e16982id501,flowmon:httpHost # HTTP(S) request host
123+
HTTP_REQUEST_URL string e16982id502,flowmon:httpUrl # HTTP request url
124+
HTTP_REQUEST_AGENT_ID uint32 e16982id503 # HTTP request agent id
125+
HTTP_REQUEST_AGENT string e16982id504 # HTTP request agent
126+
HTTP_REQUEST_REFERER string e16982id505 # HTTP referer
127+
HTTP_RESPONSE_STATUS_CODE uint32 e16982id506,flowmon:httpStatusCode # HTTP response status code
128+
HTTP_RESPONSE_CONTENT_TYPE string e16982id507 # HTTP response content type
129+
130+
131+
HTTP_METHOD_ID uint16 flowmon:httpMethodID
92132
HTTP_UA_OS uint16 flowmon:httpUaOs
93133
HTTP_UA_OS_MAJ uint16 flowmon:httpUaOsMaj
94134
HTTP_UA_OS_MIN uint16 flowmon:httpUaOsMin
@@ -98,7 +138,10 @@ HTTP_UA_APP_MAJ uint16 flowmon:httpUaAppMaj
98138
HTTP_UA_APP_MIN uint16 flowmon:httpUaAppMin
99139
HTTP_UA_APP_BLD uint16 flowmon:httpUaAppBld
100140

141+
142+
101143
# --- Other fields ---
144+
IPV6_TUN_TYPE uint8 e16982id405 # IPv6 tunnel type
102145
APP_ID bytes e0id95 # Application ID from libprotoident / NBAR2 / Flowmon's NBAR plugin
103146

104147
# --- Flowmon TLS fields
@@ -132,10 +175,52 @@ TLS_PUBLIC_KEYLENGTH int32 flowmon:tlsPublicKeyLength # tlsP
132175
TLS_JA_3FINGERPRINT bytes flowmon:tlsJa3Fingerprint # tlsJa3Fingerprint
133176

134177
# --- Per-Packet Information elements ---
135-
PPI_TLS_REC_LENGTHS int16* e0id291/e8057id1010 # basicList of TLS record lengths
136-
PPI_TLS_REC_TIMES uint16* e0id291/e8057id1011 # basicList of TLS record timestamps
137-
PPI_TLS_CONTENT_TYPES uint8* e0id291/e8057id1012 # basicList of TLS record content types
138-
PPI_PKT_LENGTHS int16* e0id291/e8057id1013 # basicList of packet lengths
139-
PPI_PKT_TIMES time* e0id291/e8057id1014 # basicList of packet timestamps
140-
PPI_PKT_FLAGS int8* e0id291/e8057id1015 # basicList of packet TCP flags
141-
PPI_PKT_DIRECTIONS int8* e0id291/e8057id1016 # basicList of packet directions
178+
#PPI_TLS_REC_LENGTHS uint16* e0id291/e8057id1010 # basicList of TLS record lengths
179+
#PPI_TLS_REC_TIMES uint16* e0id291/e8057id1011 # basicList of TLS record timestamps
180+
#PPI_TLS_CONTENT_TYPES uint8* e0id291/e8057id1012 # basicList of TLS record content types
181+
PPI_PKT_LENGTHS uint16* e0id291/e8057id1013 # basicList of packet lengths
182+
PPI_PKT_TIMES time* e0id291/e8057id1014 # basicList of packet timestamps
183+
PPI_PKT_FLAGS uint8* e0id291/e8057id1015 # basicList of packet TCP flags
184+
PPI_PKT_DIRECTIONS int8* e0id291/e8057id1016 # basicList of packet directions
185+
186+
# --- SSDP Information elements ---
187+
188+
SSDP_LOCATION_PORT uint16 e8057id821
189+
SSDP_SERVER string e8057id822
190+
SSDP_USER_AGENT string e8057id823
191+
SSDP_NT string e8057id824
192+
SSDP_ST string e8057id825
193+
194+
# --- DNSDD Information elements ---
195+
196+
DNSSD_QUERIES string e8057id826
197+
DNSSD_RESPONSES string e8057id827
198+
199+
# --- OVPN Information elements ---
200+
201+
OVPN_CONF_LEVEL uint8 e8057id828
202+
203+
# --- NTP Information elements ---
204+
NTP_LEAP uint8 e8057id18
205+
NTP_VERSION uint8 e8057id19
206+
NTP_MODE uint8 e8057id20
207+
NTP_STRATUM uint8 e8057id21
208+
NTP_POLL uint8 e8057id22
209+
NTP_PRECISION uint8 e8057id23
210+
NTP_DELAY uint32 e8057id24
211+
NTP_DISPERSION uint32 e8057id25
212+
NTP_REF_ID string e8057id26
213+
NTP_REF string e8057id27
214+
NTP_ORIG string e8057id28
215+
NTP_RECV string e8057id29
216+
NTP_SENT string e8057id30
217+
218+
# --- ARP Information elements ---
219+
220+
ARP_HA_FORMAT uint16 e8057id31
221+
ARP_PA_FORMAT uint16 e8057id32
222+
ARP_OPCODE uint16 e8057id33
223+
ARP_SRC_HA bytes e8057id34
224+
ARP_SRC_PA bytes e8057id35
225+
ARP_DST_HA bytes e8057id36
226+
ARP_DST_PA bytes e8057id37

0 commit comments

Comments
 (0)