diff options
Diffstat (limited to 'MPE/nacos')
93 files changed, 38845 insertions, 0 deletions
diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/.meta.yml b/MPE/nacos/MSH/nacos_config_export_20230724161814/.meta.yml new file mode 100644 index 0000000..707887e --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/.meta.yml @@ -0,0 +1,73 @@ +Galaxy.active_defence_event~json.app=galaxy-qgw-service +Galaxy.application_protocol_stat~json.app=galaxy-qgw-service +Galaxy.assessment_event~json.app=galaxy-qgw-service +Galaxy.bgp_record~json.app=galaxy-qgw-service +Galaxy.ck-filter~json.app=galaxy-qgw-service +Galaxy.ck-queries-template~sql.app=galaxy-qgw-service +Galaxy.clusters~json.app=galaxy-qgw-service +Galaxy.columns_cluster~json.app=galaxy-qgw-service +Galaxy.disks_cluster~json.app=galaxy-qgw-service +Galaxy.distributed_ddl_queue~json.app=galaxy-qgw-service +Galaxy.dos_event~json.app=galaxy-qgw-service +Galaxy.druid-filter~json.app=galaxy-qgw-service +Galaxy.druid-queries-template~sql.app=galaxy-qgw-service +Galaxy.engine-filter~json.app=galaxy-qgw-service +Galaxy.engine-queries-template~sql.app=galaxy-qgw-service +Galaxy.es-filter~json.app=galaxy-qgw-service +Galaxy.es-queries-template~sql.app=galaxy-qgw-service +Galaxy.galaxy-qgw-service~yml.app=galaxy-qgw-service +Galaxy.gtpc_knowledge_base~json.app=galaxy-qgw-service +Galaxy.gtpc_record~json.app=galaxy-qgw-service +Galaxy.hbase-filter~json.app=galaxy-qgw-service +Galaxy.hbase-queries-template~sql.app=galaxy-qgw-service +Galaxy.interim_session_record~json.app=galaxy-qgw-service +Galaxy.job_result~json.app=galaxy-qgw-service +Galaxy.liveChart_interim~json.app=galaxy-qgw-service +Galaxy.liveChart_session~json.app=galaxy-qgw-service +Galaxy.meta_data~json.app=galaxy-qgw-service +Galaxy.parts_cluster~json.app=galaxy-qgw-service +Galaxy.processes~json.app=galaxy-qgw-service +Galaxy.proxy_event~json.app=galaxy-qgw-service +Galaxy.proxy_rule_hits~json.app=galaxy-qgw-service +Galaxy.public_code_info~json.app=galaxy-qgw-service +Galaxy.public_schema_info~json.app=galaxy-qgw-service +Galaxy.query_log_cluster~json.app=galaxy-qgw-service +Galaxy.query_log~json.app=galaxy-qgw-service +Galaxy.radius_onff_log~json.app=galaxy-qgw-service +Galaxy.radius_record~json.app=galaxy-qgw-service +Galaxy.recommendation_app_cip~json.app=galaxy-qgw-service +Galaxy.relation_account_framedip~json.app=galaxy-qgw-service +Galaxy.report_result~json.app=galaxy-qgw-service +Galaxy.security_event_hits_log~json.app=galaxy-qgw-service +Galaxy.security_event~json.app=galaxy-qgw-service +Galaxy.security_rule_hits~json.app=galaxy-qgw-service +Galaxy.service_chaining_rule_hits~json.app=galaxy-qgw-service +Galaxy.service_function_status~json.app=galaxy-qgw-service +Galaxy.session_record_common_client_ip~json.app=galaxy-qgw-service +Galaxy.session_record_common_server_domain~json.app=galaxy-qgw-service +Galaxy.session_record_common_server_ip~json.app=galaxy-qgw-service +Galaxy.session_record_http_domain~json.app=galaxy-qgw-service +Galaxy.session_record~json.app=galaxy-qgw-service +Galaxy.sys_packet_capture_event~json.app=galaxy-qgw-service +Galaxy.sys_storage_log~json.app=galaxy-qgw-service +Galaxy.tables_cluster~json.app=galaxy-qgw-service +Galaxy.tables~json.app=galaxy-qgw-service +Galaxy.top_client_ips~json.app=galaxy-qgw-service +Galaxy.top_external_ips~json.app=galaxy-qgw-service +Galaxy.top_internal_ips~json.app=galaxy-qgw-service +Galaxy.top_server_domains~json.app=galaxy-qgw-service +Galaxy.top_server_fqdns~json.app=galaxy-qgw-service +Galaxy.top_server_ips~json.app=galaxy-qgw-service +Galaxy.top_subscribers~json.app=galaxy-qgw-service +Galaxy.traffic_general_stat~json.app=galaxy-qgw-service +Galaxy.traffic_shaping_rule_hits~json.app=galaxy-qgw-service +Galaxy.traffic_top_destination_ip_metrics_log~json.app=galaxy-qgw-service +Galaxy.transaction_record~json.app=galaxy-qgw-service +Galaxy.version~json.app=galaxy-qgw-service +Galaxy.voip_record~json.app=galaxy-qgw-service +Galaxy.galaxy-job-admin~properties.app=galaxy-job-service +Galaxy.galaxy-job-executor~properties.app=galaxy-job-service +Galaxy.galaxy-report-service~yml.app=galaxy-report-service +Galaxy.galaxy-hos-service~yml.app=galaxy-hos-service +Galaxy.dos_detection~properties.app=flink +Bifang.bifang-api.app=bifang diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Bifang/bifang-api b/MPE/nacos/MSH/nacos_config_export_20230724161814/Bifang/bifang-api new file mode 100644 index 0000000..f5fa670 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Bifang/bifang-api @@ -0,0 +1,145 @@ +#系统标题 +app_name=Tiangou Secure Gateway +#token超时时间 +token_timeout=1800 +#minio配置 +minio_url=http://192.168.20.158:9000 +minio_accessKey=minio +minio_mimaKey=MTIzNDU2Nzg5 +minio_bucketName=tsg +minio_bucketName_settings=settings +#kafka生产者(kafkaTemplate)使用的地址 +spring_kafka_bootstrap_servers=192.168.20.223:9094,192.168.20.224:9094,192.168.20.225:9094 +#证书的的topic +certificate_info_topic=PXY-EXCH-INTERMEDIA-CERT +#groupid +kafka_consumer_group_id=tsg-consumer-cert +#银河数据库API地址 +olap_service_url=http://192.168.20.252:9999 +#银河数据库API返回格式 +olap_data_format=json +#real-time:实时查询 +olap_realtime_data_option=real-time +#long-term:离线查询 +olap_longterm_data_option=long-term +#syntax-validation:查询语句校验 +olap_validation_data_option=syntax-validation +#日志表导出时每次最多导出数据量 +olap_log_export_upper_limit=100000 +#银河数据库支持查询schema的表.以,分割 +olap_log_table_name=security_event,proxy_event,dos_event,active_defence_event,wannat_event,session_record,interim_session_record,transaction_record,radius_record,voip_record,gtpc_record,assessment_event,top_client_ip_log,top_server_ip_log,top_external_host_log,top_user_log,top_website_domain_log,top_urls_log,traffic_app_stat_log,traffic_metrics_log,traffic_summary_log,security_event_hits_log,security_rule_hits,proxy_event_hits_log,top_internal_host_log,traffic_top_destination_ip_metrics_log,sys_storage_log +#银河数据库事件类型日志表 +event_log_table_name=security_event,proxy_event,security_event_hits_log,proxy_event_hits_log,top_urls_log,security_rule_hits,traffic_shaping_rule_hits,service_chaining_rule_hits,proxy_rule_hits,service_function_status +#银河数据库schema缓存时间(秒) +olap_log_schema_cache_time=300 +#银河数据库schema查询URI +olap_log_schema_uri=/metadata/schema/v1/fields/ +#报告table类型top默认值 +report_table_top=500 +#报告柱图top默认值 +report_bar_top=50 +#报告饼图top默认值 +report_pie_top=50 +#二次分组时最大默认值 +report_max=100000 +#证书存放路径 +cert_file_path=/opt/tsg/cm/api/certFile/cert/ +cert_validate_file=x509 +cert_validate_success_info=Successful +#导出最大行数 +max_export_rows=10000000 +#echartsJS路径 +echartsJS_path=/opt/tsg/cm/api/js/echarts-convert/echarts/ +#TOTP用户输入Code码后锁定时间(单位s) +TOTP_LOCK_TIME=180 +#TOTP用户TOTP_USER_TIME秒内重试次数 +TOTP_USER_COUNT=5 +#TOT用户密匙 +TOTP_SECRET_KEY=FPK3NGDG55PM6SD5W4OJBTMVMUWSSGL62W2PLJH2PMEICBCCZNVQ +#TOT对应用户表UserName +TOTP_USER_MAPPING=TotPUser +#TOTP重试时间段(单位s) +TOTP_USER_TIME=60 +#TOTPKeyValidTime(s) +TOTP_CLOCK_TIME=180 +#策略对象导出分页查询每次查询数据量(合理设置可加快导出效率) +export_page_size=500000 +sub_group_allow_level=5 +sub_group_level=2 +corelation_level=5 +#功能端策略验证URI +policy_verify_uri=http://192.168.20.158:9994/v1/policy/verify +#捕包策略时长 +packet_capture_duration=86400 +#url、ip、fqdn、account、keyword、signature、subscriberId以外的其他Item导入上限 +otherUpperLimit=100000 +#测试IP地址可达性第三方接口URL +policy_test_ip_reachability_url=http://192.168.40.133:8888/v1/policy/profile/wannat/testip/reachability +#中间证书缓存上线 +cache_certificate_max_rows=10000 +#ip_import_max_rows=2000000 +vpn_server_ip=["1.2.3.4"] +layer2_natgw_ip=["1.2.3.4/32"] +#as_number上限 +asNumberLimit=100000 +#file_type上限 +fileTypeLimit=100000 +#file_size上限 +fileSizeLimit=100000 +#服务器:http(s):ip:port +downloadFileUrl=https://192.168.20.158:443/ +#系统语言设置 +sys_language=[{"value": "zh","label": "简体中文" },{"value": "rn","label": "Русский"},{"value": "en","label": "English"}] +#2fa名称配置 +tsg_2fa_name=tsg +#kafka认证信息 +sasl_jaas_config_info=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="galaxy2019"; +#查询WANNAT Access Servers信息 +wannat_access_server_url=http://10.224.11.55:8000/v1/wannat/access_servers +showCopyright=disable +#hos文件下载token +downloadToken=f5c5186ba4874182b33b9b2b2b6e3f77 +#ip location v4 v6 数量限制 +ipLocationLimit=1000000 +#单次app导入数量 +singleImportAppLimit=100 +#echartsJS路径 +geoip2CsvConverter_path=/opt/tsg/cm/api/tool/geoip2-csv-converter +#需要使用到的nz请求信息(用于发送给nz系统vsys信息) +#nz系统请求地址 +nzSystemAccessUrl=http://192.168.20.159 +#nz系统访问令牌 +nzSystemAccessToken=ac05fad8-8f6d-434b-ac2e-9163a70194d4 +#nz系统接收vsys信息的请求路径 +SendVirtualSystemInfoToNzUrlPath=/vsys/task +#查vsys进度 +GetVsysProcessUrlPath=/vsys/result +#以下配置参数:1 启用 0 停用 +#是否启用client_ip学习任务 +client_ip_learning_task=1 +#是否启用server_ip学习任务 +server_ip_learning_task=1 +#是否启用ssl_sni学习任务 +ssl_sni_learning_task=1 +#是否启用ip_learning学习任务 +ip_learning_task=1 +#是否启用subscriber_ip学习任务 +subscriber_ip_task=1 +#是否启用apn_teid学习任务 +apn_teid_task=0 +#是否启用imsi_teid学习任务 +imsi_teid_task=1 +#是否启用phone_number_teid学习任务 +phone_number_teid_task=1 +minio_bucketName_audit_log=auditlog +# 审计日志文件存储阈值 +audit_log_file_save_threshold=16777200 +# 审计日志文件存储条数限制 +audit_log_save_limit=100 +#app_sketch_db升级redis锁的超时时间 +app_sketch_db_update_redis_lock_timeout=1800000 +#traffic vsys操作权限切换,0=traffic vsys不能操作,1=traffic vsys可以操作 +traffic_vsys_switch=0 +#appSketchDb维护模式切换,0:内置数据不显示,1:内置数据可见,2:内置数据可见并修改/删除 +app_safeguard_switch=0 +resource_limit={"objectLimit": {"ip": 2500000, "fqdn": 1500000, "url": 2000000, "account": 100000, "keywords": 1000000, "http_signature": 100000, "subscriberid": 100000, "apn": 100000, "imsi": 100000, "phone_number": 100000, "flag": 100, "interval": 100000, "tunnel_id": 100000, "ip_learning": 100000, "app_id": 2000, "app_selector": 10000, "geo_location": 100000, "app_sig": 2000, "fqdn_category": 100000}, "policyLimit": {"tsg_security": 100000, "pxy_intercept": 500000, "pxy_manipulation": 100000, "wannat": 10000, "service_chaining": 10000, "traffic_shaping": 10000}}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/active_defence_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/active_defence_event.json new file mode 100644 index 0000000..86461a7 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/active_defence_event.json @@ -0,0 +1,382 @@ +{ + "type": "record", + "name": "active_defence_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "index_key": { + "$ref": "public_schema_info.json#/active_defence_event/index_key" + }, + "schema_query": { + "dimensions": [ + "common_policy_id", + "ad_target_ip", + "ad_cc_target_url" + ], + "metrics": [ + "ad_target_ip", + "ad_sent_byte_num", + "ad_sent_pkt_num", + "ad_cc_initiate_connection_num", + "ad_cc_established_connection_num", + "ad_cc_rejected_connection_num" + ], + "filters": [ + "common_policy_id", + "ad_target_ip", + "ad_target_port", + "ad_protocol", + "common_address_type", + "ad_sent_byte_num", + "ad_sent_pkt_num", + "ad_cc_initiate_connection_num", + "ad_cc_established_connection_num", + "ad_cc_rejected_connection_num" + ] + }, + "schema_type": { + "REFLECTION": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_address_type", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_entrance_id", + "common_user_region", + "ad_method", + "ad_protocol", + "ad_target_ip", + "ad_target_port", + "ad_target_ip_location", + "ad_target_ip_asn", + "ad_reflector_profile_id", + "ad_sent_pkt_num", + "ad_sent_byte_num", + "ad_generate_time" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "ad_target_ip", + "ad_target_port", + "ad_reflector_profile_id", + "ad_sent_pkt_num", + "ad_sent_byte_num" + ] + }, + "FLOOD": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_address_type", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_entrance_id", + "common_user_region", + "ad_method", + "ad_protocol", + "ad_target_ip", + "ad_target_port", + "ad_target_ip_location", + "ad_target_ip_asn", + "ad_claimed_src_ip_profile_id", + "ad_sent_pkt_num", + "ad_sent_byte_num", + "ad_generate_time" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "ad_target_ip", + "ad_target_port", + "ad_claimed_src_ip_profile_id", + "ad_protocol" + ] + }, + "CC": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_address_type", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_entrance_id", + "common_user_region", + "ad_method", + "ad_protocol", + "ad_cc_target_url", + "ad_claimed_src_ip_profile_id", + "ad_cc_initiate_connection_num", + "ad_cc_established_connection_num", + "ad_cc_rejected_connection_num", + "ad_generate_time" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "ad_cc_target_url", + "ad_claimed_src_ip_profile_id", + "ad_protocol" + ] + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "ad_target_ip", + "ad_target_port", + "ad_cc_target_url" + ] + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled" + }, + "type": "int" + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden" + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden" + }, + "type": "int" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden" + }, + "type": "string" + }, + { + "name": "ad_target_ip", + "label": "Target IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_ip_country", + "appendTo": "ad_target_ip_location" + }, + { + "function": "geo_asn", + "appendTo": "ad_target_ip_asn" + } + ], + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_target_port", + "label": "Target Port", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_cc_target_url", + "label": "Target URL", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_target_ip_location", + "label": "Target Location", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_target_ip_asn", + "label": "Target ASN", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_protocol", + "label": "Protocol", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_method", + "label": "Method", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "ad_claimed_src_ip_profile_id", + "label": "Claimed Profile ID", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_reflector_profile_id", + "label": "Reflector Profile ID", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_sent_pkt_num", + "label": "Packets Sent", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_sent_byte_num", + "label": "Bytes Sent", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_cc_initiate_connection_num", + "label": "Initiate Numbers", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_cc_established_connection_num", + "label": "Established Numbers", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_cc_rejected_connection_num", + "label": "Rejected Numbers", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "ad_generate_time", + "label": "Generate Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/application_protocol_stat.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/application_protocol_stat.json new file mode 100644 index 0000000..8a5d7ee --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/application_protocol_stat.json @@ -0,0 +1,272 @@ +{ + "type": "record", + "name": "application_protocol_stat", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 15, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "protocol_stack_id", + "label": "Protocol Stack ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "app_name", + "label": "App Name", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "client_ip_sketch", + "label": "Client IP Sketch", + "doc": { + "visibility": "enabled" + }, + "type": { + "type": "array", + "items": "string", + "logicalType": "array" + } + }, + { + "name": "c2s_pkts", + "label": "Packets Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_pkts", + "label": "Packets Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_bytes", + "label": "Bytes Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_bytes", + "label": "Bytes Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_fragments", + "label": "Fragmentation Packets (c2s)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_fragments", + "label": "Fragmentation Packets (s2c)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_tcp_lost_bytes", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_tcp_lost_bytes", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_tcp_ooorder_pkts", + "label": "TCP out-of-order Packets (c2s)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_tcp_ooorder_pkts", + "label": "TCP out-of-order Packets (s2c)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_tcp_retransmitted_pkts", + "label": "TCP Retransmission Packets (c2s)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_tcp_retransmitted_pkts", + "label": "TCP Retransmission Packets (s2c)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_tcp_retransmitted_bytes", + "label": "TCP Retransmission Bytes (c2s)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_tcp_retransmitted_bytes", + "label": "TCP Retransmission Bytes (s2c)", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/assessment_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/assessment_event.json new file mode 100644 index 0000000..6fc4cb2 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/assessment_event.json @@ -0,0 +1,126 @@ +{ + "type": "record", + "name": "assessment_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "index_key": { + "$ref": "public_schema_info.json#/assessment_event/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "lot_number", + "label": "Lot Number", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "file_name", + "label": "File Name", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "features", + "label": "Features", + "doc": { + "visibility": "hidden" + }, + "type": "string" + }, + { + "name": "assessment_type", + "label": "Assessment Type", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "size", + "label": "Size", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "file_checksum_sha", + "label": "SHA256", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "assessment_date", + "label": "Assessment Date", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "assessment_file", + "label": "Assessment File", + "doc": { + "constraints": { + "type": "file" + }, + "visibility": "enabled" + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/bgp_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/bgp_record.json new file mode 100644 index 0000000..dc32789 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/bgp_record.json @@ -0,0 +1,1375 @@ +{ + "type": "record", + "name": "bgp_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": [ + "common_log_id", + "common_recv_time", + "common_data_center" + ], + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_l7_protocol", + "common_protocol_label", + "common_l4_protocol", + "bgp_message_type", + "bgp_messages" + ], + "metrics": [ + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_l7_protocol", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "bgp_message_type", + "bgp_messages" + ], + "filters": [ + "common_stream_trace_id", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "bgp_message_type", + "bgp_messages" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn" + ], + "application": [ + "common_app_id", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region" + ] + } + }, + "schema_type": { + "GTP-C": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_surrogate_id", + "common_app_surrogate_id", + "common_service_category", + "common_l7_protocol", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "bgp_message_type", + "bgp_messages" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "bgp_message_type", + "bgp_messages", + "common_client_ip", + "common_server_ip" + ] + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "bgp_message_type", + "bgp_messages", + "common_client_ip", + "common_server_ip" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_processing_time", + "common_ingestion_time", + "common_packet_capture_file" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "128", + "value": "Allow" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "GTP-C", + "value": "GTP-C" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')].gtp_uplink_teid,$.[?(@.tunnels_schema_type=='GTP')].gtp_downlink_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "disabled", + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "ttl": null + }, + "type": { + "type": "array", + "items": "int" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "allow_query": "false", + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "allow_query": "false", + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "bgp_message_type", + "label": "BGP.Message Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_messages", + "label": "BGP.Message", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-filter.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-filter.json new file mode 100644 index 0000000..8e12d93 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-filter.json @@ -0,0 +1,99 @@ +{ + "version": "1.0", + "name": "ClickHouse-Raw", + "namespace": "ClickHouse", + "filters": [ + { + "name":"@start", + "value": "now()-3600" + }, + { + "name":"@end", + "value": "now()" + }, + { + "name":"@common_filter", + "value": [ + "common_log_id=1153021139190754263", + "common_client_ip='118.180.48.74'", + "common_client_ip='120.242.132.200'", + "common_internal_ip='223.116.37.192'", + "common_server_ip='8.8.8.8'", + "common_server_ip='114.114.114.114'", + "common_server_ip!='114.114.114.114'", + "common_server_ip='120.239.72.226'", + "common_external_ip='111.10.53.14'", + "common_client_port=52607", + "common_server_port=443", + "common_c2s_pkt_num>5", + "common_s2c_pkt_num>5", + "common_c2s_byte_num>100", + "common_s2c_byte_num<200", + "common_schema_type='DNS'", + "common_establish_latency_ms>200", + "common_con_duration_ms>10000", + "common_stream_trace_id=1153021139190754263", + "common_tcp_client_isn=2857077935", + "common_tcp_server_isn=0", + "common_server_domain='qq.com'", + "common_server_domain!='qq.com'", + "common_server_domain='yunser.com'", + "mail_account='[email protected]'", + "mail_subject='test'", + "dns_qname='qbwup.imtt.qq.com'", + "ssl_sni='mmbiz.qpic.cn'", + "ssl_sni='openai.qq.com'", + "ssl_con_latency_ms>100", + "ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1'", + "common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8'", + "common_server_ip='111.10.53.14' and common_server_port=443", + "common_server_ip like '120.239%'", + "common_server_ip not like '120.239%'", + "common_server_ip like '%114.114%'", + "mail_account like 'abc@%'", + "common_server_domain like '%baidu.com%'", + "ssl_sni like '%google.com'", + "common_server_domain like 'baidu%'", + "common_server_domain like '%baidu.com%'", + "common_client_ip in ('120.239.72.226','114.114.114.114')", + "common_client_ip not in ('120.239.72.226','114.114.114.114')", + "common_server_ip='116.177.248.126' and notEmpty(common_server_domain)", + "common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'", + "common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263", + "common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'", + "(common_server_domain='qq.com' or common_server_ip='120.239.72.226')", + "common_server_port not in (80,443)", + "common_server_domain not like '%qq.com'" + ] + }, + { + "name":"@index_filter", + "value": [ + "common_log_id=1153021139190754263", + "common_client_ip='118.180.48.74'", + "common_client_ip='120.242.132.200'", + "common_server_ip='114.114.114.114'", + "common_server_ip!='114.114.114.114'", + "common_server_ip='120.239.72.226'", + "common_server_domain='qq.com'", + "common_server_domain!='qq.com'", + "common_server_domain='yunser.com'", + "ssl_sni='mmbiz.qpic.cn'", + "ssl_sni='openai.qq.com'", + "common_server_ip like '120.239%'", + "common_server_ip not like '120.239%'", + "common_server_ip like '%114.114%'", + "common_subscriber_id='%test%'", + "common_server_domain like 'baidu%'", + "common_server_domain like '%baidu.com%'", + "common_client_ip in ('120.239.72.226','114.114.114.114')", + "common_client_ip not in ('120.239.72.226','114.114.114.114')", + "common_server_ip='116.177.248.126' and notEmpty(common_server_domain)", + "common_server_ip='116.177.248.126' and common_client_ip='120.242.132.200'", + "common_server_ip='116.177.248.126' and common_stream_trace_id=1153021139190754263", + "common_client_ip='120.242.132.200' and common_server_ip='116.177.248.126'", + "(common_server_domain='qq.com' or common_server_ip='120.239.72.226')" + ] + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-queries-template.sql b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-queries-template.sql new file mode 100644 index 0000000..2db6595 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/ck-queries-template.sql @@ -0,0 +1,120 @@ +--Q01.Count(1) +select count(1) FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) +--Q02.All Fields Query (default) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) LIMIT 30 +--Q03.All Fields Query order by Time desc +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 +--Q04.All Fields Query order by Time asc +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time asc LIMIT 30 +--Q05.All Fields Query by Filter +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @common_filter ORDER BY common_recv_time DESC LIMIT 30 +--Q06.Default Fields Query by Filter +SELECT toDateTime(common_recv_time) AS common_recv_time , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @common_filter ORDER BY common_recv_time DESC LIMIT 30 +--Q07.All Fields Query (sub query by time) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE toDateTime(common_recv_time) IN ( SELECT toDateTime(common_recv_time) FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 +--Q08.All Fields Query (sub query by log id) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 +--Q09.Default Field Query (sub query by time) +SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE toDateTime(common_recv_time) IN ( SELECT toDateTime(common_recv_time) FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 30 +--Q10.Default Field Query (sub query by log id) +SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( select common_log_id FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end)) ORDER BY common_recv_time DESC LIMIT 30 +--Q11.Default Field Query by Server IP (sub query by log id with Index Table) +SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM tsg_galaxy_v3.session_record_common_server_ip AS session_record_common_server_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 +--Q12.Default Field Query by Client IP (sub query by log id with Index Table) +SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM tsg_galaxy_v3.session_record_common_client_ip AS session_record_common_client_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 +--Q13.Default Field Query by Domain (sub query by log id with Index Table) +SELECT toDateTime(common_recv_time) AS common_recv_time_str , common_log_id , common_client_ip , common_client_port , common_server_ip , common_server_port FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( Select common_log_id FROM tsg_galaxy_v3.session_record_common_server_domain AS session_record_common_server_domain WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time DESC LIMIT 30 +--Q14.All Fields Query by Client IP (sub query by log id with index Table) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM tsg_galaxy_v3.session_record_common_client_ip AS session_record_common_client_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY toDateTime(common_recv_time) DESC LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 +--Q15.All Fields Query by Server IP(sub query by log id with index Table) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM tsg_galaxy_v3.session_record_common_server_ip AS session_record_common_server_ip WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 +--Q16.All Fields Query by Domain(sub query by log id with index Table) +SELECT * FROM tsg_galaxy_v3.session_record AS session_record WHERE common_log_id IN ( SELECT common_log_id FROM tsg_galaxy_v3.session_record_common_server_domain AS session_record_common_server_domain WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ORDER BY common_recv_time LIMIT 30 ) AND ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) AND @index_filter ) ORDER BY common_recv_time desc LIMIT 30 +--Q17.Session Logs Sent to Database Trend(Time Grain 5 minute) +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", count(common_log_id) AS "logs" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ) ) GROUP BY "Receive Time" LIMIT 10000 +--Q18.Traffic Bandwidth Trend(Time Grain 30 second) +SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 30 SECOND)))) AS stat_time, sum(common_c2s_byte_num) AS bytes_sent, sum(common_s2c_byte_num) AS bytes_received, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets, sum(common_sessions) AS sessions FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 100 +--Q19.Log Tend by Type (Time Grain 5 minute) +SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE)))) AS stat_time, common_schema_type AS type, sum(common_sessions) AS sessions, sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, sum(common_c2s_pkt_num + common_s2c_pkt_num) AS packets FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) GROUP BY stat_time, common_schema_type ORDER BY stat_time ASC LIMIT 100 +--Q20.Traffic Metrics Analytic +SELECT round(sum(common_s2c_byte_num) * 8 / 300,2) AS trafficInBits, round(sum(common_c2s_byte_num) * 8 / 300,2) AS trafficOutBits, round(sum(common_s2c_byte_num + common_c2s_byte_num) * 8 / 300,2) AS trafficTotalBits, round(sum(common_s2c_pkt_num) / 300,2) AS trafficInPackets, round(sum(common_c2s_pkt_num) / 300,2) AS trafficOutPackets, round(sum(common_s2c_pkt_num + common_c2s_pkt_num) / 300,2) AS trafficTotalPackets, round(sum(common_sessions) / 300,2) AS sessions FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) +--Q21.Traffic Endpoints Metrics Trend(Time Grain 5 minute) +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", uniq(common_internal_ip) AS "Unique Internal IP", uniq(common_external_ip) AS "Unique External IP", uniq(common_subscriber_id) AS "Unique Subscriber ID", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time" LIMIT 100 +--Q22.Endpoint Unique Num by L4 Protocol +SELECT 'all' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) UNION ALL SELECT 'tcp' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) UNION ALL SELECT 'UDP' AS type, uniq(common_client_ip) AS client_ips, uniq(common_internal_ip) AS internal_ips, uniq(common_server_ip) AS server_ips, uniq(common_external_ip) AS external_ips, uniq(common_subscriber_id) as subscriber_ids FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_l4_protocol IN ( 'IPv4_UDP', 'IPv6_UDP' ) +--Q23.One-sided Connection Trend(Time Grain 5 minute) +SELECT toDateTime(toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE)))) AS stat_time, (CASE WHEN common_stream_dir = 1 THEN 'c2s' WHEN common_stream_dir = 2 THEN 's2c' WHEN common_stream_dir = 3 THEN 'double' ELSE 'None' END) AS type, sum(common_sessions) AS sessions FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY stat_time, common_stream_dir ORDER BY stat_time ASC LIMIT 100 +--Q24. Estimated One-sided Sessions with Bandwidth +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(common_sessions) AS "sessions", sum(if(common_stream_dir <> 3, common_sessions, 0)) AS "one_side_sessions", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", round(one_side_sessions / sessions, 2) AS one_side_percent FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time" LIMIT 100 +--Q25.Estimated TCP Sequence Gap Loss +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(common_c2s_byte_num + common_s2c_byte_num) AS "bytes", sum(common_c2s_tcp_lostlen + common_s2c_tcp_lostlen) AS "gap_loss_bytes", round(gap_loss_bytes / bytes, 2) AS gap_loss_percent FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY "Receive Time" LIMIT 100 +--Q26.Top30 Server IP by Bytes +SELECT "server_ip" AS "server_ip" , SUM(coalesce("bytes",0)) AS "bytes" , SUM(coalesce("bytes_sent",0)) AS "Sent" , SUM(coalesce("bytes_received",0)) AS "Received" , SUM(coalesce("sessions",0)) AS "sessions" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS "bytes_sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "bytes_received" , SUM(common_c2s_byte_num+common_s2c_byte_num) AS "bytes" , SUM(coalesce(common_sessions,0)) AS "sessions" , common_server_ip AS "server_ip" FROM tsg_galaxy_v3.session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( common_server_ip) ) GROUP BY "server_ip" ORDER BY "bytes" desc ) GROUP BY "server_ip" ORDER BY "bytes" desc LIMIT 30 +--Q27.Top30 Client IP by Sessions +SELECT common_client_ip , COUNT(*) AS sessions FROM tsg_galaxy_v3.session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_client_ip ORDER BY sessions desc LIMIT 0,30 +--Q28.Top30 TCP Server Ports by Sessions +SELECT "Server Port" AS "Server Port", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_server_port AS "Server Port", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_l4_protocol IN ( 'IPv4_TCP', 'IPv6_TCP' ) ) GROUP BY "Server Port" LIMIT 1048576) GROUP BY "Server Port" ORDER BY "Sessions" DESC LIMIT 30 +--Q29.Top30 Domian by Bytes +SELECT "domain" AS "Website Domain" , SUM(coalesce("bytes",0)) AS "Throughput" FROM ( SELECT SUM(coalesce(common_c2s_byte_num,0)) AS "bytes_sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "bytes_received" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS "bytes" , common_server_domain AS "domain" FROM tsg_galaxy_v3.session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( common_server_domain) ) GROUP BY "domain" ORDER BY "bytes" desc ) GROUP BY "domain" ORDER BY "Throughput" desc LIMIT 30 +--Q30.Top30 Endpoint Devices by Bandwidth +SELECT "device_id" AS "device_id", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(common_c2s_byte_num + common_s2c_byte_num) AS bytes, common_device_id AS "device_id" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "device_id" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "device_id" ORDER BY "bytes" DESC LIMIT 30 +--Q31.Top30 Domain by Unique Client IP +SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Client IP", 0)) AS "Client IP" FROM (SELECT common_server_domain AS "Http.Domain", uniq(common_client_ip) AS "Client IP" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_domain) ) GROUP BY "Http.Domain" ORDER BY "Client IP" DESC LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Client IP" DESC LIMIT 30 +--Q32.Top100 Most Time Consuming Domains +SELECT "Domain" AS "Domain", avg(coalesce("Avg Establish Latency(ms)", 0)) AS "Avg Establish Latency(ms)" FROM (SELECT common_server_domain AS "Domain", avg(coalesce(common_establish_latency_ms, 0)) AS "Avg Establish Latency(ms)" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_domain) ) GROUP BY "Domain" LIMIT 1048576) GROUP BY "Domain" ORDER BY "Avg Establish Latency(ms)" DESC LIMIT 100 +--Q33.Top30 Sources by Sessions +SELECT "source" AS "source", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT coalesce(nullif(common_subscriber_id, ''), nullif(common_client_ip, '')) AS "source", sum(coalesce(common_sessions, 0)) AS "sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "source" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "source" ORDER BY "sessions" DESC LIMIT 30 +--Q34.Top30 Destinations by Sessions +SELECT "destination" AS "destination", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT coalesce(nullif(common_server_domain, ''), nullif(common_server_ip, '')) AS "destination", sum(coalesce(common_sessions, 0)) AS "sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "destination" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "destination" ORDER BY "sessions" DESC LIMIT 30 +--Q35.Top30 Destination Regions by Bandwidth +SELECT "server_location" AS "server_location", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT arrayElement(splitByString(',', common_server_location), length(splitByString(',', common_server_location))) AS "server_location", sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "bytes", sum(coalesce(common_sessions, 0)) AS "sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "server_location" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "server_location" ORDER BY "bytes" DESC LIMIT 30 +--Q36.Top30 URLS by Sessions +SELECT "Http URL" AS "Http URL", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT http_url AS "Http URL", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Http URL" LIMIT 1048576) GROUP BY "Http URL" ORDER BY "Sessions" DESC LIMIT 30 +--Q37.Top30 Destination Transmission APP by Bandwidth +SELECT "server_ip" AS "server_ip", groupUniqArray(coalesce("trans_app", 0)) AS "trans_app", sum(coalesce("bytes", 0)) AS "bytes", sum(coalesce("bytes_sent", 0)) AS "Sent", sum(coalesce("bytes_received", 0)) AS "Received" FROM (SELECT sum(coalesce(common_c2s_byte_num, 0)) AS "bytes_sent", sum(coalesce(common_s2c_byte_num, 0)) AS "bytes_received", sum(common_c2s_byte_num + common_s2c_byte_num) AS "bytes", groupUniqArray(concat(common_l4_protocol, '/', toString(common_server_port))) AS "trans_app", common_server_ip AS "server_ip" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_ip) ) GROUP BY "server_ip" ORDER BY "bytes" DESC LIMIT 1048576) GROUP BY "server_ip" ORDER BY "bytes" DESC LIMIT 30 +--Q38.Browsing Users by Website domains and Sessions +SELECT "Subscriber ID" AS "Subscriber ID", "Http.Domain" AS "Http.Domain", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT common_server_domain AS "Http.Domain", common_subscriber_id AS "Subscriber ID", sum(coalesce(common_sessions, 0)) AS "sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_domain) AND notEmpty(common_subscriber_id) ) GROUP BY "Http.Domain", "Subscriber ID" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "Subscriber ID", "Http.Domain" ORDER BY "sessions" DESC LIMIT 100 +--Q39.Top Domain and Server IP by Bytes Sent +SELECT "Http.Domain" AS "Http.Domain" , "Server IP" AS "Server IP" , SUM(coalesce("Bytes Sent",0)) AS "Bytes Sent" FROM ( SELECT common_server_ip AS "Server IP" , common_server_domain AS "Http.Domain" , SUM(coalesce(common_c2s_byte_num+common_s2c_byte_num,0)) AS "Bytes" , SUM(coalesce(common_c2s_byte_num,0)) AS "Bytes Sent" , SUM(coalesce(common_s2c_byte_num,0)) AS "Bytes Received" FROM tsg_galaxy_v3.session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty( common_server_domain) ) GROUP BY "Server IP" , "Http.Domain" ORDER BY "Bytes" desc LIMIT 1048576 ) GROUP BY "Http.Domain" , "Server IP" ORDER BY "Bytes Sent" desc LIMIT 100 +--Q40.Top30 Website Domains by Client IP and Sessions +SELECT "Http.Domain" AS "Http.Domain", "Client IP" AS "Client IP", sum(coalesce("sessions", 0)) AS "sessions" FROM (SELECT common_client_ip AS "Client IP", common_server_domain AS "Http.Domain", sum(coalesce(common_sessions, 0)) AS "sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_domain) ) GROUP BY "Client IP", "Http.Domain" ORDER BY "sessions" DESC LIMIT 1048576) GROUP BY "Http.Domain", "Client IP" ORDER BY "sessions" DESC LIMIT 100 +--Q41.Domain is Accessed by Unique Client IP Trend(bytes Time Grain 5 minute) +SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) AS _time , common_server_domain AS Domain, COUNT(DISTINCT(common_client_ip)) AS nums FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(common_server_domain) AND common_server_domain IN ( SELECT common_server_domain FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(common_server_domain) GROUP BY common_server_domain ORDER BY SUM(common_s2c_byte_num+common_c2s_byte_num) DESC LIMIT 5 ) GROUP BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) , common_server_domain ORDER BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) DESC LIMIT 100 +--Q42. Domain is Accessed by Unique Client IP Trend(sessions,Time Grain 5 minute) +SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),3600)*3600) AS stat_time , common_server_domain , uniq (common_client_ip) AS nums FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start)-604800 AND common_recv_time < toDateTime(@end) AND common_server_domain IN ( SELECT common_server_domain FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(common_server_domain) GROUP BY common_server_domain ORDER BY COUNT(*) desc LIMIT 5 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)*3600), common_server_domain ORDER BY stat_time desc LIMIT 100 +--Q43.Bandwidth Trend with Device ID(Time Grain 5 minute) +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", common_device_id AS "Device ID", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Receive Time", "Device ID" LIMIT 10000 +--Q44.Internal IP by Sled IP and Sessions +SELECT "Internal IP" AS "Internal IP", "Sled IP" AS "Sled IP", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_sled_ip AS "Sled IP", common_internal_ip AS "Internal IP", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Sled IP", "Internal IP" LIMIT 1048576) GROUP BY "Internal IP", "Sled IP" ORDER BY "Sessions" DESC LIMIT 10000 +--Q45.Bandwidth Trend with Internal IP (Time Grain 5 minute) +SELECT toUnixTimestamp(toDateTime(toStartOfInterval(toDateTime(common_recv_time),INTERVAL 5 MINUTE))) AS "Receive Time", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes", sum(coalesce(common_c2s_pkt_num + common_s2c_pkt_num, 0)) AS "Packets", sum(coalesce(common_sessions, 0)) AS "New Sessions", sum(coalesce(common_c2s_byte_num, 0)) AS "Bytes Sent", sum(coalesce(common_s2c_byte_num, 0)) AS "Bytes Received", sum(coalesce(common_c2s_pkt_num, 0)) AS "Packets Sent", sum(coalesce(common_s2c_pkt_num, 0)) AS "Packets Received" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) GROUP BY "Receive Time" LIMIT 10000 +--Q46.Top30 Domains Detail with Internal IP +SELECT "Domain" AS "Domain", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_server_domain AS "Domain", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) AND ( notEmpty(common_server_domain) ) GROUP BY "Domain" LIMIT 1048576) GROUP BY "Domain" ORDER BY "Sessions" DESC LIMIT 30 +--Q47.Top30 URLS Detail with Internal IP +SELECT "URL" AS "URL", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT http_url AS "URL", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) AND @common_filter ) AND ( notEmpty(http_url) ) GROUP BY "URL" LIMIT 1048576) GROUP BY "URL" ORDER BY "Sessions" DESC LIMIT 30 +--Q48.Top Domains with Unique Client IP and Subscriber ID +SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Unique Client IP", 0)) AS "Unique Client IP", sum(coalesce("Unique Subscriber ID", 0)) AS "Unique Subscriber ID" FROM (SELECT common_server_domain AS "Http.Domain", uniq(common_client_ip) AS "Unique Client IP", uniq(common_subscriber_id) AS "Unique Subscriber ID" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( notEmpty(common_server_domain) ) GROUP BY "Http.Domain" LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Unique Client IP" DESC LIMIT 100 +--Q49.Top100 Domains by Packets sent +SELECT "Http.Domain" AS "Http.Domain", sum(coalesce("Packets Sent", 0)) AS "Packets Sent" FROM (SELECT common_server_domain AS "Http.Domain", sum(coalesce(common_c2s_pkt_num, 0)) AS "Packets Sent" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Http.Domain" LIMIT 1048576) GROUP BY "Http.Domain" ORDER BY "Packets Sent" DESC LIMIT 100 +--Q50.Internal and External asymmetric traffic +SELECT "Internal IP" AS "Internal IP", "External IP" AS "External IP", "Sled IP" AS "Sled IP", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_sled_ip AS "Sled IP", common_external_ip AS "External IP", common_internal_ip AS "Internal IP", sum(coalesce(common_c2s_byte_num + common_s2c_byte_num, 0)) AS "Bytes Sent+Bytes Received", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_stream_dir != 3 ) GROUP BY "Sled IP", "External IP", "Internal IP" LIMIT 1048576) GROUP BY "Internal IP", "External IP", "Sled IP" ORDER BY "Sessions" DESC LIMIT 500 +--Q51.Client and Server ASN asymmetric traffic +SELECT "Client ASN" AS "Client ASN", "Server ASN" AS "Server ASN", sum(coalesce("Sessions", 0)) AS "Sessions" FROM (SELECT common_server_asn AS "Server ASN", common_client_asn AS "Client ASN", sum(coalesce(common_sessions, 0)) AS "Sessions" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) AND ( common_stream_dir != 3 ) GROUP BY "Server ASN", "Client ASN" LIMIT 1048576) GROUP BY "Client ASN", "Server ASN" ORDER BY "Sessions" DESC LIMIT 500 +--Q52.Top handshake latency by Website and Client IPs +SELECT "SSL.SNI" AS "SSL.SNI", "Client IP" AS "Client IP", avg(coalesce("Establish Latency(ms)", 0)) AS "Establish Latency(ms)" FROM (SELECT common_client_ip AS "Client IP", ssl_sni AS "SSL.SNI", avg(coalesce(common_establish_latency_ms, 0)) AS "Establish Latency(ms)" FROM tsg_galaxy_v3.session_record AS session_record WHERE ( ( common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) ) ) GROUP BY "Client IP", "SSL.SNI" LIMIT 1048576) GROUP BY "SSL.SNI", "Client IP" ORDER BY "Establish Latency(ms)" DESC LIMIT 500 +--Q53.Domain baidu.com Drill down Client IP +select common_client_ip as "Client IP" , avg(common_establish_latency_ms) as "Establishing Time Mean(ms)", count(1) as Responses,any(common_client_location) as Location FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_server_domain='baidu.com' group by "Client IP" order by Responses desc limit 100 +--Q54.Domain baidu.com Drill down Server IP +select common_server_ip as "Server IP" , avg(http_response_latency_ms) as "Server Processing Time Mean(ms)", count(1) as Responses,any(common_server_location) as Location FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_server_domain='baidu.com' group by "Server IP" order by Responses desc limit 100 +--Q55.Domain baidu.com Drill down URI +select http_url as "URI" , avg(http_response_latency_ms) as "Server Processing Time Mean(ms)", count(1) as Responses FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_server_domain='baidu.com' group by "URI" order by Responses desc limit 100 +--Q56.L7 Protocol Metrics +select common_l7_protocol as "Protocol" , uniq(common_client_ip) as "Clients" , uniq(common_server_ip) as "Servers", count(1) as Sessions,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and notEmpty(common_l7_protocol) group by common_l7_protocol order by bytes desc +--Q57.L7 Protocol SIP Drill down Client IP +select common_client_ip as "Client IP" , count(1) as Sessions,sum(common_c2s_byte_num) as "Bytes Out", sum(common_s2c_byte_num) as "Bytes In",any(common_client_location) as Location FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_l7_protocol='SIP' group by "Client IP" order by Sessions desc limit 100 +--Q58.L7 Protocol SIP Drill down Server IP +select common_server_ip as "Server IP" , count(1) as Sessions,sum(common_c2s_byte_num) as "Bytes Out", sum(common_s2c_byte_num) as "Bytes In",any(common_server_location) as Location FROM tsg_galaxy_v3.session_record where common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) and common_l7_protocol='SIP' group by "Server IP" order by Sessions desc limit 100 +--Q59.Top5 Server IP keys with Unique Client IPs Trend (Grain 5 minute) +SELECT toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) AS _time , common_server_ip AS server_ip, COUNT(DISTINCT(common_client_ip)) AS nums FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_server_ip IN ( SELECT common_server_ip FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_server_ip ORDER BY count(*) DESC LIMIT 5 ) GROUP BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) , server_ip ORDER BY toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300)*300) DESC LIMIT 100 +--Q60.JSQLParserException(V4.2) +select round(tcp_logs / logs, 2) as "TCP Percentage", round(udp_logs / logs, 2) as "UDP Percentage", round(egress_bytes / bytes, 2) as "Egress Percentage", round(ingress_bytes / bytes, 2) as "Ingress Percentage", tcp_logs as "TCP Logs", udp_logs as "UDP Logs", logs as "Logs", egress_bytes as "Egress Bytes", ingress_bytes as "Ingress Bytes", bytes as "Bytes"from (select sum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs, sum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs, sum(if(has(bitmaskToArray(common_flags), 256), common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes, sum(if(has(bitmaskToArray(common_flags), 128), common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes, count(*) as logs, sum(common_c2s_byte_num + common_s2c_byte_num) as bytes from session_record as sub_connection where common_recv_time >= toUnixTimestamp(@start) and common_recv_time < toUnixTimestamp(@end))
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/clusters.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/clusters.json new file mode 100644 index 0000000..fe07142 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/clusters.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "clusters", + "fields": [ + { + "name": "host_address", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/columns_cluster.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/columns_cluster.json new file mode 100644 index 0000000..d190d3c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/columns_cluster.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "columns_cluster", + "fields": [ + { + "name": "database", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/disks_cluster.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/disks_cluster.json new file mode 100644 index 0000000..70777c6 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/disks_cluster.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "disks_cluster", + "fields": [ + { + "name": "name", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/distributed_ddl_queue.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/distributed_ddl_queue.json new file mode 100644 index 0000000..888442e --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/distributed_ddl_queue.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "distributed_ddl_queue", + "fields": [ + { + "name": "name", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_detection.properties b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_detection.properties new file mode 100644 index 0000000..14c9e7c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_detection.properties @@ -0,0 +1,15 @@ +#静态敏感阈值,速率小于此值不报警 +static.sensitivity.threshold=500 + +#基线敏感阈值 +baseline.sensitivity.threshold=0.2 + +#基于baseline判定dos攻击的上下限 +baseline.sessions.minor.threshold=0.5 +baseline.sessions.warning.threshold=1 +baseline.sessions.major.threshold=2.5 +baseline.sessions.severe.threshold=5 +baseline.sessions.critical.threshold=8 + +#访问bifang只读权限token,bifang内置,无需修改 +bifang.server.token=aa2bdec5518ad131f71944b13ce5c298&1&
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_event.json new file mode 100644 index 0000000..79ae7d0 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/dos_event.json @@ -0,0 +1,248 @@ +{ + "type": "record", + "name": "dos_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "log_id", + "partition_key": "start_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/dos_event/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "default_columns": [ + "log_id", + "attack_type", + "source_ip_list", + "destination_ip", + "severity", + "start_time", + "end_time", + "packet_rate", + "bit_rate", + "session_rate" + ], + "internal_columns": [ + "start_time", + "log_id" + ] + }, + "fields": [ + { + "name": "start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "profile_id", + "label": "Profile ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "attack_type", + "label": "Attack Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "TCP SYN Flood", + "value": "TCP SYN Flood" + }, + { + "code": "UDP Flood", + "value": "UDP Flood" + }, + { + "code": "ICMP Flood", + "value": "ICMP Flood" + }, + { + "code": "DNS Flood", + "value": "DNS Flood" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "severity", + "label": "Severity", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "Critical", + "value": "Critical" + }, + { + "code": "Severe", + "value": "Severe" + }, + { + "code": "Major", + "value": "Major" + }, + { + "code": "Warning", + "value": "Warning" + }, + { + "code": "Minor", + "value": "Minor" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "conditions", + "label": "Conditions", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "destination_ip", + "label": "Destination IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "destination_country", + "label": "Destination Country", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "source_ip_list", + "label": "Source IPs", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "source_country_list", + "label": "Source Countries", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "session_rate", + "label": "Sessions/s", + "doc": { + "constraints": { + "type": "sessions/sec" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "packet_rate", + "label": "Packets/s", + "doc": { + "constraints": { + "type": "packets/sec" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "bit_rate", + "label": "Bits/s", + "doc": { + "constraints": { + "type": "bits/sec" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-filter.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-filter.json new file mode 100644 index 0000000..ed7bc15 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-filter.json @@ -0,0 +1,21 @@ +{ + "version": "1.0", + "name": "druid-Raw", + "namespace": "druid", + "filters": [ + { + "name":"@start", + "value": "TIMESTAMPADD(SECOND, -3600,CURRENT_TIMESTAMP)" + }, + { + "name":"@end", + "value": "CURRENT_TIMESTAMP" + }, + { + "name":"@common_filter", + "value": [ + "common_client_ip='192.168.44.21'and common_server_port=443" + ] + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-queries-template.sql b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-queries-template.sql new file mode 100644 index 0000000..2a2267d --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/druid-queries-template.sql @@ -0,0 +1,70 @@ +--Q01.All Security Rule Hits +select rule_id as rule_id,sum(hit_count) as hits,sum(in_bytes + out_bytes) as bytes from security_rule_hits where __time >@start and __time <@end group by rule_id +--Q02.Security Rule Hits with Rule ID 0 +select rule_id as rule_id,sum(hit_count) as hits from security_rule_hits where __time >@start and __time <@end and rule_id in (0) group by rule_id +--Q03.All Security Rule Hits Trend by 5min A +select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, sum(hit_count) as hits from security_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 +--Q04.Security Rule Hit Time(first and last time) A +select rule_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from security_rule_hits where rule_id in (0) group by rule_id +--Q05.Top 200 Security Rules with Action +select rule_id, action, sum(hit_count) as hits from security_rule_hits where __time >= @start and __time < @end group by rule_id, action order by hits desc limit 200 +--Q06.All Proxy Rule Hits +select rule_id as rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end group by rule_id +--Q07.Proxy Rule Hits with Rule ID 0 +select rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end and rule_id=0 group by rule_id +--Q08.All Proxy Rule Hits Trend by 5min A +select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') limit 10000 +--Q09.Proxy Rule Hit Time(first and last time) A +select rule_id as rule_id,TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used from proxy_rule_hits where rule_id in (0) group by rule_id +--Q10.Top 200 Proxy Rules +select rule_id, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by rule_id order by hits desc limit 200 +--Q11.Top 200 Proxy Rules with Action +select rule_id, action, sum(hit_count) as hits from proxy_rule_hits where __time >=@start and __time <@end group by rule_id, action order by hits desc limit 200 +--Q12.Proxy Action Hits +select action as action, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by action +--Q13.Proxy Action Hits Trend by 5min +select TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') as stat_time, action as action, sum(hit_count) as hits from proxy_rule_hits where __time >= @start and __time < @end group by TIME_FORMAT(time_floor(__time,'PT5M'),'yyyy-MM-dd HH:mm:ss') , action limit 10000 +--Q14.Traffic Metric[Bits/s | Bytes/s | Packets/s | Sessions/s | Active Sessions] +SELECT sum(sum_in_bytes) * 8 / 15 AS avg_in_bits_per_sec, sum(sum_out_bytes) * 8 / 15 AS avg_out_bits_per_sec, sum(sum_in_bytes + sum_out_bytes) * 8 / 15 AS avg_bits_per_sec, sum(sum_in_bytes) / 15 AS avg_in_bytes_per_sec, sum(sum_out_bytes) / 15 AS avg_out_bytes_per_sec, sum(sum_in_bytes + sum_out_bytes) / 15 AS avg_bytes_per_sec, sum(sum_in_pkts) / 15 AS avg_in_pkts_per_sec, sum(sum_out_pkts) / 15 AS avg_out_pkts_per_sec, sum(sum_in_pkts + sum_out_pkts) / 15 AS avg_pkts_per_sec, sum(sum_sessions) / 15 AS avg_sessions_per_sec, sum(max_active_sessions) AS active_sessions FROM ( SELECT device_id, vsys_id, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_pkts) AS sum_in_pkts, sum(out_pkts) AS sum_out_pkts, sum(sessions) AS sum_sessions, max(active_sessions) AS max_active_sessions FROM traffic_general_stat WHERE __time >= @start AND __time < @end GROUP BY device_id, vsys_id ) +--Q15.Traffic Metrics Bandwidth Bits IN/OUT +SELECT stat_time AS stat_time, avg(sum_in_bytes) * 8 / 15 AS avg_in_bits_per_sec, avg(sum_out_bytes) * 8 / 15 AS avg_out_bits_per_sec, avg(sum_bytes) * 8 / 15 AS avg_bits_per_sec, max(sum_in_bytes) * 8 / 15 AS max_in_bits_per_sec, max(sum_out_bytes) * 8 / 15 AS max_out_bits_per_sec, max(sum_bytes) * 8 / 15 AS max_bits_per_sec, min(sum_in_bytes) * 8 / 15 AS min_in_bits_per_sec, min(sum_out_bytes) * 8 / 15 AS min_out_bits_per_sec, min(sum_bytes) * 8 / 15 AS min_bits_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_bytes + out_bytes) AS sum_bytes FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 +--Q16.Traffic Metrics Bandwidth Bytes IN/OUT +SELECT stat_time AS stat_time, avg(sum_in_bytes) / 15 AS avg_in_bits_per_sec, avg(sum_out_bytes) / 15 AS avg_out_bits_per_sec, avg(sum_bytes) / 15 AS avg_bits_per_sec, max(sum_in_bytes) / 15 AS max_in_bits_per_sec, max(sum_out_bytes) / 15 AS max_out_bits_per_sec, max(sum_bytes) / 15 AS max_bits_per_sec, min(sum_in_bytes) / 15 AS min_in_bits_per_sec, min(sum_out_bytes) / 15 AS min_out_bits_per_sec, min(sum_bytes) / 15 AS min_bits_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time, sum(in_bytes) AS sum_in_bytes, sum(out_bytes) AS sum_out_bytes, sum(in_bytes + out_bytes) AS sum_bytes FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 +--Q17.Traffic Metrics Bandwidth Packets IN/OUT +SELECT stat_time AS stat_time, avg(sum_in_pkts) / 15 AS avg_in_pkts_per_sec , avg(sum_out_pkts) / 15 AS avg_out_pkts_per_sec , avg(sum_pkts) / 15 AS avg_pkts_per_sec , max(sum_in_pkts) / 15 AS max_in_pkts_per_sec , max(sum_out_pkts) / 15 AS max_out_pkts_per_sec , max(sum_pkts) / 15 AS max_pkts_per_sec , min(sum_in_pkts) / 15 AS min_in_pkts_per_sec , min(sum_out_pkts) / 15 AS min_out_pkts_per_sec , min(sum_pkts) / 15 AS min_pkts_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(in_pkts) AS sum_in_pkts, sum(out_pkts) AS sum_out_pkts , sum(in_pkts + out_pkts) AS sum_pkts FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT30S'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 +--Q18.Traffic Metrics New Sessions Trend by 5Min +SELECT stat_time AS stat_time, avg(sum_sessions) / 15 AS avg_sessions_per_sec , max(sum_sessions) / 15 AS max_sessions_per_sec , min(sum_sessions) / 15 AS min_sessions_per_sec FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(sessions) AS sum_sessions FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 +--Q19.Traffic Metrics Active Sessions Trend by 5Min +SELECT stat_time AS stat_time, avg(sum_active_sessions) / 15 AS avg_active_sessions , max(sum_active_sessions) / 15 AS max_active_sessions , min(sum_active_sessions) / 15 AS min_active_sessions FROM ( SELECT stat_time, sum(max_active_sessions) AS sum_active_sessions FROM ( SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , device_id, vsys_id, max(active_sessions) AS max_active_sessions FROM traffic_general_stat WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss'), device_id, vsys_id ) GROUP BY stat_time ) GROUP BY stat_time ORDER BY stat_time ASC LIMIT 10000 +--Q20.Shaping Profiles Metrics +SELECT profile_id, sum(in_bytes + out_bytes) AS bytes , sum(in_pkts + out_pkts) AS packets , sum(in_drop_pkts + out_drop_pkts) AS drops , max(in_max_latency_us + out_max_latency_us) AS max_latency_us , avg(in_queue_len + out_queue_len) AS avg_q , max(in_queue_len + out_queue_len) AS max_q FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY profile_id +--Q21.Rule Summary Metrics +SELECT rule_id, TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used, sum(in_bytes + out_bytes) AS total_bytes FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY rule_id +--Q22.Profile Summary Metrics +SELECT profile_id, TIME_FORMAT(min(__time) ,'yyyy-MM-dd HH:mm:ss') as first_used, TIME_FORMAT(max(__time) ,'yyyy-MM-dd HH:mm:ss') as last_used, sum(in_drop_pkts + out_drop_pkts) AS drops FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY profile_id +--Q23.Shaping Rule/Profile Throughput Trend by 5Min +SELECT TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') AS stat_time , sum(in_bytes) AS in_bytes, sum(out_bytes) AS out_bytes FROM traffic_shaping_rule_hits WHERE __time >= @start AND __time <@end GROUP BY TIME_FORMAT(time_floor(__time, 'PT5M'), 'yyyy-MM-dd HH:mm:ss') ORDER BY stat_time ASC LIMIT 10000 +--Q24.Service Chaining Rule Metrics +SELECT rule_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY rule_id +--Q25.Service Function Forwarder Metrics +SELECT sff_profile_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY sff_profile_id +--Q26.Service Function Profile Metrics +SELECT sf_profile_id, sum(sent_bytes) AS sent_bytes, sum(recv_bytes) AS received_bytes , sum(sent_pkts) AS sent_packets, sum(recv_pkts) AS received_packets FROM service_chaining_rule_hits WHERE __time >= @start AND __time <@end GROUP BY sf_profile_id +--Q27.Service Function Profile Status +SELECT sf_profile_id, sf_status,CASE WHEN last_active_time = 0 THEN '' ELSE TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * (last_active_time)),'YYYY-MM-dd HH:mm:ss') END AS last_active_time,CASE WHEN last_inactive_time = 0 THEN '' ELSE TIME_FORMAT(MILLIS_TO_TIMESTAMP( 1000 * (last_inactive_time)),'YYYY-MM-dd HH:mm:ss') END AS last_inactive_time FROM ( SELECT sf_profile_id, LATEST(sf_status) AS sf_status,MAX(CASE WHEN sf_status = 1 THEN TIMESTAMP_TO_MILLIS(TIME_PARSE(__time))/1000 ELSE 0 END) AS last_active_time,MAX(CASE WHEN sf_status = 0 THEN TIMESTAMP_TO_MILLIS(TIME_PARSE(__time))/1000 ELSE 0 END) AS last_inactive_time FROM service_function_status WHERE __time >= @start AND __time <@end GROUP BY sf_profile_id) +--Q28.Top Applications +SELECT app_name,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM application_protocol_stat WHERE __time >= @start AND __time <@end AND app_name IS NOT NULL GROUP BY app_name ORDER BY bytes DESC LIMIT 10 +--Q29.Top Client IPs +SELECT client_ip AS client_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_client_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY client_ip ORDER BY bytes DESC LIMIT 10 +--Q30.Top Server IPs +SELECT server_ip AS server_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY server_ip ORDER BY bytes DESC LIMIT 10 +--Q31.Top External IPs +SELECT external_ip AS external_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_external_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY external_ip ORDER BY bytes DESC LIMIT 10 +--Q32.Top Internal IPs +SELECT internal_ip AS internal_ip,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_internal_ips WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY internal_ip ORDER BY bytes DESC LIMIT 10 +--Q33.Top Server Domains +SELECT domain,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_domains WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY domain ORDER BY bytes DESC LIMIT 10 +--Q34.Top Server FQDNs +SELECT fqdn,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_server_fqdns WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY fqdn ORDER BY bytes DESC LIMIT 10 +--Q35.Top Subscribers +SELECT subscriber_id,sum(sessions) AS sessions,sum(in_bytes) AS in_bytes,sum(out_bytes) AS out_bytes,sum(in_bytes + out_bytes) AS bytes,sum(in_pkts) AS in_packets,sum(out_pkts) AS out_packets,sum(in_pkts + out_pkts) AS packets FROM top_subscribers WHERE __time >= @start AND __time <@end AND metric = 'bytes' GROUP BY subscriber_id ORDER BY bytes DESC LIMIT 10
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-filter.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-filter.json new file mode 100644 index 0000000..d21f2d3 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-filter.json @@ -0,0 +1,53 @@ +{ + "version": "1.0", + "name": "Engine-Raw", + "namespace": "Engine", + "filters": [ + { + "name":"@start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600)" + }, + { + "name":"@end", + "value": "now()" + }, + { + "name":"@common_filter", + "value": [ + "common_log_id=1153021139190754263", + "common_client_ip='36.189.226.21'", + "common_internal_ip='223.116.37.192'", + "common_server_ip='8.8.8.8'", + "common_external_ip='111.10.53.14'", + "common_client_port=52607", + "common_server_port=443", + "common_c2s_pkt_num>5", + "common_s2c_pkt_num>5", + "common_c2s_byte_num>100", + "common_s2c_byte_num<200", + "common_schema_type='DNS'", + "common_establish_latency_ms>200", + "common_con_duration_ms>10000", + "common_stream_trace_id=1153021139190754263", + "common_tcp_client_isn=2857077935", + "common_tcp_server_isn=0", + "common_server_domain='microsoft.com'", + "mail_account='[email protected]'", + "mail_subject='test'", + "dns_qname='qbwup.imtt.qq.com'", + "ssl_sni='note.youdao.com'", + "ssl_con_latency_ms>100", + "ssl_ja3_hash='a0e9f5d64349fb13191bc781f81f42e1'", + "common_client_ip='36.189.226.21' and common_server_ip='8.8.8.8'", + "common_server_ip='111.10.53.14' and common_server_port=443", + "mail_account like 'abc@%'", + "common_server_domain like '%baidu.com%'", + "ssl_sni like '%youdao.com'", + "common_client_ip in ('36.189.226.21','111.10.53.14')", + "common_server_port not in (80,443)", + "notEmpty(common_server_domain)", + "common_server_domain not like '%microsoft.com'" + ] + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-queries-template.sql b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-queries-template.sql new file mode 100644 index 0000000..14cd24c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/engine-queries-template.sql @@ -0,0 +1,106 @@ +--Q01.CK DateTime +select toDateTime(common_recv_time) as common_recv_time from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) limit 20 +--Q02.Standard DateTime +select FROM_UNIXTIME(common_recv_time) as common_recv_time from session_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) limit 20 +--Q03.count(1) +select count(1) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) +--Q04.count(*) +select count(*) from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) +--Q05.UDF TIME_FLOOR_WITH_FILL +select TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','previous') as stat_time from session_record where common_recv_time > toDateTime(@start) and common_recv_time < toDateTime(@end) group by stat_time +--Q06.UDF GEO IP +select IP_TO_GEO(common_client_ip) as geo,IP_TO_CITY(common_server_ip) as city,IP_TO_COUNTRY(common_server_ip) as country from session_record limit 10 +--Q07.Special characters +select * from session_record where (common_protocol_label ='/$' or common_client_ip like'%') limit 10 +--Q08.Federation Query +select * from (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M','zero')) as stat_time from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) group by stat_time order by stat_time asc) +--Q09.Closed session Record Logs +select * from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 +--Q10.Interim Session Record Logs +select * from interim_session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) AND @common_filter order by common_recv_time desc limit 20 +--Q11.Transaction Record Logs +select * from transaction_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) order by common_recv_time desc limit 20 +--Q12.Security Event Logs +select * from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) AND @common_filter order by common_recv_time desc limit 0,20 +--Q13.Proxy Event Logs +select * from proxy_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 +--Q14.Radius Record Logs +select * from radius_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 +--Q15.GTPC Record Logs +select * from gtpc_record where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) order by common_recv_time desc limit 0,20 +--Q16.Closed session record with fields +select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) limit 20 +--Q17.Interim session record with fields +SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program FROM interim_session_record where common_recv_time >= @start and common_recv_time < @end order by common_recv_time desc limit 100000 +--Q18.Security Event Logs with fields +SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, http_url, http_host, common_server_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program from security_event where common_recv_time >= @start and common_recv_time < @end order by common_recv_time desc limit 100000 +--Q19.Radius ON/OFF Logs For Frame IP +select framed_ip, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >=toDateTime(@start) and event_timestamp <toDateTime(@end) group by framed_ip limit 20 +--Q20.Radius ON/OFF Logs For Account +select account, arraySlice(groupUniqArray(concat(toString(event_timestamp),':', if(acct_status_type=1,'start','stop'))),1,100000) as timeseries from radius_onff_log where event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by account +--Q21.Radius ON/OFF Logs total Account number +select count(distinct(framed_ip)) as active_ip_num , sum(acct_session_time) as online_duration from (select any(framed_ip) as framed_ip ,max(acct_session_time) as acct_session_time from radius_onff_log where account='000jS' and event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by acct_session_id) +--Q22.Radius ON/OFF Logs Account Access Detail +select max(if(acct_status_type=1,event_timestamp,0)) as start_time,max(if(acct_status_type=2,event_timestamp,0)) as end_time, any(framed_ip) as ip,max(acct_session_time) as online_duration from radius_onff_log where event_timestamp >= toDateTime(@start) and event_timestamp < toDateTime(@end) group by acct_session_id order by start_time desc limit 200 +--Q23.Report for Client IP +select common_client_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@end)) group by common_client_ip order by sessions desc limit 0,100 +--Q24.Report for Server IP +select common_server_ip, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by common_server_ip order by sessions desc limit 0,100 +--Q25.Report for SSL SNI +select ssl_sni, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by ssl_sni order by sessions desc limit 0,100 +--Q26.Report for SSL APP +select common_app_label as applicaiton, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) group by applicaiton order by sessions desc limit 0,100 +--Q27.Report for Domains +select common_server_domain AS domain,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(domain) GROUP BY domain ORDER BY bytes DESC LIMIT 100 +--Q28.Report for Domains with unique Client IP +select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, common_server_domain, uniq (common_client_ip) as nums from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and common_server_domain in (select common_server_domain from session_record where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(common_server_domain) group by common_server_domain order by SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), common_server_domain order by stat_time asc limit 500 +--Q29.Report for HTTP Host +SELECT http_host as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) GROUP BY host ORDER BY bytes DESC limit 100 union all SELECT 'totals' as host, SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes, SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes, SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(http_host) +--Q30.Report for HTTP/HTTPS URLS with Sessions +SELECT http_url AS url,count(*) AS sessions FROM proxy_event WHERE common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) GROUP BY url ORDER BY sessions DESC LIMIT 100 +--Q31.Report for HTTP/HTTPS URLS with UNIQUE Client IP +select toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300) as stat_time, http_url, count(distinct(common_client_ip)) as nums from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and http_url IN (select http_url from proxy_event where common_recv_time >= toStartOfDay(toDateTime(@start))-86400 AND common_recv_time < toStartOfDay(toDateTime(@start)) and notEmpty(http_url) group by http_url order by count(*) desc limit 10 ) group by toDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 300)*300), http_url order by stat_time asc limit 500 +--Q32.Report for Subscriber ID with Sessions +select common_subscriber_id as user, count(*) as sessions from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) group by common_subscriber_id order by sessions desc limit 0,100 +--Q33.Report for Subscriber ID with Bandwidth +SELECT common_subscriber_id as user,SUM(coalesce(common_c2s_byte_num, 0)) AS sent_bytes,SUM(coalesce(common_s2c_byte_num, 0)) AS received_bytes,SUM(coalesce(common_c2s_byte_num, 0)+coalesce(common_s2c_byte_num, 0)) AS bytes FROM session_record WHERE common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) and notEmpty(user) GROUP BY user ORDER BY bytes DESC LIMIT 100 +--Q34.Report Unique Endpoints +select uniq(common_client_ip) as "Client IP",uniq(common_server_ip) as "Server IP",uniq(common_internal_ip) as "Internal IP",uniq(common_external_ip) as "External IP",uniq(common_server_domain) as "Domain",uniq(ssl_sni) as "SNI" from session_record where common_recv_time>= toStartOfDay(toDateTime(@start))-604800 and common_recv_time< toStartOfDay(toDateTime(@start)) +--Q35.TopN Optimizer +SELECT http_url AS url, SUM(common_sessions) AS sessions FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND notEmpty(http_url) GROUP BY http_url ORDER BY sessions DESC limit 10 +--Q36.Domain Baidu.com Metrics +select FROM_UNIXTIME(min(common_recv_time)) as "First Seen" , FROM_UNIXTIME(max(common_recv_time)) as "Last Seen" , median(http_response_latency_ms) as "Server Processing Time Median(ms)", count(1) as Responses,any(common_server_location) as Location from session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND common_server_domain='baidu.com' +--Q37.TIME_FLOOR_WITH_FILL 01 +select "Device Group" as "Device Group" ,"Data Center" as "Data Center" ,FROM_UNIXTIME("End Time") as "End Time" , sum("counter") as "counter" from (select common_device_group as "Device Group" ,common_data_center as "Data Center" ,TIME_FLOOR_WITH_FILL (common_end_time,'PT1H','zero') as "End Time" ,count(common_log_id) as "counter" from session_record where common_recv_time >= toDateTime(@start) and common_recv_time< toDateTime(@end) group by "Device Group","Data Center","End Time") group by "Device Group" ,"Data Center" ,"End Time" order by "End Time" asc limit 5 +--Q38.TIME_FLOOR_WITH_FILL 02 +select FROM_UNIXTIME("End Time") as "End Time" , sum("counter") as "counter" from (select common_device_group as "Device Group" ,common_data_center as "Data Center" ,TIME_FLOOR_WITH_FILL (common_end_time,'PT1H','zero') as "End Time" ,count(common_log_id) as "counter" ,count(common_server_domain) as "HTTP.Domain" from security_event where ((common_recv_time >= toDateTime('2021-10-19 00:00:00') and common_recv_time < toDateTime('2021-10-20 00:00:00')) ) AND ( ( common_action = 2 ) ) group by "Device Group","Data Center","End Time") group by "End Time" order by "End Time" asc +--Q39.CONVERT_TZ (clickhouse) 01 +SELECT CONVERT_TZ('2019-09-09 09:09:09','GMT','MET') as test_time from session_record limit 1 +--Q40.CONVERT_TZ (clickhouse) 02 +SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as test_time from session_record limit 1 +--Q41.CONVERT_TZ (clickhouse) 03 +SELECT CONVERT_TZ(now(),'GMT','America/New_York') as test_time from session_record limit 1 +--Q42.CONVERT_TZ (hbase) 01 +SELECT CONVERT_TZ('2019-09-09 09:09:09','GMT','MET') as test_time from report_result limit 1 +--Q43.CONVERT_TZ (hbase) 02 +SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as test_time from report_result limit 1 +--Q44.CONVERT_TZ (hbase) 03 +SELECT CONVERT_TZ(now(),'GMT','America/New_York') as test_time from report_result limit 1 +--Q45.CONVERT_TZ (elasticsearch) +SELECT CONVERT_TZ('2019-09-09 09:09:09','Europe/London','America/New_York') as time from report_result limit 1 +--Q46.Authentication failed(code 516) +SELECT toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, http_url, http_host, common_server_domain, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program FROM interim_session_record AS interim_session_record WHERE common_recv_time >= toUnixTimestamp(@start) AND common_recv_time < toUnixTimestamp(@end) ORDER BY common_recv_time DESC LIMIT 43233, 20 +--Q47.Function MAX_DURATION +SELECT destination_ip, IP_TO_GEO(destination_ip) AS destination_geo, MAX_DURATION(end_time,600) AS max_duration, any(destination_country) AS destination_country, groupUniqArray(arrayJoin(splitByString(',',source_country_list))) AS source_coutries,max(bit_rate) AS max_bit_rate,max(packet_rate) AS max_packet_rate,max(session_rate) AS max_session_rate,min(start_time) AS first_active_time,max(end_time) AS last_active_time,groupUniqArray(attack_type) AS attack_type,count(*) AS count from dos_event where start_time >= toUnixTimestamp(@start) AND start_time < toUnixTimestamp(@end) GROUP BY destination_ip ORDER BY count desc +--Q48.QUANTILE(clickhouse) +SELECT QUANTILE(common_c2s_byte_num) AS c2s FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND (common_l4_protocol IN ('IPv4_UDP', 'IPv6_UDP')) LIMIT 1 +--Q49.Top Optimizer +SELECT common_client_ip AS common_client_ip, count(*) AS count, sum(common_c2s_byte_num + common_s2c_byte_num) / 1024 / 1024 AS bytes_MB FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) GROUP BY common_client_ip ORDER BY count DESC LIMIT 10 +--Q50.IP_TO_GEO、IP_TO_ISP +SELECT IP_TO_GEO(common_client_ip) AS geo, IP_TO_ISP(common_client_ip) AS isp FROM session_record LIMIT 1 +--Q51.time format ISO8601, ck +SELECT FROM_UNIXTIME(UNIX_TIMESTAMP('2023-02-08T00:00:00+0800')) FROM session_record limit 1 +--Q52.subQuery optimizing, filter field contain table name +SELECT FROM_UNIXTIME(common_recv_time) AS stat_time FROM session_record WHERE common_recv_time >= toDateTime(@start) AND common_recv_time < toDateTime(@end) AND (common_client_ip = '5.32.144.55') AND session_record.common_vsys_id IN (32, 1, 27, 4) ORDER BY common_recv_time DESC LIMIT 0, 50 +--Q53.Concat Funtion Test sql +select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(common_recv_time),'PT1M','zero') as stat_time, (CASE WHEN common_action = 1 THEN 'Monitor' WHEN common_action = 2 THEN 'Intercept' WHEN common_action = 16 THEN 'Deny' WHEN common_action = 48 THEN 'Manipulation' WHEN common_action = 96 THEN 'Allow' WHEN common_action = 128 THEN 'Allow(Deprecated)' ELSE Concat(common_action) END) as type, count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP(@start) and common_recv_time< UNIX_TIMESTAMP(@end) and common_vsys_id in (2,3) group by stat_time, common_action
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-filter.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-filter.json new file mode 100644 index 0000000..25eafef --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-filter.json @@ -0,0 +1,15 @@ +{ + "version": "1.0", + "name": "es-Raw", + "namespace": "tsg", + "filters": [ + { + "name":"@start", + "value": "cast(now() as long)/1000 -3600" + }, + { + "name":"@end", + "value": "cast(now() as long)/1000" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-queries-template.sql b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-queries-template.sql new file mode 100644 index 0000000..a407518 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/es-queries-template.sql @@ -0,0 +1 @@ +--Q01.empty
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-hos-service.yml b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-hos-service.yml new file mode 100644 index 0000000..d8fbac5 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-hos-service.yml @@ -0,0 +1,120 @@ +#服务端口 +server: + port: 8186 + tomcat: + max-threads: 400 +#tomcat缓存大小,单位KB系统默认10M,配置10g +tomcat: + cacheMaxSize: 100000 +#hbase参数 +hbase: + zookeeper_quorum: 192.168.20.193:2181,192.168.20.194:2181,192.168.20.195:2181 + zookeeper_property_clientPort: 2181 + zookeeper_znode_parent: /hbase + client_retries_number: 1 + rpc_timeout: 100000 + connect_pool: 10 + client_write_buffer: 10485760 + client_keyvalue_maxsize: 1024000000 + #批量获取数量 + get_batch: 10000 + #part 最大数据量 + maxParts: 100000 + #每次获取的part数 + get_part_batch: 1000 + #每次追加是否更新主文件 + isUpdate: 1 + #hbase索引表前缀,前缀为以下的都为索引表 + time_index_table_prefix: index_time_ + filename_index_table_prefix: index_filename_ + partfile_index_table_prefix: index_partfile_ + system_bucket_meta: system:bucket_meta + #创建表预分区时的分区,为空则不分区 + region_start_key: 1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + filename_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + part_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + #获取文件大小的目录 + hbasePath: /hbase + #1是集群0是单机,主要针对存储配额获取方式 + standone: 1 + #hadoop集群namenode节点 + namenodes: 192.168.20.193,192.168.20.194 + #hadoop端口 + hadoop_port: 9000 + #建表时是否打开hbase wal,1打开,0关闭 + openWal: 0 + #ttl相关参数 + ttl_scan_batch: 5000 + ttl_scan_caching: 10000 + ttl_delete_batch: 10000 + hadoop_user: root + hadoop_defaultFS: hdfs://ns1 + hadoop_nameservices: ns1 + hadoop_namenodes_ns1: nn1,nn2 + hadoop_replication: 2 +#是否打开验证,0打开,打开需要使用S3身份验证或者token访问服务 +auth: + open: 0 + #http访问使用的token + token: ENC(M8BbPaTywYw1/NyRY6TAVnqPzx7Nae92BVBcHoYi3pL9/o6kunHqpW3E50LO/XEL) + #s3验证 + s3: + accessKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) + secretKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) +hos: + #文件最大值 + maxFileSize: 5368709000 + #小文件阈值 + uploadThreshold: 10485760 + #长连接超时时间 + keepAliveTimeout: 60000 + #批量删除对象的最大数量 + deleteMultipleNumber: 1000 + #获取对象列表等操作的最大值 + maxResultLimit: 100000 + #分块上传的最大分块数 + maxPartNumber: 1000 + #追加上传的最大次数 + maxPosition: 100000 + #存放对象的用户自定义元数据的请求头 + metaHeader: x-hos-meta-message + #存放对象信息的请求头 + objectInfo: x-hos-object-info + #是否快速下载文件,1打开,hbase内存小于20G的集群设为0 + isQuickDownloadFile: 0 + #是否打开对象列表查询功能,1打开 + simple: 1 + #用户白名单(hbase的namespace),获取存储配额 + users: default + #元数据存储占比 + metaProportion: 0.03 + #是否打开限流,0:关闭,1:打开 + openRateLimiter: 1 + #限流每秒请求数 + rateLimiterQps: 10000 + #展示追加文件丢失块的最大数量 + lostPartsCount: 10 + #执行ttl的线程数 + thread: 10 + #是否打开手动ttl,1打开,默认为1 + manualTtl: 0 +#设置上传文件大小的最大值 +spring: + servlet: + multipart: + max-file-size: 1024MB + max-request-size: 1024MB +#Prometheus参数 + application: + name: HosServiceApplication +#Prometheus参数 +management: + endpoints: + web: + exposure: + include: '*' + metrics: + tags: + application: ${spring.application.name} +logging: + config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-admin.properties b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-admin.properties new file mode 100644 index 0000000..4569272 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-admin.properties @@ -0,0 +1,73 @@ +### web +server.port=8184 +server.servlet.context-path=/xxl-job-admin +spring.application.name=galaxy-job-admin +### actuator +management.server.servlet.context-path=/actuator +management.health.mail.enabled=false +management.endpoints.web.exposure.include=* +#详细的应用健康信息 prometheus +management.endpoint.health.show-details=always + +management.endpoint.metrics.enabled=true +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true +management.metrics.tags.application=${spring.application.name} +management.metrics.tags.module=${spring.application.name} + + +### resources +spring.mvc.servlet.load-on-startup=0 +spring.mvc.static-path-pattern=/static/** +spring.resources.static-locations=classpath:/static/ + +### freemarker +spring.freemarker.templateLoaderPath=classpath:/templates/ +spring.freemarker.suffix=.ftl +spring.freemarker.charset=UTF-8 +spring.freemarker.request-context-attribute=request +spring.freemarker.settings.number_format=0.########## + +### mybatis +mybatis.mapper-locations=classpath:/mybatis-mapper/*Mapper.xml +#mybatis.type-aliases-package=com.xxl.job.admin.core.model + +### xxl-job, datasource +spring.datasource.url=jdbc:mysql://192.168.20.253:3306/xxl_job?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=UTC +spring.datasource.username=ENC(63aTpwv2vH0vPikW+3Jjig==) +spring.datasource.password=ENC(LDEb2OekU7iZWiFw6pUYBSozVKP27r1y) +spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver + +### datasource-pool +spring.datasource.type=com.zaxxer.hikari.HikariDataSource +spring.datasource.hikari.minimum-idle=10 +spring.datasource.hikari.maximum-pool-size=100 +spring.datasource.hikari.auto-commit=true +spring.datasource.hikari.idle-timeout=30000 +spring.datasource.hikari.pool-name=HikariCP +spring.datasource.hikari.max-lifetime=900000 +spring.datasource.hikari.connection-timeout=30000 +spring.datasource.hikari.connection-test-query=SELECT 1 + +### xxl-job, email +spring.mail.host=smtp.qq.com +spring.mail.port=25 +spring.mail.password=xxx +spring.mail.properties.mail.smtp.auth=true +spring.mail.properties.mail.smtp.starttls.enable=true +spring.mail.properties.mail.smtp.starttls.required=true +spring.mail.properties.mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory + +### xxl-job, access token +xxl.job.accessToken= + +### xxl-job, i18n (default is zh_CN, and you can choose "zh_CN", "zh_TC" and "en") +xxl.job.i18n=zh_CN + +## xxl-job, triggerpool max size +xxl.job.triggerpool.fast.max=200 +xxl.job.triggerpool.slow.max=100 + +### xxl-job, log retention days +xxl.job.logretentiondays=30
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-executor.properties b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-executor.properties new file mode 100644 index 0000000..6e2eeb5 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-job-executor.properties @@ -0,0 +1,65 @@ +################################静态参数配置(修改后需要重启项目)################################ +### web port +server.port = 8185 +spring.application.name=galaxy-job-executor +### actuator +management.server.servlet.context-path=/actuator +management.health.mail.enabled=false +management.endpoints.web.exposure.include=* +#详细的应用健康信息 +management.endpoint.health.show-details=always +management.endpoint.metrics.enabled=true +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true +management.metrics.tags.application=${spring.application.name} +zookeeper.server=192.168.20.221:2181,192.168.20.222:2181,192.168.20.223:2181 + +################################动态参数配置(修改后不需要重启项目)################################ +##存储配额文件服务器 +storge.files.hos-server=PCAP|192.168.10.251:9098,TWA|192.168.30.251:9098,MSH|192.168.20.251:9098 +storge.files.token=f5c5186ba4874182b33b9b2b2b6e3f77 +##存储配额查询druid +storge.analytic.server=MSH|192.168.20.252:8089 +##存储配额查询clickhouse +storge.traffic.server=MSH|192.168.20.252:8124 +storge.traffic.datasource=tsg_galaxy_v3 +storge.traffic.username=ENC(CNpgJlarVTNItkyW6DAQWA==) +storge.traffic.password=ENC(LDEb2OekU7iZWiFw6pUYBSozVKP27r1y) +#删除ttl +storge.traffic.system.parts=system.parts +#存储配额查询 +storge.traffic.system.partsclusters=system.parts_cluster +storge.traffic.system.disks=system.disks_cluster +storge.traffic.system.tables=system.tables_cluster +storge.traffic.system.clusters=system.clusters +#删除ttl白名单,多个逗号分隔 +storge.files.delete.exclusion=default,assessment_hos_bucket,knowledge_base_hos_bucket +storge.analytic.delete.exclusion=traffic_general_stat +storge.taffic.delete.exclusion=assessment_event_local +### xxl-job admin address list, such as "http://address" or "http://address01,http://address02" +xxl.job.admin.addresses=http://192.168.20.221:8184/xxl-job-admin,http://192.168.20.222:8184/xxl-job-admin +### xxl-job, access token +xxl.job.accessToken= +### xxl-job executor registry-address: default use address to registry , otherwise use ip:po +xxl.job.executor.appname=galaxy-executor +### xxl-job executor registry-address: default use address to registry , otherwise use ip:port if address is null +xxl.job.executor.address= +### xxl-job executor server-info +xxl.job.executor.ip= +xxl.job.executor.port=8886 +### xxl-job executor log-path +xxl.job.executor.logpath=/data/logs/jobhandler +### xxl-job executor log-retention-days +xxl.job.executor.logretentiondays=30 +## http pool config +### max connection number +http.pool.max.connection=500 +http.pool.request.timeout=120000 +http.pool.response.timeout=300000 +http.pool.max.per.route=300 +http.pool.connect.timeout=10000 +##指定kafka server的地址,集群配多个,中间,逗号隔开 +spring.kafka.bootstrap-servers=192.168.20.223:9094,192.168.20.224:9094,192.168.20.225:9094 +spring.kafka.ssl.enable=true +spring.kafka.ssl.username=ENC(RYN0it9o1vYynI1xlmX/Gw==) +spring.kafka.ssl.pin=ENC(vlb4F5Y3ff0Am/3MMPdIpYjZq8wcGNMd)
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-qgw-service.yml b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-qgw-service.yml new file mode 100644 index 0000000..d9664ac --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-qgw-service.yml @@ -0,0 +1,171 @@ +##############静态参数配置(修改后需要重启项目)############## +## 服务配置 +server: + port: 8183 +## 监控参数 +management: + metrics: + tags: + application: ${project.name} + endpoint: + health: + show-details: always + shutdown: + enabled: true + health: + redis: + enabled: false + db: + enabled: false + endpoints: + web: + exposure: + include: '*' + exclude: env,auditevents,beans,conditions,info + base-path: /monitor +#MySql configuration +spring: + datasource: + driver-class-name: com.mysql.cj.jdbc.Driver + url: jdbc:mysql://192.168.20.253:3306/cm?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&serverTimezone=UTC&failOverReadOnly=false&connectTimeout=10000&socketTimeout=30000 + username: ENC(63aTpwv2vH0vPikW+3Jjig==) + pin: ENC(LDEb2OekU7iZWiFw6pUYBSozVKP27r1y) +## Hbase configuration +hbase: + zookeeperQuorum: 192.168.20.193,192.168.20.194,192.168.20.195:2181 + zookeeperZnodeParent: /hbase + rpcTimeout: 90000 + report: + dbname: tsg + tableName: report_result + columnFamily: response + columnName: result +## Elasticsearch configuration +elasticsearch: + url: 127.0.0.1:9200 + dbname: elasticsearch + socketTimeOut: 60000 +##############动态参数配置(修改后不需要重启项目)############## +## 项目参数 +project: + name: galaxy-qgw-service-nacos + description: 统一数据查询网关 + version: 1.1 + groupId: com.mesalab + artifactId: galaxy-qgw-service + basedir: + corePackage: com.mesalab.common + servicePackage: com.mesalab.qgw + author: + name: darnell + url: + email: +switch: + version: + ##支持 vsys_id(默认),log_id + schema: vsys_id +## ClickhHouse configuration +clickhouse: + url: http://192.168.20.252:8124 + dbname: tsg_galaxy_v3 + enableApproximateOptimizer: true + realTimeAccount: + username: ENC(hYFEuRJJWd93TZg5VbK/o3OXUmxI/irv) + pin: ENC(qUA355VopKSx6kwwwXZwqWWEYSu76Slz) + socketTimeOut: 60000 + longTermAccount: + username: ENC(z3gVlaa7Q4IMDqtUgvhwoJzKAkH1Uznc) + pin: ENC(LDEb2OekU7iZWiFw6pUYBSozVKP27r1y) + socketTimeOut: 21700000 +## Druid configuration +druid: + url: 192.168.20.252:8089/druid/v2/sql + dbname: druid + socketTimeOut: 60000 +## xxl-job-admin configuration +xxl-job-admin: + url: http://192.168.20.252:8181/xxl-job-admin + userName: ENC(v8NKKlLWitI7vGhuGYorRQ==) + pin: ENC(xTCafSByYA6SyvhUJ6vrh2VSXuZAVK/O) +## ArangoDB configuration +arango: + server: http://192.168.20.222:8529 + database: tsg_galaxy_v3 + username: ENC(UyZxsi4PT6kQXJAep5qvQQ==) + pin: ENC(qUA355VopKSx6kwwwXZwqWWEYSu76Slz) + jwturl: ${arango.server}/_db/${arango.database}/_open/auth + queryurl: ${arango.server}/_db/${arango.database}/_api/cursor + maxrows: 10000 + socketTimeOut: 300000 +## hos cfg +hos: + uri: http://192.168.20.251:9098/hos + bucket: knowledge_base_hos_bucket + token: f5c5186ba4874182b33b9b2b2b6e3f77 + multiUploadStartSize: 1073741824 + multiUploadPartSize: 10485760 +## knowledge value 格式 name:版本 +knowledge: + ipLocation: + ipV4: + userDefined: ip_v4_user_defined:latest + builtIn: ip_v4_built_in:latest + asn: asn_v4:latest + ipV6: + userDefined: ip_v6_user_defined:latest + builtIn: ip_v6_built_in:latest + asn: asn_v6:latest +## Engine、Service configuration +engine: + maxCacheNum: 1048575 + defaultResultNum: 100000 +service: + entity: + activeClientIP: 10000 + topServerIP: + TCPBySession: 250000 + TCPByUniqClientIP: 700 + UDPBySession: 80 + UDPByUniqClientIP: 80 + topSNI: + defaultSize: 30000 + dataset: 2000000 + gtpc: + defaultSize: 100000 +## http pool config +http: + pool: + connect: + timeout: 30000 + max: + connection: 500 + per: + route: 200 + request: + timeout: 10000 + response: + timeout: 60000 +## job cfg +job: + timeSlicing: + enabled: true + #单位: Second + interval: 1800 + longPolling: + enabled: true + interactive: + timeout: 30000 + response: + timeout: 500 + execution: + timeout: 300000 + pool: + corePoolSize: 20 + maxPoolSize: 30 + queueCapacity: 10 +## task cfg +task: + pool: + corePoolSize: 8 + maxPoolSize: 16 + queueCapacity: 1000
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-report-service.yml b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-report-service.yml new file mode 100644 index 0000000..5011a39 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/galaxy-report-service.yml @@ -0,0 +1,123 @@ +#http的端口 +server: + port: 9093 +#更新进度条的时间10s +scan: + result: + scheduled: + plan: 0/15 * * * * ? +#同时间执行是线程数 +globle: + job_thread: 2 +#Hbasehttp的端口 +#Hbase的表名等配置通畅不需要更改 +hbase: + table: tsg:report_result + zookeeper_quorum: 192.168.20.193:2181,192.168.20.194:2181,192.168.20.195:2181 + zookeeper_property_clientPort: 2181 + zookeeper_znode_parent: /hbase + client_retries_number: 3 + rpc_timeout: 100000 + connect_pool: 10 +#存入Hbase的cell级别生存时间 根据部署环境填写:1.TSG 不设置(永久有效); 2.CN 7(默认7天) 单位:Day + cell_ttl_d: +#查询网关ip +ck: + gateway_ip: 192.168.20.252:9999 +#zk集群的ip +zookeeper: + connectString: 192.168.20.221:2181,192.168.20.222:2181,192.168.20.223:2181 +#是否启用zookeeper 0启用(集群) 1禁用(单机) + open: 0 + retryCount: 6 + elapsedTimeMs: 10000 + sessionTimeoutMs: 50000 + connectionTimeoutMs: 50000 + nameSpace: reportservice + +#最大连接数 +http: + maxTotal: 300 +#并发数 + defaultMaxPerRoute: 100 +#创建连接的最长时间 + connectTimeout: 10000 +#从连接池中获取到连接的最长时间 + connectionRequestTimeout: 10000 +#数据传输的最长时间 + socketTimeout: 21605000 +#提交请求前测试连接是否可用 + staleConnectionCheckEnabled: true + socketTimeoutShort: 30000 + +#mariadb的url +spring: + application: + name: galaxy_report_service + + datasource: + url: jdbc:mariadb://192.168.20.157:3306/tsg-bifang?serverTimezone=UTC&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&failOverReadOnly=false +#mariadb的用户名 + username: ENC(63aTpwv2vH0vPikW+3Jjig==) +#mariadb的密码 + password: ENC(iW8ekP1SZC6v/7cfJKAqXXrjApJox+cH) +#以下配置不需要更改通常 + name: druidDataSource + type: com.alibaba.druid.pool.DruidDataSource + driver-class-name: org.mariadb.jdbc.Driver + +#配置监控统计拦截的filters,去掉后监控界面SQL无法进行统计,’wall’用于防火墙 + druid: + filters: stat,wall,slf4j + #最大连接数 + max-active: 30 + #最小连接数 + min-idle: 1 + #初始化连接数 + initial-size: 2 + #获取连接最大超时时间 + max-wait: 600000 + #间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 + time-between-eviction-runs-millis: 60000 + # 一个连接在池中最小生存的时间,单位是毫秒 + min-evictable-idle-time-millis: 300000 + #验证连接是否可用,在数据库中执行一条sql + validation-query: select 1 + #建议配置为true,不影响性能,并且保证安全性。申请连接的时候检测,如果空闲时间大于timeBetweenEvictionRunsMillis, + # 执行validationQuery检测连接是否有效 + test-while-idle: true + #申请连接时执行validationQuery检测连接是否有效,做了这个配置会降低性能 + test-on-borrow: true + test-on-return: false + connection-properties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500 + #是否开启WebStatFilter + web-stat-filter: + enabled: true + #设置不统计哪些URL(用于排除一些不必要的url) + exclusions: "*.js,*.gif,*.jpg,*..ng,*.css,*.ico,/druid/*" + #是否开启Druid监控信息显示页面 + stat-view-servlet: + enabled: true + #甚至浏览器访问路径 + url-pattern: /druid/* + #禁止手动重置监控数据 + reset-enable: false + #durid-ui页面账户密码 + login-username: admin + login-password: admin + #Spring监控,对内部各接口调用的监控,需要导入aop相关包 + aop-patterns: com.mesa.reportservice.controller.*,com.mesa.reportservice.service.*,com.mesa.reportservice.mapper.* +mybatis: + typeAliasesPackage: com.mesa.reportservice.bean + mapperLocations: classpath*:/mappers/*.xml +management: + endpoints: + web: + exposure: + include: "*" + metrics: + tags: + application: galaxy_report_service + +logging: + config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_knowledge_base.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_knowledge_base.json new file mode 100644 index 0000000..6cd5ccc --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_knowledge_base.json @@ -0,0 +1,57 @@ +{ + "type": "record", + "name": "gtpc_knowledge_base", + "namespace": "tsg_galaxy", + "fields": [ + { + "name": "vsys_id", + "label": "System Id", + "type": "int" + }, + { + "name": "uplink_teid", + "label": "Up Link Teid", + "type": "int" + }, + { + "name": "downlink_teid", + "label": "Down Link Teid", + "type": "int" + }, + { + "name": "ROWKEY", + "label": "Row Key", + "type": "string" + }, + { + "name": "apn", + "label": "APN", + "type": "string" + }, + { + "name": "phone_number", + "label": "Phone Number", + "type": "string" + }, + { + "name": "imsi", + "label": "IMSI", + "type": "string" + }, + { + "name": "imei", + "label": "IMEI", + "type": "string" + }, + { + "name": "last_update_time", + "label": "Last Update Time", + "type": "int" + }, + { + "name": "msg_type", + "label": "Message Type", + "type": "int" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_record.json new file mode 100644 index 0000000..02aa72c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/gtpc_record.json @@ -0,0 +1,1664 @@ +{ + "type": "record", + "name": "gtpc_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/gtpc_record/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "gtp_version", + "gtp_apn", + "gtp_imei", + "gtp_imsi", + "gtp_phone_number", + "gtp_msg_type" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "gtp_version", + "gtp_apn", + "gtp_imei", + "gtp_imsi", + "gtp_phone_number" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "gtp_version", + "gtp_apn", + "gtp_imei", + "gtp_imsi", + "gtp_phone_number", + "gtp_end_user_ipv4", + "gtp_end_user_ipv6", + "gtp_uplink_teid", + "gtp_downlink_teid", + "gtp_msg_type" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "GTP-C": { + "$ref": "public_schema_info.json#/schema_type/GTP-C" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "gtp_version", + "gtp_msg_type", + "gtp_imsi", + "gtp_imei", + "gtp_phone_number", + "common_client_ip", + "common_server_ip" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "GTP-C", + "value": "GTP-C" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "disabled", + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "gtp_version", + "label": "Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_apn", + "label": "APN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_imei", + "label": "IMEI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_imsi", + "label": "IMSI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_uplink_teid", + "label": "Uplink TEID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "gtp_downlink_teid", + "label": "Downlink TEID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "gtp_msg_type", + "label": "Message Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "create", + "value": "create" + }, + { + "code": "modify", + "value": "modify" + }, + { + "code": "delete", + "value": "delete" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_end_user_ipv4", + "label": "End User Address V4", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "gtp_end_user_ipv6", + "label": "End User Address V6", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-filter.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-filter.json new file mode 100644 index 0000000..d54cf14 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-filter.json @@ -0,0 +1,15 @@ +{ + "version": "1.0", + "name": "hbase-Raw", + "namespace": "tsg", + "filters": [ + { + "name":"@start", + "value": "'2021-10-19 10:00:00'" + }, + { + "name":"@end", + "value": "'2021-10-20 11:00:00'" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-queries-template.sql b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-queries-template.sql new file mode 100644 index 0000000..6ff5571 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/hbase-queries-template.sql @@ -0,0 +1,4 @@ +--Q01. 范围查询 +SELECT last_update_time FROM relation_account_framedip WHERE last_update_time>=CAST(TO_TIMESTAMP (@start,'yyyy-MM-dd HH:mm:ss','Asia/Shanghai') AS UNSIGNED_LONG) AND last_update_time<CAST(TO_TIMESTAMP (@end,'yyyy-MM-dd HH:mm:ss','Asia/Shanghai') AS UNSIGNED_LONG) LIMIT 30 +--Q02. KV查询 +select * from relation_account_framedip where ROWKEY = '0a771a381088e7d72ded13e998c06cbe' limit 1
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/interim_session_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/interim_session_record.json new file mode 100644 index 0000000..4cf28e8 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/interim_session_record.json @@ -0,0 +1,4154 @@ +{ + "type": "record", + "name": "interim_session_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/interim_session_record/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_shaping_rule_ids", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_host", + "http_domain", + "http_url", + "http_sequence", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "http_request_line", + "http_response_line", + "http_version", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "ssl_con_latency_ms", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_shaping_rule_ids", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_request_line", + "http_response_line", + "http_request_body", + "http_response_body", + "http_sequence", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_set_cookie", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "mail_eml_file", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_sub", + "dns_cname", + "dns_rr", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_con_latency_ms", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "BASE": { + "$ref": "public_schema_info.json#/schema_type/BASE" + }, + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": { + "$ref": "public_schema_info.json#/schema_type/MAIL" + }, + "DNS": { + "$ref": "public_schema_info.json#/schema_type/DNS" + }, + "SSL": { + "$ref": "public_schema_info.json#/schema_type/SSL" + }, + "DTLS": { + "$ref": "public_schema_info.json#/schema_type/DTLS" + }, + "QUIC": { + "$ref": "public_schema_info.json#/schema_type/QUIC" + }, + "FTP": { + "$ref": "public_schema_info.json#/schema_type/FTP" + }, + "BGP": { + "$ref": "public_schema_info.json#/schema_type/BGP" + }, + "APP": { + "$ref": "public_schema_info.json#/schema_type/APP" + }, + "SSH": { + "$ref": "public_schema_info.json#/schema_type/SSH" + }, + "Stratum": { + "$ref": "public_schema_info.json#/schema_type/Stratum" + }, + "RDP": { + "$ref": "public_schema_info.json#/schema_type/RDP" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_tunnels", + "common_userdefine_app_name", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "rtp_pcap_path", + "http_domain", + "http_request_body", + "http_response_body", + "mail_eml_file" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + }, + "measurements": { + "aggregates": { + "sessions": [ + { + "fn": "count", + "column": "common_sessions", + "value": "sessions", + "label": "Sessions", + "unit": "sessions" + } + ], + "bytes": [ + { + "fn": "sum", + "column": "common_c2s_byte_diff + common_s2c_byte_diff", + "value": "bytes", + "label": "Bytes", + "unit": "bytes" + } + ], + "incoming_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_s2c_byte_diff, common_c2s_byte_diff)", + "value": "incoming_bytes", + "label": "Incoming Bytes", + "unit": "bytes" + } + ], + "outgoing_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_c2s_byte_diff, common_s2c_byte_diff)", + "value": "outgoing_bytes", + "label": "Outgoing Bytes", + "unit": "bytes" + } + ] + } + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "MAIL", + "value": "MAIL" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "DTLS", + "value": "DTLS" + }, + { + "code": "QUIC", + "value": "QUIC" + }, + { + "code": "FTP", + "value": "FTP" + }, + { + "code": "SSH", + "value": "SSH" + }, + { + "code": "Stratum", + "value": "Stratum" + }, + { + "code": "RDP", + "value": "RDP" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_url", + "label": "HTTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_host", + "label": "HTTP.Host", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_domain", + "label": "HTTP.Domain(Deprecated)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_line", + "label": "HTTP.Request Line", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_line", + "label": "HTTP.Response Line", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_header", + "label": "HTTP.Request Headers", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_header", + "label": "HTTP.Response Headers", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content", + "label": "HTTP.Request Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content", + "label": "HTTP.Response Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_body", + "label": "HTTP.Request Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_body", + "label": "HTTP.Response Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_proxy_flag", + "label": "HTTP.Proxy Flag", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_sequence", + "label": "HTTP.Sequence", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_snapshot", + "label": "HTTP.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_cookie", + "label": "HTTP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_referer", + "label": "HTTP.Referer", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_user_agent", + "label": "HTTP.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "HTTP.Set Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_version", + "label": "HTTP.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_latency_ms", + "label": "HTTP.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_session_duration_ms", + "label": "HTTP.Session Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_action_file_size", + "label": "HTTP.Action File Size", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "mail_protocol_type", + "label": "Mail.Protocol Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_account", + "label": "Mail.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from_cmd", + "label": "Mail.From CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to_cmd", + "label": "Mail.To CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from", + "label": "Mail.From", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to", + "label": "Mail.To", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_cc", + "label": "Mail.CC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_bcc", + "label": "Mail.BCC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject", + "label": "Mail.Subject", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_subject_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject_charset", + "label": "Mail.Subject Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content", + "label": "Mail.Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content_charset", + "label": "Mail.Content Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name", + "label": "Mail.Attachment", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_attachment_name_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name_charset", + "label": "Mail.Attachment Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_content", + "label": "Mail.Attachment Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_eml_file", + "label": "Mail.EML File", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_snapshot", + "label": "Mail.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_message_id", + "label": "DNS.Message ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qr", + "label": "DNS.QR", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "RESPONSE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_opcode", + "label": "DNS.OPCODE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_aa", + "label": "DNS.AA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_tc", + "label": "DNS.TC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rd", + "label": "DNS.RD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ra", + "label": "DNS.RA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rcode", + "label": "DNS.RCODE", + "doc": { + "data": [ + { + "code": 0, + "value": "NoError" + }, + { + "code": 1, + "value": "FormErr" + }, + { + "code": 2, + "value": "ServFail" + }, + { + "code": 3, + "value": "NXDomain" + }, + { + "code": 4, + "value": "NotImp" + }, + { + "code": 5, + "value": "Refused" + }, + { + "code": 6, + "value": "YXDomain" + }, + { + "code": 7, + "value": "YXRRSet" + }, + { + "code": 8, + "value": "NXRRSet" + }, + { + "code": 9, + "value": "NotAuth" + }, + { + "code": 10, + "value": "NotZone" + }, + { + "code": 16, + "value": "BADSIG" + }, + { + "code": 17, + "value": "BADKEY" + }, + { + "code": 18, + "value": "BADTIME" + }, + { + "code": 19, + "value": "BADMODE" + }, + { + "code": 20, + "value": "BADNAME" + }, + { + "code": 21, + "value": "BADALG" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qdcount", + "label": "DNS.QDCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ancount", + "label": "DNS.ANCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_nscount", + "label": "DNS.NSCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_arcount", + "label": "DNS.ARCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qname", + "label": "DNS.QNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_qtype", + "label": "DNS.QTYPE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "3", + "value": "MD" + }, + { + "code": "4", + "value": "MF" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "7", + "value": "MB" + }, + { + "code": "8", + "value": "MG" + }, + { + "code": "9", + "value": "MR" + }, + { + "code": "10", + "value": "NULL" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "14", + "value": "MINFO" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "16", + "value": "TXT" + }, + { + "code": "17", + "value": "RP" + }, + { + "code": "18", + "value": "AFSDB" + }, + { + "code": "19", + "value": "X25" + }, + { + "code": "20", + "value": "ISDN" + }, + { + "code": "21", + "value": "RT" + }, + { + "code": "22", + "value": "NSAP" + }, + { + "code": "23", + "value": "NSAP" + }, + { + "code": "24", + "value": "SIG" + }, + { + "code": "25", + "value": "KEY" + }, + { + "code": "26", + "value": "PX" + }, + { + "code": "27", + "value": "GPOS" + }, + { + "code": "28", + "value": "AAAA" + }, + { + "code": "29", + "value": "LOC" + }, + { + "code": "30", + "value": "EID" + }, + { + "code": "31", + "value": "NIMLOC" + }, + { + "code": "32", + "value": "NB" + }, + { + "code": "33", + "value": "SRV" + }, + { + "code": "34", + "value": "ATMA" + }, + { + "code": "35", + "value": "NAPTR" + }, + { + "code": "36", + "value": "KX" + }, + { + "code": "37", + "value": "CERT" + }, + { + "code": "38", + "value": "A6" + }, + { + "code": "39", + "value": "DNAME" + }, + { + "code": "40", + "value": "SINK" + }, + { + "code": "41", + "value": "OPT" + }, + { + "code": "42", + "value": "APL" + }, + { + "code": "43", + "value": "DS" + }, + { + "code": "44", + "value": "SSHFP" + }, + { + "code": "45", + "value": "IPSECKEY" + }, + { + "code": "46", + "value": "RRSIG" + }, + { + "code": "47", + "value": "NSEC" + }, + { + "code": "48", + "value": "DNSKEY" + }, + { + "code": "49", + "value": "DHCID" + }, + { + "code": "50", + "value": "NSEC3" + }, + { + "code": "51", + "value": "NSEC3PARAM" + }, + { + "code": "52", + "value": "TLSA" + }, + { + "code": "53", + "value": "SMIMEA" + }, + { + "code": "55", + "value": "HIP" + }, + { + "code": "59", + "value": "CDS" + }, + { + "code": "60", + "value": "CDNSKEY" + }, + { + "code": "61", + "value": "OPENPGPKEY" + }, + { + "code": "62", + "value": "CSYNC" + }, + { + "code": "63", + "value": "ZONEMD" + }, + { + "code": "64", + "value": "SVCB" + }, + { + "code": "65", + "value": "HTTPS" + }, + { + "code": "99", + "value": "SPF" + }, + { + "code": "100", + "value": "UINFO" + }, + { + "code": "101", + "value": "UID" + }, + { + "code": "102", + "value": "GID" + }, + { + "code": "103", + "value": "UNSPEC" + }, + { + "code": "108", + "value": "EUI48" + }, + { + "code": "109", + "value": "EUI64" + }, + { + "code": "249", + "value": "TKEY" + }, + { + "code": "250", + "value": "TSIG" + }, + { + "code": "251", + "value": "IXFR" + }, + { + "code": "252", + "value": "AXFR" + }, + { + "code": "253", + "value": "MAILB" + }, + { + "code": "254", + "value": "MAILA" + }, + { + "code": "255", + "value": "*" + }, + { + "code": "256", + "value": "URI" + }, + { + "code": "257", + "value": "CAA" + }, + { + "code": "32768", + "value": "TA" + }, + { + "code": "32769", + "value": "DLV" + }, + { + "code": "65521", + "value": "INTEGRITY" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qclass", + "label": "DNS.QCLASS", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_cname", + "label": "DNS.CNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_sub", + "label": "DNS.SUB", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rr", + "label": "DNS.RR", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_response_latency_ms", + "label": "DNS.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_pinningst", + "label": "SSL.Pinning(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Not Pinning" + }, + { + "code": "1", + "value": "Pinning" + }, + { + "code": "2", + "value": "Maybe Pinning" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_intercept_state", + "label": "SSL.Intercept State(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Passthrough" + }, + { + "code": "1", + "value": "Intercept" + }, + { + "code": "2", + "value": "Shutdown" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_passthrough_reason", + "label": "SSL.Passthrough Reason(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_server_side_latency", + "label": "SSL.Server Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_client_side_latency", + "label": "SSL.Client Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_server_side_version", + "label": "SSL.Server Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_client_side_version", + "label": "SSL.Client Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_verify", + "label": "SSL.Certificate Verify(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "No" + }, + { + "code": "1", + "value": "Yes" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_error", + "label": "SSL.Error(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_fingerprint", + "label": "SSL.JA3S", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_hash", + "label": "SSL.JA3S hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cookie", + "label": "DTLS.Cookie", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_version", + "label": "DTLS.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_sni", + "label": "DTLS.SNI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_san", + "label": "DTLS.SAN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cn", + "label": "DTLS.CN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_con_latency_ms", + "label": "DTLS.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dtls_ja3_fingerprint", + "label": "DTLS.JA3", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_ja3_hash", + "label": "DTLS.JA3 hash", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_issuer", + "label": "DTLS.Issuer", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_subject", + "label": "DTLS.Subject", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_version", + "label": "QUIC.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_sni", + "label": "QUIC.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_user_agent", + "label": "QUIC.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_account", + "label": "FTP.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_url", + "label": "FTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_content", + "label": "FTP.Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_link_type", + "label": "FTP.Link Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_type", + "label": "BGP.Type", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "bgp_as_num", + "label": "BGP.AS Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_route", + "label": "BGP.Route", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "app_extra_info", + "label": "APP.Extra Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_description", + "label": "SIP.Originator", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_description", + "label": "SIP.Responder", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_connect_ip", + "label": "SIP.Originator IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_media_port", + "label": "SIP.Originator Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_originator_sdp_media_type", + "label": "SIP.Originator Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_content", + "label": "SIP.Originator Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_connect_ip", + "label": "SIP.Responder IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_media_port", + "label": "SIP.Responder Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_responder_sdp_media_type", + "label": "SIP.Responder Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_content", + "label": "SIP.Responder Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_duration_s", + "label": "SIP.Duration (s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload Type (c2s)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload Type (s2c)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_pcap_path", + "label": "RTP.PCAP", + "doc": { + "allow_query": "false", + "constraints": { + "type": "files" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_originator_dir", + "label": "RTP.Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "unknown" + }, + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssh_version", + "label": "SSH.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_auth_success", + "label": "SSH.Authentication Result", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_client_version", + "label": "SSH.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_server_version", + "label": "SSH.Server Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_cipher_alg", + "label": "SSH.Encryption Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_mac_alg", + "label": "SSH.Signing Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_compression_alg", + "label": "SSH.Compression Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_kex_alg", + "label": "SSH. Key Exchange Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key_alg", + "label": "SSH.Server Host Key Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key", + "label": "SSH.Server Key Fingerprint", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_hassh", + "label": "SSH.HASSH", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_cryptocurrency", + "label": "Stratum.Cryptocurrency", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_pools", + "label": "Stratum.Mining Pools", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_program", + "label": "Stratum.Mining Program", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_cookie", + "label": "RDP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_security_protocol", + "label": "RDP.Security Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_channels", + "label": "RDP.Client Channels", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_keyboard_layout", + "label": "RDP.Keyboard Layout", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_version", + "label": "RDP.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_name", + "label": "RDP.Client Name", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_product_id", + "label": "RDP.Client Product ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_width", + "label": "RDP. Desktop Width", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_height", + "label": "RDP.Desktop Height", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_requested_color_depth", + "label": "RDP.Requested Color Depth", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_type", + "label": "RDP.Certificate Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_count", + "label": "RDP.Certificate Count", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_certificate_permanent", + "label": "RDP.Certificate Permanent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_encryption_level", + "label": "RDP.Encryption Level", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_encryption_method", + "label": "RDP.Encryption Method", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/job_result.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/job_result.json new file mode 100644 index 0000000..0349f56 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/job_result.json @@ -0,0 +1,47 @@ +{ + "type": "record", + "name": "job_result", + "namespace": "tsg_galaxy", + "fields": [ + { + "name": "ROWKEY", + "label": "Row Key", + "type": "string" + }, + { + "name": "is_done", + "label": "Done", + "type": "boolean" + }, + { + "name": "is_canceled", + "label": "Canceled", + "type": "boolean" + }, + { + "name": "done_progress", + "label": "Progress", + "type": "double" + }, + { + "name": "last_query_time", + "label": "Last Query Time", + "type": "long" + }, + { + "name": "duration_time", + "label": "Duration Time", + "type": "long" + }, + { + "name": "count", + "label": "Count", + "type": "long" + }, + { + "name": "job_property", + "label": "Job Property", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_interim.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_interim.json new file mode 100644 index 0000000..8cab2a0 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_interim.json @@ -0,0 +1,168 @@ +{ + "type": "record", + "name": "liveChart_interim", + "in": "INTERIM-SESSION-RECORD", + "out": "TRAFFIC-PROTOCOL-STAT", + "task": "Protocol-Distribution", + "doc": { + "timestamp": { + "name": "stat_time", + "type": "long" + }, + "dimensions": [ + { + "name": "protocol_id", + "fieldName": "common_protocol_label", + "type": "string" + }, + { + "name": "vsys_id", + "fieldName": "common_vsys_id", + "type": "int" + }, + { + "name": "app_name", + "fieldName": "common_app_label", + "type": "string" + }, + { + "name": "isp", + "fieldName": "common_isp", + "type": "string" + }, + { + "name": "data_center", + "fieldName": "common_data_center", + "type": "string" + }, + { + "name": "device_group", + "fieldName": "common_device_group", + "type": "string" + } + ], + "metrics": [ + { + "function": "sum", + "name": "sessions", + "fieldName": "common_sessions", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_byte_num", + "fieldName": "common_c2s_byte_diff", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_byte_num", + "fieldName": "common_s2c_byte_diff", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_pkt_num", + "fieldName": "common_c2s_pkt_diff", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_pkt_num", + "fieldName": "common_s2c_pkt_diff", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_ipfrag_num", + "fieldName": "common_c2s_ipfrag_num", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_ipfrag_num", + "fieldName": "common_s2c_ipfrag_num", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_tcp_lostlen", + "fieldName": "common_c2s_tcp_lostlen", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_tcp_lostlen", + "fieldName": "common_s2c_tcp_lostlen", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_tcp_unorder_num", + "fieldName": "common_c2s_tcp_unorder_num", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_tcp_unorder_num", + "fieldName": "common_s2c_tcp_unorder_num", + "type": "long" + }, + { + "function": "disCount", + "name": "unique_sip_num", + "fieldName": "common_server_ip", + "type": "long" + }, + { + "function": "disCount", + "name": "unique_cip_num", + "fieldName": "common_client_ip", + "type": "long" + } + ], + "filters": [ + { + "fieldName": "common_protocol_label", + "type": "notempty" + } + ], + "transforms": [ + { + "function": "combination", + "name": "protocol_id", + "fieldName": "common_protocol_label", + "parameters": "common_app_full_path,." + }, + { + "function": "flattenSpec", + "name": "data_center", + "fieldName": "common_device_tag", + "parameters": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "name": "device_group", + "fieldName": "common_device_tag", + "parameters": "$.tags[?(@.tag=='device_group')][0].value" + }, + { + "function": "hierarchy", + "name": "protocol_id", + "fieldName": "", + "parameters": "." + } + ], + "action": [ + { + "label": "Default", + "metrics": "c2s_byte_num,s2c_byte_num,c2s_pkt_num,s2c_pkt_num" + } + ], + "granularity": { + "type": "period", + "period": "15S" + } + }, + "fields": [] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_session.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_session.json new file mode 100644 index 0000000..ca6bdda --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/liveChart_session.json @@ -0,0 +1,156 @@ +{ + "type": "record", + "name": "liveChart_session", + "in": "SESSION-RECORD", + "out": "TRAFFIC-PROTOCOL-STAT", + "task": "Protocol-Distribution", + "doc": { + "timestamp": { + "name": "stat_time", + "type": "long" + }, + "dimensions": [ + { + "name": "protocol_id", + "fieldName": "common_protocol_label", + "type": "string" + }, + { + "name": "vsys_id", + "fieldName": "common_vsys_id", + "type": "int" + }, + { + "name": "isp", + "fieldName": "common_isp", + "type": "string" + }, + { + "name": "app_name", + "fieldName": "common_app_label", + "type": "string" + }, + { + "name": "data_center", + "fieldName": "common_data_center", + "type": "string" + }, + { + "name": "device_group", + "fieldName": "common_device_group", + "type": "string" + } + ], + "metrics": [ + { + "function": "sum", + "name": "sessions", + "fieldName": "common_sessions", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_byte_num", + "fieldName": "common_c2s_byte_diff", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_byte_num", + "fieldName": "common_s2c_byte_diff", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_pkt_num", + "fieldName": "common_c2s_pkt_diff", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_pkt_num", + "fieldName": "common_s2c_pkt_diff", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_ipfrag_num", + "fieldName": "common_c2s_ipfrag_num", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_ipfrag_num", + "fieldName": "common_s2c_ipfrag_num", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_tcp_lostlen", + "fieldName": "common_c2s_tcp_lostlen", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_tcp_lostlen", + "fieldName": "common_s2c_tcp_lostlen", + "type": "long" + }, + { + "function": "sum", + "name": "c2s_tcp_unorder_num", + "fieldName": "common_c2s_tcp_unorder_num", + "type": "long" + }, + { + "function": "sum", + "name": "s2c_tcp_unorder_num", + "fieldName": "common_s2c_tcp_unorder_num", + "type": "long" + } + ], + "filters": [ + { + "fieldName": "common_protocol_label", + "type": "notempty" + } + ], + "transforms": [ + { + "function": "combination", + "name": "protocol_id", + "fieldName": "common_protocol_label", + "parameters": "common_app_full_path,." + }, + { + "function": "flattenSpec", + "name": "device_group", + "fieldName": "common_device_tag", + "parameters": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "name": "data_center", + "fieldName": "common_device_tag", + "parameters": "$.tags[?(@.tag=='device_group')][0].value" + }, + { + "function": "hierarchy", + "name": "protocol_id", + "fieldName": "", + "parameters": "." + } + ], + "action": [ + { + "label": "Default", + "metrics": "sessions,c2s_byte_num,s2c_byte_num,c2s_pkt_num,s2c_pkt_num,c2s_ipfrag_num,s2c_ipfrag_num,c2s_tcp_lostlen,s2c_tcp_lostlen,c2s_tcp_unorder_num,s2c_tcp_unorder_num" + } + ], + "granularity": { + "type": "period", + "period": "15S" + } + }, + "fields": [] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/meta_data.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/meta_data.json new file mode 100644 index 0000000..655b026 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/meta_data.json @@ -0,0 +1,89 @@ +{ + "metadata": [ + { + "namespace": "tsg_galaxy_v3", + "group": "CLICKHOUSE_GROUP", + "tables": [ + "radius_onff_log", + "session_record", + "session_record_common_client_ip", + "session_record_common_server_ip", + "session_record_common_server_domain", + "interim_session_record", + "transaction_record", + "radius_record", + "voip_record", + "gtpc_record", + "security_event", + "proxy_event", + "dos_event", + "active_defence_event", + "sys_packet_capture_event", + "assessment_event" + ] + }, + { + "namespace": "system", + "group": "CLICKHOUSE_GROUP", + "tables": [ + "query_log_cluster", + "tables_cluster", + "columns_cluster", + "disks_cluster", + "parts_cluster", + "processes", + "query_log", + "tables", + "clusters", + "distributed_ddl_queue" + ] + }, + { + "namespace": "druid", + "group": "DRUID_GROUP", + "tables": [ + "top_client_ips", + "top_server_ips", + "top_internal_ips", + "top_external_ips", + "top_server_domains", + "top_server_fqdns", + "top_subscribers", + "application_protocol_stat", + "traffic_general_stat", + "traffic_top_destination_ip_metrics_log", + "traffic_shaping_rule_hits", + "sys_storage_log", + "service_chaining_rule_hits", + "service_function_status", + "security_rule_hits", + "proxy_rule_hits" + ] + }, + { + "namespace": "etl", + "group": "ETL_GROUP", + "tables": [ + "liveChart_session", + "liveChart_interim" + ] + }, + { + "namespace":"tsg", + "group":"HBASE_GROUP", + "tables":[ + "report_result" + ] + }, + { + "namespace": "tsg_galaxy", + "group": "HBASE_GROUP", + "tables": [ + "relation_account_framedip", + "recommendation_app_cip", + "job_result", + "gtpc_knowledge_base" + ] + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/parts_cluster.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/parts_cluster.json new file mode 100644 index 0000000..c311abf --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/parts_cluster.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "parts_cluster", + "fields": [ + { + "name": "name", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/processes.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/processes.json new file mode 100644 index 0000000..75d74a9 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/processes.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "processes", + "fields": [ + { + "name": "query_id", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_event.json new file mode 100644 index 0000000..6359bf5 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_event.json @@ -0,0 +1,2706 @@ +{ + "type": "record", + "name": "proxy_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/proxy_event/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "intercept_pinning_status", + "intercept_status", + "intercept_passthrough_reason", + "intercept_server_side_version", + "intercept_client_side_version", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "http_host", + "http_domain", + "http_url", + "http_sequence", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "http_request_line", + "http_response_line", + "http_version", + "doh_host", + "doh_url", + "doh_message_id", + "doh_qr", + "doh_opcode", + "doh_rcode", + "doh_qname", + "doh_qtype", + "doh_qclass" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "intercept_pinning_status", + "intercept_status", + "intercept_passthrough_reason", + "intercept_server_side_version", + "intercept_client_side_version", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "ssl_con_latency_ms", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_response_latency_ms", + "http_session_duration_ms", + "doh_host", + "doh_url", + "doh_message_id", + "doh_qr", + "doh_opcode", + "dns_rcode", + "doh_qname", + "doh_qtype", + "doh_qclass", + "doh_qdcount", + "doh_ancount", + "doh_nscount", + "doh_arcount" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "intercept_pinning_status", + "intercept_status", + "intercept_passthrough_reason", + "intercept_server_side_version", + "intercept_client_side_version", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_con_latency_ms", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "http_host", + "http_domain", + "http_url", + "http_request_line", + "http_response_line", + "http_request_body", + "http_response_body", + "http_sequence", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_set_cookie", + "http_response_latency_ms", + "http_session_duration_ms", + "doh_host", + "doh_url", + "doh_qname", + "doh_message_id", + "doh_qr", + "doh_opcode", + "doh_rcode", + "doh_qdcount", + "doh_ancount", + "doh_nscount", + "doh_arcount", + "doh_qtype", + "doh_qclass", + "doh_sub", + "doh_cname", + "doh_rr" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "action": [ + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file" + ] + } + }, + "schema_type": { + "SSL": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_action", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "intercept_pinning_status", + "intercept_status", + "intercept_passthrough_reason", + "intercept_server_side_version", + "intercept_client_side_version", + "intercept_server_side_latency", + "intercept_client_side_latency", + "intercept_cert_verify", + "intercept_error", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_con_latency_ms", + "ssl_ja3_fingerprint", + "ssl_ja3_hash", + "ssl_ja3s_fingerprint", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port" + ] + }, + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "DoH": { + "$ref": "public_schema_info.json#/schema_type/DoH" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_action", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_domain", + "http_request_body", + "http_response_body" + ], + "action_columns": { + "intercept": [ + "intercept_pinning_status", + "intercept_status", + "intercept_passthrough_reason", + "intercept_server_side_version", + "intercept_client_side_version", + "intercept_server_side_latency", + "intercept_client_side_latency", + "intercept_cert_verify", + "intercept_error" + ] + }, + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "2", + "value": "Intercept" + }, + { + "code": "3", + "value": "No Intercept" + }, + { + "code": "48", + "value": "Manipulation" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "format": [ + { + "function": "set_value", + "param": "1" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "DoH", + "value": "DoH" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + }, + { + "code": "edit_element", + "value": "Edit Element" + }, + { + "code": "run_script", + "value": "Run Script" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "hidden", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "intercept_pinning_status", + "label": "Intercept Pinning Status", + "doc": { + "data": [ + { + "code": "0", + "value": "not pinning" + }, + { + "code": "1", + "value": "pinning" + }, + { + "code": "2", + "value": "maybe pinning" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "intercept_status", + "label": "Intercept Status", + "doc": { + "data": [ + { + "code": "0", + "value": "passthrough" + }, + { + "code": "1", + "value": "intercept" + }, + { + "code": "2", + "value": "shutdown" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "intercept_passthrough_reason", + "label": "Intercept Passthrough Reason", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "intercept_server_side_latency", + "label": "Intercept Server Side Latency", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "intercept_client_side_latency", + "label": "Intercept Client Side Latency", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "intercept_server_side_version", + "label": "Intercept Server Side Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "intercept_client_side_version", + "label": "Intercept Client Side Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "intercept_cert_verify", + "label": "Intercept Cert Verify", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "intercept_error", + "label": "Intercept Error", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_fingerprint", + "label": "SSL.JA3S", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_hash", + "label": "SSL.JA3S hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_url", + "label": "HTTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_host", + "label": "HTTP.Host", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_domain", + "label": "HTTP.Domain(Deprecated)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_line", + "label": "HTTP.Request Line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_line", + "label": "HTTP.Response Line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_header", + "label": "HTTP.Request Header", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_header", + "label": "HTTP.Response Header", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content", + "label": "HTTP.Request Content", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content", + "label": "HTTP.Response Content", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_body", + "label": "HTTP.Request Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_body", + "label": "HTTP.Response Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_proxy_flag", + "label": "HTTP.Proxy Flag", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_sequence", + "label": "HTTP.Sequence", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_snapshot", + "label": "HTTP.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_cookie", + "label": "HTTP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_referer", + "label": "HTTP.Referer", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_user_agent", + "label": "HTTP.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "HTTP.Set Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_version", + "label": "HTTP.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_latency_ms", + "label": "HTTP.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_session_duration_ms", + "label": "HTTP.Session Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_action_file_size", + "label": "HTTP.Action File Size", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_url", + "label": "DoH.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_host", + "label": "DoH.Host", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_request_line", + "label": "DoH.Request Line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_response_line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "DoH.Response Line", + "type": "string" + }, + { + "name": "doh_cookie", + "label": "DoH.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_referer", + "label": "DoH.Referer", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_user_agent", + "label": "DoH.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_content_length", + "label": "DoH.Content Length", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_content_type", + "label": "DoH.Content Type", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_set_cookie", + "label": "DoH.Set Cookie", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_version", + "label": "DoH.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_message_id", + "label": "DoH.Message ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_qr", + "label": "DoH.QR", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "REESPONSE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_opcode", + "label": "DoH.OPCODE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_aa", + "label": "DoH.AA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_tc", + "label": "DoH.TC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_rd", + "label": "DoH.RD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_ra", + "label": "DoH.RA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_rcode", + "label": "DoH.RCODE", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_qdcount", + "label": "DoH.QDCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_ancount", + "label": "DoH.ANCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_nscount", + "label": "DoH.NSCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_arcount", + "label": "DoH.ARCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_qname", + "label": "DoH.QNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_qtype", + "label": "DoH.QTYPE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "28", + "value": "AAAA" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_qclass", + "label": "DoH.QCLASS", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_cname", + "label": "DoH.CNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "doh_sub", + "label": "DoH.SUB", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "doh_rr", + "label": "DoH.RR", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_rule_hits.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_rule_hits.json new file mode 100644 index 0000000..43158f1 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/proxy_rule_hits.json @@ -0,0 +1,235 @@ +{ + "type": "record", + "name": "proxy_rule_hits", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 1, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "rule_id", + "label": "Rule", + "type": "long", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + } + }, + { + "name": "action", + "label": "Action", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": [ + { + "code": "2", + "value": "Intercept" + }, + { + "code": "3", + "value": "No Intercept" + }, + { + "code": "48", + "value": "Manipulate" + } + ], + "visibility": "enabled" + } + }, + { + "name": "pinning_status", + "label": "Pinning Status", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": [ + { + "code": "0", + "value": "Not Pinning" + }, + { + "code": "1", + "value": "Pinning" + }, + { + "code": "2", + "value": "Maybe Pinning" + } + ], + "visibility": "enabled" + } + }, + { + "name": "sub_action", + "label": "Sub Action", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": [ + { + "code": "deny", + "value": "Deny" + }, + { + "code": "allow", + "value": "Allow" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "hijack", + "value": "Hijack" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "edit_element", + "value": "Edit Element" + }, + { + "code": "run_script", + "value": "Run Script" + } + ], + "visibility": "enabled" + } + }, + { + "name": "hit_count", + "label": "Hit Count", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_code_info.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_code_info.json new file mode 100644 index 0000000..06382fc --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_code_info.json @@ -0,0 +1,167 @@ +{ + "CDN": { + "Akamai": [ + "akadns.net", + "akagtm.org", + "akahost.net", + "akamai.com", + "akamaiedge.net", + "akamaiedge-staging.net", + "akamaientrypoint.net", + "akamaihd.net", + "akamai.net", + "akamaistream.net", + "akamaitech.net", + "akamaitechnologies.com", + "akamaitechnologies.fr", + "akamaized.net", + "akam.net", + "akasecure.net", + "edgekey.net", + "edgesuite.net" + ], + "Cloudflare": [ + "cloudflareaccess.com", + "cloudflareclient.com", + "cloudflare.com", + "cloudflare-dm-cmpimg.com", + "cloudflareinsights.com", + "cloudflare-ipfs.com", + "cloudflare.net", + "cloudflareok.com", + "cloudflareportal.com", + "cloudflare-quic.com", + "cloudflareresolve.com", + "cloudflaressl.com", + "cloudflarestatus.com", + "cloudflare-terms-of-service-abuse.com", + "sn-cloudflare.com" + ], + "Google": [ + "cache.google.com", + "googlevideo.com" + ], + "Amazon CloudFront": [ + "cloudfront.net" + ], + "Fastly": [ + "astly-analytics.com", + "fastly.com", + "fastly-debug.com", + "fastlydns.net", + "fastly-insights.com", + "fastly.io", + "fastlylabs.com", + "fastlylb.net", + "fastly.net", + "fastly-status.com", + "secretcdn-stg.net" + ], + "Bunny": [ + "b-cdn.net", + "bunnyinfra.net", + "bunny.net" + ], + "G-Core": [ + "gcdn.co", + "gcorelabs.com" + ], + "KeyCDN": [ + "keycdn.com", + "kxcdn.com" + ], + "Alibaba": [ + "alicdn.com" + ], + "Edgecast": [ + "edgecastcdn.net", + "edgecast.com", + "edgecastdns.net", + "phicdn.net", + "verizondigitalmedia.com", + "verizonmedia.com" + ], + "Huawei": [ + "cdnhwc1.com", + "cdnhwc2.com", + "cdnhwc3.com", + "cdnhwc5.com", + "cdnhwc6.com", + "cdnhwc7.com", + "cdnhwc8.com", + "livehwc3.cn" + ], + "Azure Front Door": [ + "a-msedge.net", + "au-msedge.net", + "b-msedge.net", + "c-msedge.net", + "cn-msedge.net", + "dc-msedge.net", + "e-msedge.net", + "exo-msedge.net", + "fbs1-t-msedge.net", + "fbs2-a-msedge.net", + "fbs2-e-msedge.net", + "fb-t-msedge.net", + "f-msedge.net", + "k-msedge.net", + "l-msedge.net", + "m1-msedge.net", + "msedge.net", + "o-msedge.net", + "q-msedge.net", + "q-t-msedge.net", + "segment2-s-msedge.net", + "s-msedge.net", + "t-msedge.net" + ], + "BaishanCloud": [ + "baishancloud.com" + ], + "CDN77": [ + "cdn77.com", + "cdn77.org" + ], + "Limelight Networks": [ + "delvenetworks.com", + "limelight.com", + "lldns.net", + "llnw.com", + "llnwd.net", + "llnwi.net", + "llnw.net", + "llnw-trials.com" + ], + "Lumen": [ + "footprintdns.com", + "footprint.net" + ], + "Meta": [ + "fbcdn.net" + ], + "StackPath": [ + "highwinds.com", + "hwcdn.net", + "stackpath.com", + "stackpathedge.net" + ], + "Wangsu": [ + "cdn20.com", + "cdn30.com", + "cdnetworks.com", + "cdnetworks.net", + "chinanetcenter.com", + "lxdns.com", + "quantil.com", + "wangsu.com", + "wscdns.com", + "wscloudcdn.com", + "wsdvs.com", + "wsglb0.com", + "wswebcdn.com", + "wswebpic.com", + "wtxcdn.com" + ] + } +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_schema_info.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_schema_info.json new file mode 100644 index 0000000..8d1d7d8 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/public_schema_info.json @@ -0,0 +1,3097 @@ +{ + "radius_onff_log": { + "index_key": { + "log_id": [ + "account", + "event_timestamp", + "vsys_id" + ], + "vsys_id": [ + "vsys_id", + "account", + "event_timestamp" + ] + } + }, + "session_record": { + "index_key": { + "log_id": [ + "common_log_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_data_center", + "common_device_group", + "common_recv_time", + "common_log_id" + ] + } + }, + "session_record_common_client_ip": { + "index_key": { + "log_id": [ + "common_client_ip", + "common_server_ip", + "common_recv_time" + ], + "vsys_id": [ + "common_client_ip", + "common_server_ip", + "common_recv_time" + ] + } + }, + "session_record_common_server_ip": { + "index_key": { + "log_id": [ + "common_server_ip", + "common_client_ip", + "common_recv_time" + ], + "vsys_id": [ + "common_server_ip", + "common_client_ip", + "common_recv_time" + ] + } + }, + "session_record_common_server_domain": { + "index_key": { + "log_id": [ + "common_server_domain", + "common_recv_time" + ], + "vsys_id": [ + "common_server_domain", + "common_recv_time" + ] + } + }, + "interim_session_record": { + "index_key": { + "log_id": [ + "common_log_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_data_center", + "common_device_group", + "common_recv_time", + "common_log_id" + ] + } + }, + "transaction_record": { + "index_key": { + "log_id": [ + "common_stream_trace_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_stream_trace_id", + "common_data_center", + "common_recv_time" + ] + } + }, + "radius_record": { + "index_key": { + "log_id": [ + "common_log_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_data_center", + "common_recv_time", + "common_log_id" + ] + } + }, + "voip_record": { + "index_key": { + "log_id": [ + "common_log_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_data_center", + "common_recv_time", + "common_log_id" + ] + } + }, + "gtpc_record": { + "index_key": { + "log_id": [ + "common_log_id", + "common_data_center", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_data_center", + "common_recv_time", + "common_log_id" + ] + } + }, + "security_event": { + "index_key": { + "log_id": [ + "common_log_id", + "common_policy_id", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_action", + "common_policy_id", + "common_recv_time", + "common_log_id" + ] + } + }, + "proxy_event": { + "index_key": { + "log_id": [ + "common_log_id", + "common_policy_id", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_sub_action", + "common_policy_id", + "common_recv_time", + "common_log_id" + ] + } + }, + "dos_event": { + "index_key": { + "log_id": [ + "log_id", + "start_time", + "destination_ip", + "vsys_id" + ], + "vsys_id": [ + "vsys_id", + "destination_ip", + "start_time", + "log_id" + ] + } + }, + "active_defence_event": { + "index_key": { + "log_id": [ + "common_log_id", + "common_policy_id", + "common_recv_time" + ], + "vsys_id": [ + "common_log_id", + "common_policy_id", + "common_recv_time" + ] + } + }, + "sys_packet_capture_event": { + "index_key": { + "log_id": [ + "common_log_id", + "common_policy_id", + "common_recv_time", + "common_vsys_id" + ], + "vsys_id": [ + "common_vsys_id", + "common_policy_id", + "common_recv_time", + "common_log_id" + ] + } + }, + "assessment_event": { + "index_key": { + "log_id": [ + "common_log_id", + "common_recv_time", + "vsys_id" + ], + "vsys_id": [ + "vsys_id", + "common_recv_time", + "common_log_id" + ] + } + }, + "functions": { + "aggregation": [ + { + "name": "COUNT", + "label": "COUNT", + "function": "count(expr)" + }, + { + "name": "COUNT_DISTINCT", + "label": "COUNT_DISTINCT", + "function": "count(distinct expr)" + }, + { + "name": "AVG", + "label": "AVG", + "function": "avg(expr)" + }, + { + "name": "SUM", + "label": "SUM", + "function": "sum(expr)" + }, + { + "name": "MAX", + "label": "MAX", + "function": "max(expr)" + }, + { + "name": "MIN", + "label": "MIN", + "function": "min(expr)" + }, + { + "name": "MEDIAN", + "label": "MEDIAN", + "function": "MEDIAN(expr)" + }, + { + "name": "QUANTILE", + "label": "QUANTILE", + "function": "QUANTILE(expr,level)" + }, + { + "name": "TIME_FLOOR_WITH_FILL", + "label": "TIME_FLOOR_WITH_FILL", + "function": "TIME_FLOOR_WITH_FILL(expr,period,fill)" + } + ], + "date": [ + { + "name": "UNIX_TIMESTAMP", + "label": "UNIX_TIMESTAMP", + "function": "UNIX_TIMESTAMP(expr)" + }, + { + "name": "FROM_UNIXTIME", + "label": "FROM_UNIXTIME", + "function": "FROM_UNIXTIME(expr)" + }, + { + "name": "DATE_FORMAT", + "label": "DATE_FORMAT", + "function": "DATE_FORMAT(expr,format)" + }, + { + "name": "CONVERT_TZ", + "label": "CONVERT_TZ", + "function": "CONVERT_TZ(expr, from_tz, to_tz)" + } + ], + "operator": [ + { + "name": "=", + "label": "=", + "function": "expr = value" + }, + { + "name": "!=", + "label": "!=", + "function": "expr != value" + }, + { + "name": ">", + "label": ">", + "function": "expr > value" + }, + { + "name": "<", + "label": "<", + "function": "expr < value" + }, + { + "name": ">=", + "label": ">=", + "function": "expr >= value" + }, + { + "name": "<=", + "label": "<=", + "function": "expr <= value" + }, + { + "name": "has", + "label": "HAS", + "function": "has(expr, value)" + }, + { + "name": "in", + "label": "IN", + "function": "expr in (values)" + }, + { + "name": "not in", + "label": "NOT IN", + "function": "expr not in (values)" + }, + { + "name": "like", + "label": "LIKE", + "function": "expr like value" + }, + { + "name": "not like", + "label": "NOT LIKE", + "function": "expr not like value" + }, + { + "name": "notEmpty", + "label": "NOT EMPTY", + "function": "notEmpty(expr)" + }, + { + "name": "empty", + "label": "EMPTY", + "function": "empty(expr)" + }, + { + "name": "bitAnd", + "label": "Bitwise AND", + "function": "bitAnd(expr, value)" + } + ] + }, + "schema_query": { + "references": { + "aggregation": [ + { + "type": "int", + "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN,MEDIAN,QUANTILE" + }, + { + "type": "long", + "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN,MEDIAN,QUANTILE" + }, + { + "type": "float", + "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN,MEDIAN,QUANTILE" + }, + { + "type": "double", + "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN,MEDIAN,QUANTILE" + }, + { + "type": "string", + "functions": "COUNT,COUNT_DISTINCT" + }, + { + "type": "date", + "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" + }, + { + "type": "timestamp", + "functions": "COUNT,COUNT_DISTINCT,MAX,MIN" + }, + { + "type": "array", + "functions": "COUNT,COUNT_DISTINCT" + }, + { + "type": "bit", + "functions": "COUNT,COUNT_DISTINCT" + } + ], + "operator": [ + { + "type": "int", + "functions": "=,!=,>,<,>=,<=,in,not in" + }, + { + "type": "long", + "functions": "=,!=,>,<,>=,<=,in,not in" + }, + { + "type": "float", + "functions": "=,!=,>,<,>=,<=" + }, + { + "type": "double", + "functions": "=,!=,>,<,>=,<=" + }, + { + "type": "string", + "functions": "=,!=,in,not in,like,not like,notEmpty,empty" + }, + { + "type": "date", + "functions": "=,!=,>,<,>=,<=" + }, + { + "type": "timestamp", + "functions": "=,!=,>,<,>=,<=" + }, + { + "type": "array", + "functions": "has,notEmpty,empty" + }, + { + "type": "bit", + "functions": "=,!=,bitAnd" + } + ] + } + }, + "schema_type": { + "BASE": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_service_category", + "common_l7_protocol", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port" + ] + }, + "HTTP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_service_category", + "common_l7_protocol", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "http_url", + "http_host", + "http_domain", + "http_request_line", + "http_response_line", + "http_request_header", + "http_response_header", + "http_request_content", + "http_request_content_length", + "http_request_content_type", + "http_response_content", + "http_response_content_length", + "http_response_content_type", + "http_request_body", + "http_response_body", + "http_proxy_flag", + "http_sequence", + "http_snapshot", + "http_cookie", + "http_referer", + "http_user_agent", + "http_set_cookie", + "http_version", + "http_response_latency_ms", + "http_session_duration_ms", + "http_action_file_size" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "http_url", + "common_server_port", + "common_sub_action" + ] + }, + "MAIL": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_subject_charset", + "mail_content", + "mail_content_charset", + "mail_attachment_name", + "mail_attachment_name_charset", + "mail_attachment_content", + "mail_eml_file", + "mail_snapshot" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "mail_from", + "mail_to", + "mail_subject" + ] + }, + "DNS": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_aa", + "dns_tc", + "dns_rd", + "dns_ra", + "dns_rcode", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_cname", + "dns_sub", + "dns_rr", + "dns_response_latency_ms" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_client_ip", + "dns_qr", + "dns_qname", + "dns_qtype" + ] + }, + "SSL": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_latency", + "ssl_client_side_latency", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_cert_verify", + "ssl_error", + "ssl_con_latency_ms", + "ssl_ja3_fingerprint", + "ssl_ja3_hash", + "ssl_ja3s_fingerprint", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "ssl_sni", + "common_server_ip", + "common_server_port" + ] + }, + "DTLS": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "dtls_cookie", + "dtls_version", + "dtls_sni", + "dtls_san", + "dtls_cn", + "dtls_con_latency_ms", + "dtls_ja3_fingerprint", + "dtls_ja3_hash", + "dtls_cert_issuer", + "dtls_cert_subject" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "dtls_sni", + "common_server_ip", + "common_server_port" + ] + }, + "QUIC": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "quic_version", + "quic_sni", + "quic_user_agent" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "quic_sni", + "common_server_ip", + "common_server_port" + ] + }, + "FTP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "ftp_account", + "ftp_url", + "ftp_content", + "ftp_link_type" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "ftp_url", + "common_server_ip", + "common_server_port" + ] + }, + "BGP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "bgp_type", + "bgp_as_num", + "bgp_route" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "bgp_type", + "bgp_as_num", + "common_server_ip", + "common_server_port" + ] + }, + "SIP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_originator_sdp_connect_ip", + "sip_originator_sdp_media_port", + "sip_originator_sdp_media_type", + "sip_originator_sdp_content", + "sip_responder_sdp_connect_ip", + "sip_responder_sdp_media_port", + "sip_responder_sdp_media_type", + "sip_responder_sdp_content", + "sip_duration_s", + "sip_bye" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "sip_originator_description", + "sip_responder_description", + "sip_call_id", + "common_server_ip", + "common_server_port" + ] + }, + "RTP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "rtp_pcap_path", + "rtp_originator_dir" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "rtp_pcap_path", + "rtp_originator_dir" + ] + }, + "APP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "app_extra_info" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_app_id", + "common_app_label", + "app_extra_info", + "common_server_ip", + "common_server_port" + ] + }, + "DoH": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "doh_url", + "doh_host", + "doh_request_line", + "doh_response_line", + "doh_cookie", + "doh_referer", + "doh_user_agent", + "doh_content_length", + "doh_content_type", + "doh_set_cookie", + "doh_version", + "doh_message_id", + "doh_qr", + "doh_opcode", + "doh_aa", + "doh_tc", + "doh_rd", + "doh_ra", + "doh_rcode", + "doh_qdcount", + "doh_ancount", + "doh_nscount", + "doh_arcount", + "doh_qname", + "doh_qtype", + "doh_qclass", + "doh_cname", + "doh_sub", + "doh_rr" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_client_ip", + "doh_url", + "doh_qname", + "common_server_port" + ] + }, + "VoIP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_originator_sdp_connect_ip", + "sip_originator_sdp_media_port", + "sip_originator_sdp_media_type", + "sip_originator_sdp_content", + "sip_responder_sdp_connect_ip", + "sip_responder_sdp_media_port", + "sip_responder_sdp_media_type", + "sip_responder_sdp_content", + "sip_duration_s", + "sip_bye", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "rtp_pcap_path", + "rtp_originator_dir" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "sip_originator_description", + "sip_responder_description", + "sip_call_id", + "common_server_ip", + "common_server_port", + "rtp_pcap_path", + "rtp_originator_dir" + ] + }, + "SSH": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "ssh_auth_success" + ] + }, + "RADIUS": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "radius_packet_type", + "radius_nas_ip", + "radius_framed_ip", + "radius_account", + "radius_session_timeout", + "radius_idle_timeout", + "radius_acct_status_type", + "radius_acct_terminate_cause", + "radius_event_timestamp", + "radius_nas_port", + "radius_service_type", + "radius_framed_protocol", + "radius_callback_number", + "radius_callback_id", + "radius_termination_action", + "radius_called_station_id", + "radius_calling_station_id", + "radius_acct_delay_time", + "radius_acct_session_id", + "radius_acct_multi_session_id", + "radius_acct_input_octets", + "radius_acct_output_octets", + "radius_acct_input_packets", + "radius_acct_output_packets", + "radius_acct_session_time", + "radius_acct_link_count", + "radius_acct_interim_interval", + "radius_acct_authentic" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "radius_nas_ip", + "radius_framed_ip", + "radius_acct_status_type" + ] + }, + "Stratum": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program" + ] + }, + "RDP": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_l7_protocol", + "common_service_category", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_desktop_width", + "rdp_desktop_height", + "rdp_requested_color_depth", + "rdp_certificate_type", + "rdp_certificate_count", + "rdp_certificate_permanent", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "rdp_client_version", + "rdp_client_name" + ] + }, + "GTP-C": { + "columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_client_ip", + "common_client_port", + "common_internal_ip", + "common_l4_protocol", + "common_address_type", + "common_server_ip", + "common_server_port", + "common_external_ip", + "common_action", + "common_direction", + "common_entrance_id", + "common_sled_ip", + "common_client_location", + "common_client_asn", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_service", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_user_tags", + "common_sub_action", + "common_user_region", + "common_shaping_rule_ids", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_device_tag", + "common_data_center", + "common_device_group", + "common_app_behavior", + "common_encapsulation", + "common_app_label", + "common_tunnels", + "common_protocol_label", + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_surrogate_id", + "common_service_category", + "common_l7_protocol", + "common_start_time", + "common_end_time", + "common_establish_latency_ms", + "common_con_duration_ms", + "common_stream_dir", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_stream_trace_id", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_first_ttl", + "common_processing_time", + "common_ingestion_time", + "common_mirrored_pkts", + "common_mirrored_bytes", + "gtp_version", + "gtp_apn", + "gtp_imei", + "gtp_imsi", + "gtp_phone_number", + "gtp_end_user_ipv4", + "gtp_end_user_ipv6", + "gtp_uplink_teid", + "gtp_downlink_teid", + "gtp_msg_type" + ], + "default_columns": [ + "common_recv_time", + "common_log_id", + "gtp_version", + "gtp_msg_type", + "gtp_imsi", + "gtp_imei", + "gtp_phone_number", + "common_client_ip", + "common_server_ip" + ] + } + }, + "tunnel_type": { + "GTP": [ + { + "name": "gtp_endpoint_a_ip", + "label": "Endpoint A IP", + "type": "string" + }, + { + "name": "gtp_endpoint_b_ip", + "label": "Endpoint B IP", + "type": "string" + }, + { + "name": "gtp_endpoint_a_port", + "label": "Endpoint A Port", + "type": "int" + }, + { + "name": "gtp_endpoint_b_port", + "label": "Endpoint B Port", + "type": "int" + }, + { + "name": "gtp_endpoint_a2b_teid", + "label": "Endpoint A2B TEID", + "type": "long" + }, + { + "name": "gtp_endpoint_b2a_teid", + "label": "Endpoint B2A TEID", + "type": "long" + } + ], + "MPLS": [ + { + "name": "mpls_c2s_direction_label", + "label": "Multiprotocol Label (c2s)", + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "mpls_s2c_direction_label", + "label": "Multiprotocol Label (s2c)", + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + } + ], + "VLAN": [ + { + "name": "vlan_c2s_direction_id", + "label": "VLAN Direction (c2s)", + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "vlan_s2c_direction_id", + "label": "VLAN Direction (s2c)", + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + } + ], + "ETHERNET": [ + { + "name": "source_mac", + "label": "Source MAC", + "type": "string" + }, + { + "name": "destination_mac", + "label": "Destination MAC", + "type": "string" + } + ], + "MULTIPATH_ETHERNET": [ + { + "name": "c2s_source_mac", + "label": "Source MAC (c2s)", + "type": "string" + }, + { + "name": "c2s_destination_mac", + "label": "Destination MAC (c2s)", + "type": "string" + }, + { + "name": "s2c_source_mac", + "label": "Source MAC (s2c)", + "type": "string" + }, + { + "name": "s2c_destination_mac", + "label": "Destination MAC (s2c)", + "type": "string" + } + ], + "L2TP": [ + { + "name": "l2tp_version", + "label": "Version", + "type": "string" + }, + { + "name": "l2tp_lac2lns_tunnel_id", + "label": "LAC2LNS Tunnel ID", + "type": "int" + }, + { + "name": "l2tp_lns2lac_tunnel_id", + "label": "LNS2LAC Tunnel ID", + "type": "int" + }, + { + "name": "l2tp_lac2lns_session_id", + "label": "LAC2LNS Session ID", + "type": "int" + }, + { + "name": "l2tp_lns2lac_session_id", + "label": "LNS2LAC Session ID", + "type": "int" + }, + { + "name": "l2tp_access_concentrator_ip", + "label": "Access Concentrator IP", + "type": "string" + }, + { + "name": "l2tp_access_concentrator_port", + "label": "Access Concentrator Port", + "type": "int" + }, + { + "name": "l2tp_network_server_ip", + "label": "Network Server IP", + "type": "string" + }, + { + "name": "l2tp_network_server_port", + "label": "Network Server Port", + "type": "int" + } + ], + "PPTP": [ + { + "name": "pptp_uplink_tunnel_id", + "label": "UpLink Tunnel ID", + "type": "int" + }, + { + "name": "pptp_downlink_tunnel_id", + "label": "Down Tunnel ID", + "type": "int" + } + ] + }, + "fields": { + "common_encapsulation": { + "data": [ + { + "code": "0", + "value": "Ethernet" + }, + { + "code": "8", + "value": "PPP" + }, + { + "code": "12", + "value": "CiscoHDLC" + } + ] + }, + "common_has_dup_traffic": { + "data": [ + { + "code": "0", + "value": "No" + }, + { + "code": "1", + "value": "Yes" + } + ] + }, + "common_flags": { + "data": [ + { + "code": "1", + "value": "Asymmetric" + }, + { + "code": "2", + "value": "Bulky" + }, + { + "code": "4", + "value": "CBR Streaming" + }, + { + "code": "8", + "value": "Client is Local" + }, + { + "code": "16", + "value": "Server is Local" + }, + { + "code": "32", + "value": "Download" + }, + { + "code": "64", + "value": "Interactive" + }, + { + "code": "128", + "value": "Inbound" + }, + { + "code": "256", + "value": "Outbound" + }, + { + "code": "512", + "value": "Pseudo Unidirectional" + }, + { + "code": "1024", + "value": "Streaming" + }, + { + "code": "2048", + "value": "Unidirectional" + }, + { + "code": "4096", + "value": "Random looking" + }, + { + "code": "8192", + "value": "C2S" + }, + { + "code": "16384", + "value": "S2C" + } + ] + } + } +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log.json new file mode 100644 index 0000000..4f5e8d5 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "query_log", + "fields": [ + { + "name": "query_id", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log_cluster.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log_cluster.json new file mode 100644 index 0000000..d6e7583 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/query_log_cluster.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "query_log_cluster", + "fields": [ + { + "name": "type", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_onff_log.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_onff_log.json new file mode 100644 index 0000000..3209127 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_onff_log.json @@ -0,0 +1,73 @@ +{ + "type": "record", + "name": "radius_onff_log", + "namespace": "tsg_galaxy_v3", + "doc": { + "partition_key": "event_timestamp", + "index_key": { + "$ref": "public_schema_info.json#/radius_onff_log/index_key" + } + }, + "fields": [ + { + "name": "event_timestamp", + "label": "Event Time", + "doc": { + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "account", + "label": "Account", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "framed_ip", + "label": "Framed IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "acct_session_id", + "label": "Acct Session ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "acct_status_type", + "label": "Acct Status Type", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "acct_session_time", + "label": "Acct Session Time", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_record.json new file mode 100644 index 0000000..2e437df --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/radius_record.json @@ -0,0 +1,1976 @@ +{ + "type": "record", + "name": "radius_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/radius_record/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_vsys_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_subscriber_id", + "common_in_src_mac", + "common_out_src_mac", + "radius_nas_ip", + "radius_framed_ip", + "radius_packet_type", + "radius_account", + "radius_acct_status_type", + "radius_acct_terminate_cause", + "radius_nas_port", + "radius_called_station_id", + "radius_calling_station_id", + "radius_acct_session_id", + "radius_acct_multi_session_id", + "radius_service_type", + "radius_acct_authentic" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "radius_framed_ip", + "radius_nas_ip", + "radius_account", + "radius_session_timeout", + "radius_idle_timeout", + "radius_nas_port", + "radius_event_timestamp", + "radius_acct_input_octets", + "radius_acct_output_octets", + "radius_acct_input_packets", + "radius_acct_output_packets", + "radius_acct_session_time", + "radius_acct_link_count", + "radius_acct_interim_interval" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_vsys_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "radius_framed_ip", + "radius_nas_ip", + "radius_account", + "radius_packet_type", + "radius_acct_status_type", + "radius_acct_terminate_cause", + "radius_called_station_id", + "radius_calling_station_id", + "radius_acct_session_id", + "radius_acct_multi_session_id", + "radius_service_type", + "radius_acct_authentic", + "radius_session_timeout", + "radius_idle_timeout", + "radius_nas_port", + "radius_event_timestamp", + "radius_acct_input_octets", + "radius_acct_output_octets", + "radius_acct_input_packets", + "radius_acct_output_packets", + "radius_acct_session_time", + "radius_acct_link_count", + "radius_acct_interim_interval" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "RADIUS": { + "$ref": "public_schema_info.json#/schema_type/RADIUS" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "radius_nas_ip", + "radius_framed_ip", + "radius_acct_status_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "48", + "value": "Manipulation" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "MAIL", + "value": "MAIL" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "FTP", + "value": "FTP" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "hidden", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "disabled", + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "radius_packet_type", + "label": "Packet Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "Access-Request" + }, + { + "code": "2", + "value": "Access-Accept" + }, + { + "code": "3", + "value": "Access-Reject" + }, + { + "code": "4", + "value": "Accounting-Request" + }, + { + "code": "5", + "value": "Accounting-Response" + }, + { + "code": "11", + "value": "Access-Challenge" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_account", + "label": "Account", + "doc": { + "format": [ + { + "function": "get_value", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_nas_ip", + "label": "Nas IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_framed_ip", + "label": "Framed IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_session_timeout", + "label": "Session Timeout", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_idle_timeout", + "label": "Idle Timeout", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_status_type", + "label": "ACC Status Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "Start" + }, + { + "code": "2", + "value": "Stop" + }, + { + "code": "3", + "value": "Interim-Update" + }, + { + "code": "7", + "value": "Accounting-On" + }, + { + "code": "8", + "value": "Accounting-Off" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_acct_terminate_cause", + "label": "Acct Terminate Cause", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "User Request" + }, + { + "code": "2", + "value": "Lost Carrier" + }, + { + "code": "3", + "value": "Lost Service" + }, + { + "code": "4", + "value": "Idle Timeout" + }, + { + "code": "5", + "value": "Session Timeout" + }, + { + "code": "6", + "value": "Admin Reset" + }, + { + "code": "7", + "value": "Admin Reboot" + }, + { + "code": "8", + "value": "Port Error" + }, + { + "code": "9", + "value": "NAS Error" + }, + { + "code": "10", + "value": "NAS Request" + }, + { + "code": "11", + "value": "NAS Reboot" + }, + { + "code": "12", + "value": "Port Unneeded" + }, + { + "code": "13", + "value": "Port Preempted" + }, + { + "code": "14", + "value": "Port Suspended" + }, + { + "code": "15", + "value": "Service Unavailable" + }, + { + "code": "16", + "value": "Callback" + }, + { + "code": "17", + "value": "User Error" + }, + { + "code": "18", + "value": "Host Request" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_event_timestamp", + "label": "Event Timestamp", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "radius_service_type", + "label": "Service Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_nas_port", + "label": "Nas Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_framed_protocol", + "label": "Framed Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_callback_number", + "label": "Callback Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_callback_id", + "label": "Callback ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_termination_action", + "label": "Termination Action", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_called_station_id", + "label": "Called Station ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_calling_station_id", + "label": "Calling Station ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_acct_delay_time", + "label": "Acct Delay Time", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_session_id", + "label": "Acct Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_acct_multi_session_id", + "label": "Acct Multi Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "radius_acct_input_octets", + "label": "Acct Input Octets", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_output_octets", + "label": "Acct Output Octets", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_input_packets", + "label": "Acct Input Packets", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_output_packets", + "label": "Acct Output Packets", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_session_time", + "label": "Acct Session Time", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "radius_acct_link_count", + "label": "Acct Link Count", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_acct_interim_interval", + "label": "Acct Interim Interval", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "radius_acct_authentic", + "label": "Acct Authentic", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/recommendation_app_cip.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/recommendation_app_cip.json new file mode 100644 index 0000000..8d815ea --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/recommendation_app_cip.json @@ -0,0 +1,27 @@ +{ + "type": "record", + "name": "recommendation_app_cip", + "namespace": "tsg_galaxy", + "fields": [ + { + "name": "ROWKEY", + "label": "Row Key", + "type": "string" + }, + { + "name": "app_label", + "label": "APP Label", + "type": "string" + }, + { + "name": "last_update_time", + "label": "Last Update Time", + "type": "long" + }, + { + "name": "client_ip_list", + "label": "Client IP List", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/relation_account_framedip.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/relation_account_framedip.json new file mode 100644 index 0000000..7a07141 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/relation_account_framedip.json @@ -0,0 +1,37 @@ +{ + "type": "record", + "name": "relation_account_framedip", + "namespace": "tsg_galaxy", + "fields": [ + { + "name":"ROWKEY", + "label":"Row Key", + "type":"string" + }, + { + "name":"acct_status_type", + "label":"Acct Status Type", + "type":"string" + }, + { + "name":"first_found_time", + "label":"First Found Time", + "type":"long" + }, + { + "name":"last_update_time", + "label":"Last Update Time", + "type":"long" + }, + { + "name":"framed_ip", + "label":"Framed IP", + "type":"string" + }, + { + "name":"account", + "label":"Account", + "type":"string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/report_result.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/report_result.json new file mode 100644 index 0000000..fdd1b7b --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/report_result.json @@ -0,0 +1,32 @@ +{ + "type": "record", + "name": "report_result", + "namespace": "tsg", + "fields": [ + { + "name":"ROWKEY", + "label":"Row Key", + "type":"string" + }, + { + "name":"excute_sql", + "label":"Excute SQL", + "type":"string" + }, + { + "name":"read_rows", + "label":"Read Rows", + "type":"long" + }, + { + "name":"result_id", + "label":"Result ID", + "type":"int" + }, + { + "name":"result", + "label":"Result", + "type":"string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event.json new file mode 100644 index 0000000..998189c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event.json @@ -0,0 +1,4204 @@ +{ + "type": "record", + "name": "security_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/security_event/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_host", + "http_domain", + "http_url", + "http_sequence", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "http_request_line", + "http_response_line", + "http_version", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_originator_sdp_connect_ip", + "sip_originator_sdp_media_port", + "sip_originator_sdp_media_type", + "sip_responder_sdp_connect_ip", + "sip_responder_sdp_media_port", + "sip_responder_sdp_media_type", + "ssh_version", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "ssl_con_latency_ms", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_originator_sdp_connect_ip", + "sip_originator_sdp_media_port", + "sip_originator_sdp_media_type", + "sip_responder_sdp_connect_ip", + "sip_responder_sdp_media_port", + "sip_responder_sdp_media_type", + "sip_duration_s", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_request_line", + "http_response_line", + "http_request_body", + "http_response_body", + "http_sequence", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_set_cookie", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "mail_eml_file", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_sub", + "dns_cname", + "dns_rr", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_con_latency_ms", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_originator_sdp_connect_ip", + "sip_originator_sdp_media_port", + "sip_originator_sdp_media_type", + "sip_originator_sdp_content", + "sip_responder_sdp_connect_ip", + "sip_responder_sdp_media_port", + "sip_responder_sdp_media_type", + "sip_responder_sdp_content", + "sip_duration_s", + "sip_bye", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "action": [ + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc" + ] + } + }, + "schema_type": { + "BASE": { + "$ref": "public_schema_info.json#/schema_type/BASE" + }, + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": { + "$ref": "public_schema_info.json#/schema_type/MAIL" + }, + "DNS": { + "$ref": "public_schema_info.json#/schema_type/DNS" + }, + "SSL": { + "$ref": "public_schema_info.json#/schema_type/SSL" + }, + "DTLS": { + "$ref": "public_schema_info.json#/schema_type/DTLS" + }, + "QUIC": { + "$ref": "public_schema_info.json#/schema_type/QUIC" + }, + "FTP": { + "$ref": "public_schema_info.json#/schema_type/FTP" + }, + "BGP": { + "$ref": "public_schema_info.json#/schema_type/BGP" + }, + "SIP": { + "$ref": "public_schema_info.json#/schema_type/SIP" + }, + "RTP": { + "$ref": "public_schema_info.json#/schema_type/RTP" + }, + "APP": { + "$ref": "public_schema_info.json#/schema_type/APP" + }, + "SSH": { + "$ref": "public_schema_info.json#/schema_type/SSH" + }, + "Stratum": { + "$ref": "public_schema_info.json#/schema_type/Stratum" + }, + "RDP": { + "$ref": "public_schema_info.json#/schema_type/RDP" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_policy_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_tunnels", + "common_userdefine_app_name", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_domain", + "http_request_body", + "http_response_body", + "mail_eml_file", + "rtp_pcap_path" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + }, + "measurements": { + "aggregates": { + "sessions": [ + { + "fn": "count", + "column": "common_sessions", + "value": "sessions", + "label": "Sessions", + "unit": "sessions" + } + ], + "bytes": [ + { + "fn": "sum", + "column": "common_c2s_byte_num + common_s2c_byte_num", + "value": "bytes", + "label": "Bytes", + "unit": "bytes" + } + ], + "incoming_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_s2c_byte_num, common_c2s_byte_num)", + "value": "incoming_bytes", + "label": "Incoming Bytes", + "unit": "bytes" + } + ], + "outgoing_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_c2s_byte_num, common_s2c_byte_num)", + "value": "outgoing_bytes", + "label": "Outgoing Bytes", + "unit": "bytes" + } + ] + } + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept(Deprecated)" + }, + { + "code": "3", + "value": "No Intercept(Deprecated)" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "format": [ + { + "function": "set_value", + "param": "1" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "MAIL", + "value": "MAIL" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "DTLS", + "value": "DTLS" + }, + { + "code": "QUIC", + "value": "QUIC" + }, + { + "code": "FTP", + "value": "FTP" + }, + { + "code": "SIP", + "value": "SIP" + }, + { + "code": "RTP", + "value": "RTP" + }, + { + "code": "SSH", + "value": "SSH" + }, + { + "code": "Stratum", + "value": "Stratum" + }, + { + "code": "RDP", + "value": "RDP" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_url", + "label": "HTTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_host", + "label": "HTTP.Host", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_domain", + "label": "HTTP.Domain(Deprecated)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_line", + "label": "HTTP.Request Line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_line", + "label": "HTTP.Response Line", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_header", + "label": "HTTP.Request Header", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_header", + "label": "HTTP.Response Header", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content", + "label": "HTTP.Request Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content", + "label": "HTTP.Response Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_body", + "label": "HTTP.Request Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_body", + "label": "HTTP.Response Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_proxy_flag", + "label": "HTTP.Proxy Flag", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_sequence", + "label": "HTTP.Sequence", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_snapshot", + "label": "HTTP.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_cookie", + "label": "HTTP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_referer", + "label": "HTTP.Referer", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_user_agent", + "label": "HTTP.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "HTTP.Set Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_version", + "label": "HTTP.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_latency_ms", + "label": "HTTP.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_action_file_size", + "label": "HTTP.Action File Size", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_session_duration_ms", + "label": "HTTP.Session Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "mail_protocol_type", + "label": "Mail.Protocol Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_account", + "label": "Mail.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from_cmd", + "label": "Mail.From CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to_cmd", + "label": "Mail.To CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from", + "label": "Mail.From", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to", + "label": "Mail.To", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_cc", + "label": "Mail.CC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_bcc", + "label": "Mail.BCC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject", + "label": "Mail.Subject", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_subject_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject_charset", + "label": "Mail.Subject Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content", + "label": "Mail.Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content_charset", + "label": "Mail.Content Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name", + "label": "Mail.Attachment", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_attachment_name_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name_charset", + "label": "Mail.Attachment Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_content", + "label": "Mail.Attachment Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_eml_file", + "label": "Mail.EML File", + "doc": { + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_snapshot", + "label": "Mail.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_message_id", + "label": "DNS.Message ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qr", + "label": "DNS.QR", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "RESPONSE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_opcode", + "label": "DNS.OPCODE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_aa", + "label": "DNS.AA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_tc", + "label": "DNS.TC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rd", + "label": "DNS.RD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ra", + "label": "DNS.RA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rcode", + "label": "DNS.RCODE", + "doc": { + "data": [ + { + "code": 0, + "value": "NoError" + }, + { + "code": 1, + "value": "FormErr" + }, + { + "code": 2, + "value": "ServFail" + }, + { + "code": 3, + "value": "NXDomain" + }, + { + "code": 4, + "value": "NotImp" + }, + { + "code": 5, + "value": "Refused" + }, + { + "code": 6, + "value": "YXDomain" + }, + { + "code": 7, + "value": "YXRRSet" + }, + { + "code": 8, + "value": "NXRRSet" + }, + { + "code": 9, + "value": "NotAuth" + }, + { + "code": 10, + "value": "NotZone" + }, + { + "code": 16, + "value": "BADSIG" + }, + { + "code": 17, + "value": "BADKEY" + }, + { + "code": 18, + "value": "BADTIME" + }, + { + "code": 19, + "value": "BADMODE" + }, + { + "code": 20, + "value": "BADNAME" + }, + { + "code": 21, + "value": "BADALG" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qdcount", + "label": "DNS.QDCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ancount", + "label": "DNS.ANCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_nscount", + "label": "DNS.NSCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_arcount", + "label": "DNS.ARCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qname", + "label": "DNS.QNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_qtype", + "label": "DNS.QTYPE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "3", + "value": "MD" + }, + { + "code": "4", + "value": "MF" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "7", + "value": "MB" + }, + { + "code": "8", + "value": "MG" + }, + { + "code": "9", + "value": "MR" + }, + { + "code": "10", + "value": "NULL" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "14", + "value": "MINFO" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "16", + "value": "TXT" + }, + { + "code": "17", + "value": "RP" + }, + { + "code": "18", + "value": "AFSDB" + }, + { + "code": "19", + "value": "X25" + }, + { + "code": "20", + "value": "ISDN" + }, + { + "code": "21", + "value": "RT" + }, + { + "code": "22", + "value": "NSAP" + }, + { + "code": "23", + "value": "NSAP" + }, + { + "code": "24", + "value": "SIG" + }, + { + "code": "25", + "value": "KEY" + }, + { + "code": "26", + "value": "PX" + }, + { + "code": "27", + "value": "GPOS" + }, + { + "code": "28", + "value": "AAAA" + }, + { + "code": "29", + "value": "LOC" + }, + { + "code": "30", + "value": "EID" + }, + { + "code": "31", + "value": "NIMLOC" + }, + { + "code": "32", + "value": "NB" + }, + { + "code": "33", + "value": "SRV" + }, + { + "code": "34", + "value": "ATMA" + }, + { + "code": "35", + "value": "NAPTR" + }, + { + "code": "36", + "value": "KX" + }, + { + "code": "37", + "value": "CERT" + }, + { + "code": "38", + "value": "A6" + }, + { + "code": "39", + "value": "DNAME" + }, + { + "code": "40", + "value": "SINK" + }, + { + "code": "41", + "value": "OPT" + }, + { + "code": "42", + "value": "APL" + }, + { + "code": "43", + "value": "DS" + }, + { + "code": "44", + "value": "SSHFP" + }, + { + "code": "45", + "value": "IPSECKEY" + }, + { + "code": "46", + "value": "RRSIG" + }, + { + "code": "47", + "value": "NSEC" + }, + { + "code": "48", + "value": "DNSKEY" + }, + { + "code": "49", + "value": "DHCID" + }, + { + "code": "50", + "value": "NSEC3" + }, + { + "code": "51", + "value": "NSEC3PARAM" + }, + { + "code": "52", + "value": "TLSA" + }, + { + "code": "53", + "value": "SMIMEA" + }, + { + "code": "55", + "value": "HIP" + }, + { + "code": "59", + "value": "CDS" + }, + { + "code": "60", + "value": "CDNSKEY" + }, + { + "code": "61", + "value": "OPENPGPKEY" + }, + { + "code": "62", + "value": "CSYNC" + }, + { + "code": "63", + "value": "ZONEMD" + }, + { + "code": "64", + "value": "SVCB" + }, + { + "code": "65", + "value": "HTTPS" + }, + { + "code": "99", + "value": "SPF" + }, + { + "code": "100", + "value": "UINFO" + }, + { + "code": "101", + "value": "UID" + }, + { + "code": "102", + "value": "GID" + }, + { + "code": "103", + "value": "UNSPEC" + }, + { + "code": "108", + "value": "EUI48" + }, + { + "code": "109", + "value": "EUI64" + }, + { + "code": "249", + "value": "TKEY" + }, + { + "code": "250", + "value": "TSIG" + }, + { + "code": "251", + "value": "IXFR" + }, + { + "code": "252", + "value": "AXFR" + }, + { + "code": "253", + "value": "MAILB" + }, + { + "code": "254", + "value": "MAILA" + }, + { + "code": "255", + "value": "*" + }, + { + "code": "256", + "value": "URI" + }, + { + "code": "257", + "value": "CAA" + }, + { + "code": "32768", + "value": "TA" + }, + { + "code": "32769", + "value": "DLV" + }, + { + "code": "65521", + "value": "INTEGRITY" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qclass", + "label": "DNS.QCLASS", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_cname", + "label": "DNS.CNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_sub", + "label": "DNS.SUB", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rr", + "label": "DNS.RR", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_response_latency_ms", + "label": "DNS.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_pinningst", + "label": "SSL.Pinning(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Not Pinning" + }, + { + "code": "1", + "value": "Pinning" + }, + { + "code": "2", + "value": "Maybe Pinning" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_intercept_state", + "label": "SSL.Intercept State(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Passthrough" + }, + { + "code": "1", + "value": "Intercept" + }, + { + "code": "2", + "value": "Shutdown" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_passthrough_reason", + "label": "SSL.Passthrough Reason(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_server_side_latency", + "label": "SSL.Server Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_client_side_latency", + "label": "SSL.Client Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_server_side_version", + "label": "SSL.Server Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_client_side_version", + "label": "SSL.Client Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_verify", + "label": "SSL.Certificate Verify(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "No" + }, + { + "code": "1", + "value": "Yes" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_error", + "label": "SSL.Error(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_fingerprint", + "label": "SSL.JA3S", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_hash", + "label": "SSL.JA3S hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cookie", + "label": "DTLS.Cookie", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_version", + "label": "DTLS.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_sni", + "label": "DTLS.SNI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_san", + "label": "DTLS.SAN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cn", + "label": "DTLS.CN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_con_latency_ms", + "label": "DTLS.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dtls_ja3_fingerprint", + "label": "DTLS.JA3", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_ja3_hash", + "label": "DTLS.JA3 hash", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_issuer", + "label": "DTLS.Issuer", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_subject", + "label": "DTLS.Subject", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_version", + "label": "Quic.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_sni", + "label": "Quic.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_user_agent", + "label": "Quic.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_account", + "label": "FTP.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_url", + "label": "FTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_content", + "label": "FTP.Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_link_type", + "label": "FTP.Link Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_type", + "label": "BGP.Type", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "bgp_as_num", + "label": "BGP.AS Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_route", + "label": "BGP.Route", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "app_extra_info", + "label": "APP.Extra Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_description", + "label": "SIP.Originator", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_description", + "label": "SIP.Responder", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_connect_ip", + "label": "SIP.Originator IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_media_port", + "label": "SIP.Originator Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_originator_sdp_media_type", + "label": "SIP.Originator Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_content", + "label": "SIP.Originator Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_connect_ip", + "label": "SIP.Responder IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_media_port", + "label": "SIP.Responder Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_responder_sdp_media_type", + "label": "SIP.Responder Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_content", + "label": "SIP.Responder Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_duration_s", + "label": "SIP.Duration (s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload Type (c2s)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload Type (s2c)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_pcap_path", + "label": "RTP.PCAP", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_originator_dir", + "label": "RTP.Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "unknown" + }, + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssh_version", + "label": "SSH.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_auth_success", + "label": "SSH.Authentication Result", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_client_version", + "label": "SSH.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_server_version", + "label": "SSH.Server Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_cipher_alg", + "label": "SSH.Encryption Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_mac_alg", + "label": "SSH.Signing Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_compression_alg", + "label": "SSH.Compression Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_kex_alg", + "label": "SSH. Key Exchange Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key_alg", + "label": "SSH.Server Host Key Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key", + "label": "SSH.Server Key Fingerprint", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_hassh", + "label": "SSH.HASSH", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_cryptocurrency", + "label": "Stratum.Cryptocurrency", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_pools", + "label": "Stratum.Mining Pools", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_program", + "label": "Stratum.Mining Program", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_cookie", + "label": "RDP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_security_protocol", + "label": "RDP.Security Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_channels", + "label": "RDP.Client Channels", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_keyboard_layout", + "label": "RDP.Keyboard Layout", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_version", + "label": "RDP.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_name", + "label": "RDP.Client Name", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_product_id", + "label": "RDP.Client Product ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_width", + "label": "RDP. Desktop Width", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_height", + "label": "RDP.Desktop Height", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_requested_color_depth", + "label": "RDP.Requested Color Depth", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_type", + "label": "RDP.Certificate Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_count", + "label": "RDP.Certificate Count", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_certificate_permanent", + "label": "RDP.Certificate Permanent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_encryption_level", + "label": "RDP.Encryption Level", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_encryption_method", + "label": "RDP.Encryption Method", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event_hits_log.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event_hits_log.json new file mode 100644 index 0000000..3af34c0 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_event_hits_log.json @@ -0,0 +1,137 @@ +{ + "type": "record", + "name": "security_event_hits_log", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "isp", + "label": "ISP", + "type": "string", + "doc": { + "visibility": "disabled" + } + }, + { + "name": "policy_id", + "label": "Policy ID", + "type": "long", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + } + }, + { + "name": "pinningst", + "label": "Pinning", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "action", + "label": "Action", + "type": "long", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": [ + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "128", + "value": "Allow" + } + ], + "visibility": "enabled" + } + }, + { + "name": "hits", + "label": "Hits", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_byte_num", + "label": "Bytes Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "s2c_pkt_num", + "label": "Packets Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_rule_hits.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_rule_hits.json new file mode 100644 index 0000000..b9fa98c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/security_rule_hits.json @@ -0,0 +1,173 @@ +{ + "type": "record", + "name": "security_rule_hits", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 1, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "rule_id", + "label": "Rule", + "type": "long", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + } + }, + { + "name": "pinning_status", + "label": "Pinning Status", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "action", + "label": "Action", + "type": "long", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": [ + { + "code": "1", + "value": "Monitor" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Shunt" + } + ], + "visibility": "enabled" + } + }, + { + "name": "hit_count", + "label": "Hit Count", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_chaining_rule_hits.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_chaining_rule_hits.json new file mode 100644 index 0000000..5bf4c6c --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_chaining_rule_hits.json @@ -0,0 +1,144 @@ +{ + "type": "record", + "name": "service_chaining_rule_hits", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 1, + "ingestion_delay": 5 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "rule_id", + "label": "Rule", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "sff_profile_id", + "label": "Service Function Forwarder Profile ID", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "sf_profile_id", + "label": "Service Function Profile ID", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "recv_bytes", + "label": "Bytes Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "sent_bytes", + "label": "Bytes Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "recv_pkts", + "label": "Packets Received", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "sent_pkts", + "label": "Packets Sent", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_function_status.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_function_status.json new file mode 100644 index 0000000..84812ca --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/service_function_status.json @@ -0,0 +1,105 @@ +{ + "type": "record", + "name": "service_function_status", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "sf_latency_us", + "label": "Service Function Latency (us)", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "sf_profile_id", + "label": "Service Function Profile ID", + "doc": { + "visibility": "enabled" + }, + "type": "int" + }, + { + "name": "sf_status", + "label": "Service Function Status", + "doc": { + "visibility": "enabled" + }, + "type": "int" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record.json new file mode 100644 index 0000000..d3d7244 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record.json @@ -0,0 +1,4155 @@ +{ + "type": "record", + "name": "session_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "index_key": { + "$ref": "public_schema_info.json#/session_record/index_key" + }, + "ttl": null, + "default_ttl": 2592000, + "index_table": "session_record_common_client_ip,session_record_common_server_ip,session_record_common_server_domain", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_shaping_rule_ids", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_host", + "http_domain", + "http_url", + "http_sequence", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "http_request_line", + "http_response_line", + "http_version", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "ssl_con_latency_ms", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_action", + "common_sub_action", + "common_policy_id", + "common_shaping_rule_ids", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_request_line", + "http_response_line", + "http_request_body", + "http_response_body", + "http_sequence", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_set_cookie", + "http_response_latency_ms", + "http_session_duration_ms", + "mail_protocol_type", + "mail_account", + "mail_from_cmd", + "mail_to_cmd", + "mail_from", + "mail_to", + "mail_cc", + "mail_bcc", + "mail_subject", + "mail_attachment_name", + "mail_eml_file", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_sub", + "dns_cname", + "dns_rr", + "ssl_version", + "ssl_sni", + "ssl_san", + "ssl_cn", + "ssl_pinningst", + "ssl_intercept_state", + "ssl_passthrough_reason", + "ssl_server_side_version", + "ssl_client_side_version", + "ssl_con_latency_ms", + "ssl_ja3_hash", + "ssl_ja3s_hash", + "ssl_cert_issuer", + "ssl_cert_subject", + "dtls_sni", + "quic_sni", + "quic_version", + "quic_user_agent", + "ftp_account", + "ftp_url", + "ftp_link_type", + "ssh_version", + "ssh_auth_success", + "ssh_client_version", + "ssh_server_version", + "ssh_cipher_alg", + "ssh_mac_alg", + "ssh_compression_alg", + "ssh_kex_alg", + "ssh_host_key_alg", + "ssh_host_key", + "ssh_hassh", + "stratum_cryptocurrency", + "stratum_mining_pools", + "stratum_mining_program", + "rdp_cookie", + "rdp_security_protocol", + "rdp_client_channels", + "rdp_keyboard_layout", + "rdp_client_version", + "rdp_client_name", + "rdp_client_product_id", + "rdp_certificate_type", + "rdp_encryption_level", + "rdp_encryption_method" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "BASE": { + "$ref": "public_schema_info.json#/schema_type/BASE" + }, + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": { + "$ref": "public_schema_info.json#/schema_type/MAIL" + }, + "DNS": { + "$ref": "public_schema_info.json#/schema_type/DNS" + }, + "SSL": { + "$ref": "public_schema_info.json#/schema_type/SSL" + }, + "DTLS": { + "$ref": "public_schema_info.json#/schema_type/DTLS" + }, + "QUIC": { + "$ref": "public_schema_info.json#/schema_type/QUIC" + }, + "FTP": { + "$ref": "public_schema_info.json#/schema_type/FTP" + }, + "BGP": { + "$ref": "public_schema_info.json#/schema_type/BGP" + }, + "APP": { + "$ref": "public_schema_info.json#/schema_type/APP" + }, + "SSH": { + "$ref": "public_schema_info.json#/schema_type/SSH" + }, + "Stratum": { + "$ref": "public_schema_info.json#/schema_type/Stratum" + }, + "RDP": { + "$ref": "public_schema_info.json#/schema_type/RDP" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_tunnels", + "common_userdefine_app_name", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "rtp_pcap_path", + "http_domain", + "http_request_body", + "http_response_body", + "mail_eml_file" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + }, + "measurements": { + "aggregates": { + "sessions": [ + { + "fn": "count", + "column": "common_sessions", + "value": "sessions", + "label": "Sessions", + "unit": "sessions" + } + ], + "bytes": [ + { + "fn": "sum", + "column": "common_c2s_byte_num + common_s2c_byte_num", + "value": "bytes", + "label": "Bytes", + "unit": "bytes" + } + ], + "incoming_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_s2c_byte_num, common_c2s_byte_num)", + "value": "incoming_bytes", + "label": "Incoming Bytes", + "unit": "bytes" + } + ], + "outgoing_bytes": [ + { + "fn": "sum", + "column": "if(bitAnd(common_flags, 8) = 8, common_c2s_byte_num, common_s2c_byte_num)", + "value": "outgoing_bytes", + "label": "Outgoing Bytes", + "unit": "bytes" + } + ] + } + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "MAIL", + "value": "MAIL" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "DTLS", + "value": "DTLS" + }, + { + "code": "QUIC", + "value": "QUIC" + }, + { + "code": "FTP", + "value": "FTP" + }, + { + "code": "SSH", + "value": "SSH" + }, + { + "code": "Stratum", + "value": "Stratum" + }, + { + "code": "RDP", + "value": "RDP" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_url", + "label": "HTTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_host", + "label": "HTTP.Host", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_domain", + "label": "HTTP.Domain(Deprecated)", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_line", + "label": "HTTP.Request Line", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_line", + "label": "HTTP.Response Line", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_header", + "label": "HTTP.Request Headers", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_header", + "label": "HTTP.Response Headers", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content", + "label": "HTTP.Request Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content", + "label": "HTTP.Response Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_body", + "label": "HTTP.Request Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_body", + "label": "HTTP.Response Body", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_proxy_flag", + "label": "HTTP.Proxy Flag", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_sequence", + "label": "HTTP.Sequence", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "http_snapshot", + "label": "HTTP.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_cookie", + "label": "HTTP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_referer", + "label": "HTTP.Referer", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_user_agent", + "label": "HTTP.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_set_cookie", + "label": "HTTP.Set Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_version", + "label": "HTTP.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_latency_ms", + "label": "HTTP.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_session_duration_ms", + "label": "HTTP.Session Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "http_action_file_size", + "label": "HTTP.Action File Size", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "mail_protocol_type", + "label": "Mail.Protocol Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_account", + "label": "Mail.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from_cmd", + "label": "Mail.From CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to_cmd", + "label": "Mail.To CMD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_from", + "label": "Mail.From", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_to", + "label": "Mail.To", + "doc": { + "constraints": { + "type": "email" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_cc", + "label": "Mail.CC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_bcc", + "label": "Mail.BCC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject", + "label": "Mail.Subject", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_subject_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_subject_charset", + "label": "Mail.Subject Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content", + "label": "Mail.Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_content_charset", + "label": "Mail.Content Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name", + "label": "Mail.Attachment", + "doc": { + "format": [ + { + "function": "decode_of_base64", + "param": "$.mail_attachment_name_charset" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_name_charset", + "label": "Mail.Attachment Charset", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_attachment_content", + "label": "Mail.Attachment Content", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_eml_file", + "label": "Mail.EML File", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "mail_snapshot", + "label": "Mail.Snapshot", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_message_id", + "label": "DNS.Message ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qr", + "label": "DNS.QR", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "RESPONSE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_opcode", + "label": "DNS.OPCODE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_aa", + "label": "DNS.AA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_tc", + "label": "DNS.TC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rd", + "label": "DNS.RD", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ra", + "label": "DNS.RA", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rcode", + "label": "DNS.RCODE", + "doc": { + "data": [ + { + "code": 0, + "value": "NoError" + }, + { + "code": 1, + "value": "FormErr" + }, + { + "code": 2, + "value": "ServFail" + }, + { + "code": 3, + "value": "NXDomain" + }, + { + "code": 4, + "value": "NotImp" + }, + { + "code": 5, + "value": "Refused" + }, + { + "code": 6, + "value": "YXDomain" + }, + { + "code": 7, + "value": "YXRRSet" + }, + { + "code": 8, + "value": "NXRRSet" + }, + { + "code": 9, + "value": "NotAuth" + }, + { + "code": 10, + "value": "NotZone" + }, + { + "code": 16, + "value": "BADSIG" + }, + { + "code": 17, + "value": "BADKEY" + }, + { + "code": 18, + "value": "BADTIME" + }, + { + "code": 19, + "value": "BADMODE" + }, + { + "code": 20, + "value": "BADNAME" + }, + { + "code": 21, + "value": "BADALG" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qdcount", + "label": "DNS.QDCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_ancount", + "label": "DNS.ANCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_nscount", + "label": "DNS.NSCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_arcount", + "label": "DNS.ARCOUNT", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qname", + "label": "DNS.QNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_qtype", + "label": "DNS.QTYPE", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "3", + "value": "MD" + }, + { + "code": "4", + "value": "MF" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "7", + "value": "MB" + }, + { + "code": "8", + "value": "MG" + }, + { + "code": "9", + "value": "MR" + }, + { + "code": "10", + "value": "NULL" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "14", + "value": "MINFO" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "16", + "value": "TXT" + }, + { + "code": "17", + "value": "RP" + }, + { + "code": "18", + "value": "AFSDB" + }, + { + "code": "19", + "value": "X25" + }, + { + "code": "20", + "value": "ISDN" + }, + { + "code": "21", + "value": "RT" + }, + { + "code": "22", + "value": "NSAP" + }, + { + "code": "23", + "value": "NSAP" + }, + { + "code": "24", + "value": "SIG" + }, + { + "code": "25", + "value": "KEY" + }, + { + "code": "26", + "value": "PX" + }, + { + "code": "27", + "value": "GPOS" + }, + { + "code": "28", + "value": "AAAA" + }, + { + "code": "29", + "value": "LOC" + }, + { + "code": "30", + "value": "EID" + }, + { + "code": "31", + "value": "NIMLOC" + }, + { + "code": "32", + "value": "NB" + }, + { + "code": "33", + "value": "SRV" + }, + { + "code": "34", + "value": "ATMA" + }, + { + "code": "35", + "value": "NAPTR" + }, + { + "code": "36", + "value": "KX" + }, + { + "code": "37", + "value": "CERT" + }, + { + "code": "38", + "value": "A6" + }, + { + "code": "39", + "value": "DNAME" + }, + { + "code": "40", + "value": "SINK" + }, + { + "code": "41", + "value": "OPT" + }, + { + "code": "42", + "value": "APL" + }, + { + "code": "43", + "value": "DS" + }, + { + "code": "44", + "value": "SSHFP" + }, + { + "code": "45", + "value": "IPSECKEY" + }, + { + "code": "46", + "value": "RRSIG" + }, + { + "code": "47", + "value": "NSEC" + }, + { + "code": "48", + "value": "DNSKEY" + }, + { + "code": "49", + "value": "DHCID" + }, + { + "code": "50", + "value": "NSEC3" + }, + { + "code": "51", + "value": "NSEC3PARAM" + }, + { + "code": "52", + "value": "TLSA" + }, + { + "code": "53", + "value": "SMIMEA" + }, + { + "code": "55", + "value": "HIP" + }, + { + "code": "59", + "value": "CDS" + }, + { + "code": "60", + "value": "CDNSKEY" + }, + { + "code": "61", + "value": "OPENPGPKEY" + }, + { + "code": "62", + "value": "CSYNC" + }, + { + "code": "63", + "value": "ZONEMD" + }, + { + "code": "64", + "value": "SVCB" + }, + { + "code": "65", + "value": "HTTPS" + }, + { + "code": "99", + "value": "SPF" + }, + { + "code": "100", + "value": "UINFO" + }, + { + "code": "101", + "value": "UID" + }, + { + "code": "102", + "value": "GID" + }, + { + "code": "103", + "value": "UNSPEC" + }, + { + "code": "108", + "value": "EUI48" + }, + { + "code": "109", + "value": "EUI64" + }, + { + "code": "249", + "value": "TKEY" + }, + { + "code": "250", + "value": "TSIG" + }, + { + "code": "251", + "value": "IXFR" + }, + { + "code": "252", + "value": "AXFR" + }, + { + "code": "253", + "value": "MAILB" + }, + { + "code": "254", + "value": "MAILA" + }, + { + "code": "255", + "value": "*" + }, + { + "code": "256", + "value": "URI" + }, + { + "code": "257", + "value": "CAA" + }, + { + "code": "32768", + "value": "TA" + }, + { + "code": "32769", + "value": "DLV" + }, + { + "code": "65521", + "value": "INTEGRITY" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_qclass", + "label": "DNS.QCLASS", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_cname", + "label": "DNS.CNAME", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_sub", + "label": "DNS.SUB", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dns_rr", + "label": "DNS.RR", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dns_response_latency_ms", + "label": "DNS.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_version", + "label": "SSL.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_sni", + "label": "SSL.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_san", + "label": "SSL.SAN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cn", + "label": "SSL.CN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_pinningst", + "label": "SSL.Pinning(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Not Pinning" + }, + { + "code": "1", + "value": "Pinning" + }, + { + "code": "2", + "value": "Maybe Pinning" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_intercept_state", + "label": "SSL.Intercept State(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "Passthrough" + }, + { + "code": "1", + "value": "Intercept" + }, + { + "code": "2", + "value": "Shutdown" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_passthrough_reason", + "label": "SSL.Passthrough Reason(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_server_side_latency", + "label": "SSL.Server Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_client_side_latency", + "label": "SSL.Client Side Latency (ms)(Deprecated)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_server_side_version", + "label": "SSL.Server Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_client_side_version", + "label": "SSL.Client Side Version(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_verify", + "label": "SSL.Certificate Verify(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "No" + }, + { + "code": "1", + "value": "Yes" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_error", + "label": "SSL.Error(Deprecated)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_con_latency_ms", + "label": "SSL.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssl_ja3_fingerprint", + "label": "SSL.JA3", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3_hash", + "label": "SSL.JA3 hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_fingerprint", + "label": "SSL.JA3S", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_ja3s_hash", + "label": "SSL.JA3S hash", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_issuer", + "label": "SSL.Issuer", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssl_cert_subject", + "label": "SSL.Subject", + "doc": { + "constraints": { + "type": "items" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cookie", + "label": "DTLS.Cookie", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_version", + "label": "DTLS.Version", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_sni", + "label": "DTLS.SNI", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_san", + "label": "DTLS.SAN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cn", + "label": "DTLS.CN", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_con_latency_ms", + "label": "DTLS.Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "dtls_ja3_fingerprint", + "label": "DTLS.JA3", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_ja3_hash", + "label": "DTLS.JA3 hash", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_issuer", + "label": "DTLS.Issuer", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "dtls_cert_subject", + "label": "DTLS.Subject", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_version", + "label": "QUIC.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_sni", + "label": "QUIC.SNI", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "quic_user_agent", + "label": "QUIC.User Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_account", + "label": "FTP.Account", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_url", + "label": "FTP.URL", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_content", + "label": "FTP.Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ftp_link_type", + "label": "FTP.Link Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_type", + "label": "BGP.Type", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "bgp_as_num", + "label": "BGP.AS Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "bgp_route", + "label": "BGP.Route", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "app_extra_info", + "label": "APP.Extra Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_description", + "label": "SIP.Originator", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_description", + "label": "SIP.Responder", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_connect_ip", + "label": "SIP.Originator IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_media_port", + "label": "SIP.Originator Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_originator_sdp_media_type", + "label": "SIP.Originator Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_content", + "label": "SIP.Originator Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_connect_ip", + "label": "SIP.Responder IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_media_port", + "label": "SIP.Responder Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_responder_sdp_media_type", + "label": "SIP.Responder Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_content", + "label": "SIP.Responder Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_duration_s", + "label": "SIP.Duration (s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload Type (c2s)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload Type (s2c)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_pcap_path", + "label": "RTP.PCAP", + "doc": { + "allow_query": "false", + "constraints": { + "type": "files" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_originator_dir", + "label": "RTP.Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "unknown" + }, + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "ssh_version", + "label": "SSH.Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_auth_success", + "label": "SSH.Authentication Result", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_client_version", + "label": "SSH.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_server_version", + "label": "SSH.Server Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_cipher_alg", + "label": "SSH.Encryption Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_mac_alg", + "label": "SSH.Signing Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_compression_alg", + "label": "SSH.Compression Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_kex_alg", + "label": "SSH. Key Exchange Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key_alg", + "label": "SSH.Server Host Key Algorithm", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_host_key", + "label": "SSH.Server Key Fingerprint", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "ssh_hassh", + "label": "SSH.HASSH", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_cryptocurrency", + "label": "Stratum.Cryptocurrency", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_pools", + "label": "Stratum.Mining Pools", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "stratum_mining_program", + "label": "Stratum.Mining Program", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_cookie", + "label": "RDP.Cookie", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_security_protocol", + "label": "RDP.Security Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_channels", + "label": "RDP.Client Channels", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_keyboard_layout", + "label": "RDP.Keyboard Layout", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_version", + "label": "RDP.Client Version", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_name", + "label": "RDP.Client Name", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_client_product_id", + "label": "RDP.Client Product ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_width", + "label": "RDP. Desktop Width", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_desktop_height", + "label": "RDP.Desktop Height", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_requested_color_depth", + "label": "RDP.Requested Color Depth", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_type", + "label": "RDP.Certificate Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_certificate_count", + "label": "RDP.Certificate Count", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_certificate_permanent", + "label": "RDP.Certificate Permanent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rdp_encryption_level", + "label": "RDP.Encryption Level", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rdp_encryption_method", + "label": "RDP.Encryption Method", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_client_ip.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_client_ip.json new file mode 100644 index 0000000..06e4f25 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_client_ip.json @@ -0,0 +1,171 @@ +{ + "type": "record", + "name": "session_record_common_client_ip", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/session_record_common_client_ip/index_key" + } + }, + "fields": [ + { + "name": "common_log_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_recv_time", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_vsys_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "default": 1 + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_data_center", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Data Center" + }, + { + "name": "common_device_group", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Device Group" + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "ssl_sni", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_domain.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_domain.json new file mode 100644 index 0000000..ae7869b --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_domain.json @@ -0,0 +1,171 @@ +{ + "type": "record", + "name": "session_record_common_server_domain", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/session_record_common_server_domain/index_key" + } + }, + "fields": [ + { + "name": "common_log_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_recv_time", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_vsys_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "default": 1 + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_data_center", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Data Center" + }, + { + "name": "common_device_group", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Device Group" + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "ssl_sni", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_ip.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_ip.json new file mode 100644 index 0000000..fc0c08b --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_common_server_ip.json @@ -0,0 +1,171 @@ +{ + "type": "record", + "name": "session_record_common_server_ip", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/session_record_common_server_ip/index_key" + } + }, + "fields": [ + { + "name": "common_log_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_recv_time", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_vsys_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "default": 1 + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_data_center", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Data Center" + }, + { + "name": "common_device_group", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Device Group" + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "ssl_sni", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_http_domain.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_http_domain.json new file mode 100644 index 0000000..9c00e4d --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/session_record_http_domain.json @@ -0,0 +1,154 @@ +{ + "type": "record", + "name": "session_record_http_domain", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": [ + "http_domain", + "common_recv_time" + ] + }, + "fields": [ + { + "name": "common_log_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_recv_time", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_vsys_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "default": 1 + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_server_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "http_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + }, + { + "name": "ssl_sni", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_packet_capture_event.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_packet_capture_event.json new file mode 100644 index 0000000..383de62 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_packet_capture_event.json @@ -0,0 +1,1195 @@ +{ + "type": "record", + "name": "sys_packet_capture_event", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "index_key": { + "$ref": "public_schema_info.json#/sys_packet_capture_event/index_key" + } + }, + "fields": [ + { + "name": "common_recv_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled" + }, + "label": "Receive Time" + }, + { + "name": "common_log_id", + "type": "long", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled" + }, + "label": "Log ID" + }, + { + "name": "common_policy_id", + "type": "long", + "doc": { + "visibility": "hidden" + }, + "label": "Policy ID" + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Subscriber ID" + }, + { + "name": "common_imei", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "IMEI" + }, + { + "name": "common_imsi", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "IMSI" + }, + { + "name": "common_phone_number", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "Phone Number" + }, + { + "name": "common_in_src_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Incoming Source MAC" + }, + { + "name": "common_out_src_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Outgoing Source MAC" + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled" + }, + "label": "Client IP" + }, + { + "name": "common_internal_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled" + }, + "label": "Internal IP" + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled" + }, + "label": "Client Port" + }, + { + "name": "common_l4_protocol", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "L4 Protocol" + }, + { + "name": "common_address_type", + "type": "int", + "doc": { + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled" + }, + "label": "Address Type" + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled" + }, + "label": "Server IP" + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled" + }, + "label": "Server Port" + }, + { + "name": "common_external_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled" + }, + "label": "External IP" + }, + { + "name": "common_action", + "type": "int", + "doc": { + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "visibility": "enabled" + }, + "label": "Action" + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden" + }, + "label": "Direction" + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "disabled" + }, + "label": "Entrance ID" + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled" + }, + "label": "Sled IP" + }, + { + "name": "common_client_location", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Client Location" + }, + { + "name": "common_client_asn", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Client ASN" + }, + { + "name": "common_server_location", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Server Location" + }, + { + "name": "common_server_asn", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Server ASN" + }, + { + "name": "common_server_fqdn", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Server FQDN" + }, + { + "name": "common_server_domain", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Server Domain" + }, + { + "name": "common_in_dest_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Incoming Destination MAC" + }, + { + "name": "common_out_dest_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Outgoing Destination MAC" + }, + { + "name": "common_sessions", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled" + }, + "label": "Sessions" + }, + { + "name": "common_c2s_pkt_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled" + }, + "label": "Packets Sent" + }, + { + "name": "common_s2c_pkt_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled" + }, + "label": "Packets Received" + }, + { + "name": "common_c2s_byte_num", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled" + }, + "label": "Bytes Sent" + }, + { + "name": "common_s2c_byte_num", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled" + }, + "label": "Bytes Received" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden" + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden" + }, + "type": "long" + }, + { + "name": "common_service", + "type": "int", + "doc": { + "visibility": "disabled" + }, + "label": "Service" + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "MAIL", + "value": "MAIL" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "SSL", + "value": "SSL" + }, + { + "code": "FTP", + "value": "FTP" + } + ], + "visibility": "hidden" + }, + "label": "Schema Type" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "User Tags" + }, + { + "name": "common_sub_action", + "type": "string", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden" + }, + "label": "Sub Action" + }, + { + "name": "common_user_region", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "User Region" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Device ID" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden" + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden" + }, + "type": "int" + }, + { + "name": "common_isp", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "ISP" + }, + { + "name": "common_device_tag", + "type": "string", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ] + }, + "label": "Device Tag" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden" + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "type": "int", + "doc": { + "data": [ + { + "code": "0", + "value": "Ethernet" + }, + { + "code": "8", + "value": "PPP" + }, + { + "code": "12", + "value": "CiscoHDLC" + } + ], + "visibility": "enabled" + }, + "label": "Encapsulation" + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "Application Label" + }, + { + "name": "common_tunnels", + "type": "string", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "label": "Tunnels" + }, + { + "name": "common_protocol_label", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "Protocol Label" + }, + { + "name": "common_app_id", + "type": "string", + "label": "Application ID", + "doc": { + "visibility": "hidden" + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden" + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden" + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden" + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "type": "string", + "label": "Surrogate ID", + "doc": { + "visibility": "hidden" + } + }, + { + "name": "common_l7_protocol", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "L7 Protocol" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "visibility": "enabled" + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + }, + "label": "Start Time" + }, + { + "name": "common_end_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + }, + "label": "End Time" + }, + { + "name": "common_establish_latency_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "TCP Handshake Latency (ms)" + }, + { + "name": "common_con_duration_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "Duration (ms)" + }, + { + "name": "common_stream_dir", + "type": "int", + "doc": { + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled" + }, + "label": "Stream Direction(Deprecated)" + }, + { + "name": "common_address_list", + "type": "string", + "doc": { + "visibility": "disabled" + }, + "label": "Address List" + }, + { + "name": "common_has_dup_traffic", + "type": "int", + "doc": { + "data": [ + { + "code": "0", + "value": "No" + }, + { + "code": "1", + "value": "Yes" + } + ], + "visibility": "hidden" + }, + "label": "Duplication Traffic" + }, + { + "name": "common_stream_error", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "Stream Error" + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled" + }, + "label": "Session ID" + }, + { + "name": "common_link_info_c2s", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "Link Info (c2s)" + }, + { + "name": "common_link_info_s2c", + "type": "string", + "doc": { + "visibility": "hidden" + }, + "label": "Link Info (s2c)" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + } + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "Fragmentation Packets (c2s)" + }, + { + "name": "common_s2c_ipfrag_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "Fragmentation Packets (s2c)" + }, + { + "name": "common_c2s_tcp_lostlen", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden" + }, + "label": "Sequence Gap Loss (c2s)" + }, + { + "name": "common_s2c_tcp_lostlen", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden" + }, + "label": "Sequence Gap Loss (s2c)" + }, + { + "name": "common_c2s_tcp_unorder_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "Unordered Packets (c2s)" + }, + { + "name": "common_s2c_tcp_unorder_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "Unordered Packets (s2c)" + }, + { + "name": "common_c2s_pkt_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled" + }, + "label": "Packet Retransmission (c2s)" + }, + { + "name": "common_s2c_pkt_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled" + }, + "label": "Packet Retransmission (s2c)" + }, + { + "name": "common_c2s_byte_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled" + }, + "label": "Byte Retransmission (c2s)" + }, + { + "name": "common_s2c_byte_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled" + }, + "label": "Byte Retransmission (s2c)" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "disabled" + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + }, + "label": "First TTL" + }, + { + "name": "common_processing_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled" + }, + "label": "Processing Time" + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + } + ], + "visibility": "enabled" + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden" + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden" + } + }, + { + "name": "nic_name", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Nic Name" + }, + { + "name": "origin_source_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Origin Source Mac" + }, + { + "name": "origin_dest_mac", + "type": "string", + "doc": { + "visibility": "enabled" + }, + "label": "Origin Dest Mac" + }, + { + "name": "packet_url", + "type": "string", + "doc": { + "constraints": { + "type": "file" + }, + "visibility": "enabled" + }, + "label": "Packet URL" + }, + { + "name": "pcap_storage_task_id", + "type": "int", + "doc": { + "visibility": "enabled" + }, + "label": "Task ID" + }, + { + "name": "pcap_storage_duration", + "type": "int", + "doc": { + "visibility": "enabled" + }, + "label": "Duration" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_storage_log.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_storage_log.json new file mode 100644 index 0000000..9dbb681 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/sys_storage_log.json @@ -0,0 +1,91 @@ +{ + "type": "record", + "name": "sys_storage_log", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "log_type", + "label": "Log Type", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "max_size", + "label": "Max Size", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "used_size", + "label": "Used Size", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "aggregate_size", + "label": "Aggregate Size", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "last_storage", + "label": "Last Storage", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables.json new file mode 100644 index 0000000..c09ec89 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "tables", + "fields": [ + { + "name": "name", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables_cluster.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables_cluster.json new file mode 100644 index 0000000..4765d85 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/tables_cluster.json @@ -0,0 +1,11 @@ +{ + "namespace": "system", + "type": "record", + "name": "tables_cluster", + "fields": [ + { + "name": "database", + "type": "string" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_client_ips.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_client_ips.json new file mode 100644 index 0000000..3bb63dd --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_client_ips.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_client_ips", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "client_ip", + "label": "Client IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_external_ips.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_external_ips.json new file mode 100644 index 0000000..b61abb9 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_external_ips.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_external_ips", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "external_ip", + "label": "External IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_internal_ips.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_internal_ips.json new file mode 100644 index 0000000..dccb071 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_internal_ips.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_internal_ips", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "internal_ip", + "label": "Internal IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_domains.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_domains.json new file mode 100644 index 0000000..e0fabd0 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_domains.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_server_domains", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "domain", + "label": "Domain", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_fqdns.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_fqdns.json new file mode 100644 index 0000000..0a3a2f8 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_fqdns.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_server_fqdns", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "fqdn", + "label": "FQDN", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_ips.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_ips.json new file mode 100644 index 0000000..9632add --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_server_ips.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_server_ips", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "server_ip", + "label": "Server IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_subscribers.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_subscribers.json new file mode 100644 index 0000000..d03726e --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/top_subscribers.json @@ -0,0 +1,145 @@ +{ + "type": "record", + "name": "top_subscribers", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 300, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "metric", + "label": "Metric", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_general_stat.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_general_stat.json new file mode 100644 index 0000000..29db852 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_general_stat.json @@ -0,0 +1,181 @@ +{ + "type": "record", + "name": "traffic_general_stat", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 5, + "ingestion_delay": 15 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "sessions", + "label": "Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "active_sessions", + "label": "Active Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "closed_sessions", + "label": "Closed Sessions", + "doc": { + "visibility": "enabled" + }, + "type": "long" + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "asymmetric_c2s_flows", + "label": "Asymmetric Flows (c2s)", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "asymmetric_s2c_flows", + "label": "Asymmetric Flows (s2c)", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "tcp_syn_pkts", + "label": "TCP SYN Packets", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "tcp_syn_ack_pkts", + "label": "TCP SYN/ACK Packets", + "type": "long", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "tcp_ack_pkts", + "label": "TCP ACK Packets", + "type": "long", + "doc": { + "visibility": "enabled" + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_shaping_rule_hits.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_shaping_rule_hits.json new file mode 100644 index 0000000..27009c4 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_shaping_rule_hits.json @@ -0,0 +1,196 @@ +{ + "type": "record", + "name": "traffic_shaping_rule_hits", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "data_center", + "device_group" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + }, + "measurements": { + "granularity": 1, + "ingestion_delay": 5 + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "device_group", + "label": "Device Group", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "data_center", + "label": "Data Center", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled" + } + }, + { + "name": "rule_id", + "label": "Rule", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,in" + }, + "visibility": "enabled" + } + }, + { + "name": "profile_id", + "label": "Profile ID", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "priority", + "label": "Priority", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_bytes", + "label": "Incoming Bytes", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_pkts", + "label": "Incoming Packets", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_bytes", + "label": "Outgoing Bytes", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_pkts", + "label": "Outgoing Packets", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_drop_pkts", + "label": "Incoming Drop Packets", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_drop_pkts", + "label": "Outgoing Drop Packets", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_max_latency_us", + "label": "Incoming Max Latency (us)", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_max_latency_us", + "label": "Outgoing Max Latency (us)", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "in_queue_len", + "label": "Incoming Queue Length", + "type": "int", + "doc": { + "visibility": "enabled" + } + }, + { + "name": "out_queue_len", + "label": "Outgoing Queue Length", + "type": "int", + "doc": { + "visibility": "enabled" + } + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_top_destination_ip_metrics_log.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_top_destination_ip_metrics_log.json new file mode 100644 index 0000000..663edd5 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/traffic_top_destination_ip_metrics_log.json @@ -0,0 +1,101 @@ +{ + "type": "record", + "name": "traffic_top_destination_ip_metrics_log", + "namespace": "druid", + "doc": { + "partition_key": "__time", + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "filters": [ + "vsys_id" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + } + } + }, + "fields": [ + { + "name": "__time", + "label": "Time", + "type": { + "type": "string", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled" + } + }, + { + "name": "vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled" + }, + "type": "int", + "default": 1 + }, + { + "name": "destination_ip", + "label": "Destination IP", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "attack_type", + "label": "Attack type", + "doc": { + "visibility": "enabled" + }, + "type": "string" + }, + { + "name": "session_rate", + "label": "Sessions/s", + "type": "long", + "doc": { + "constraints": { + "type": "sessions/sec" + }, + "visibility": "enabled" + } + }, + { + "name": "packet_rate", + "label": "Packets/s", + "type": "long", + "doc": { + "constraints": { + "type": "packets/sec" + }, + "visibility": "enabled" + } + }, + { + "name": "bit_rate", + "label": "Bits/s", + "type": "long", + "doc": { + "constraints": { + "type": "bits/sec" + }, + "visibility": "enabled" + } + }, + { + "name": "partition_num", + "label": "Partition Num", + "doc": { + "visibility": "enabled" + }, + "type": "long" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/transaction_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/transaction_record.json new file mode 100644 index 0000000..433d9bc --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/transaction_record.json @@ -0,0 +1,2722 @@ +{ + "type": "record", + "name": "transaction_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_stream_trace_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/transaction_record/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_host", + "http_domain", + "http_url", + "http_sequence", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_type", + "http_response_content_type", + "http_request_line", + "http_response_line", + "http_version", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_cookie", + "http_set_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_response_latency_ms", + "http_session_duration_ms", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "http_host", + "http_domain", + "http_url", + "http_request_line", + "http_response_line", + "http_request_body", + "http_response_body", + "http_sequence", + "http_cookie", + "http_referer", + "http_user_agent", + "http_request_content_length", + "http_request_content_type", + "http_response_content_length", + "http_response_content_type", + "http_set_cookie", + "http_response_latency_ms", + "http_session_duration_ms", + "dns_message_id", + "dns_qr", + "dns_opcode", + "dns_rcode", + "dns_qdcount", + "dns_ancount", + "dns_nscount", + "dns_arcount", + "dns_response_latency_ms", + "dns_qname", + "dns_qtype", + "dns_qclass", + "dns_sub", + "dns_cname", + "dns_rr" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "BASE": { + "$ref": "public_schema_info.json#/schema_type/BASE" + }, + "HTTP": { + "$ref": "public_schema_info.json#/schema_type/HTTP" + }, + "MAIL": { + "$ref": "public_schema_info.json#/schema_type/MAIL" + }, + "DNS": { + "$ref": "public_schema_info.json#/schema_type/DNS" + }, + "SSL": { + "$ref": "public_schema_info.json#/schema_type/SSL" + }, + "QUIC": { + "$ref": "public_schema_info.json#/schema_type/QUIC" + }, + "FTP": { + "$ref": "public_schema_info.json#/schema_type/FTP" + }, + "BGP": { + "$ref": "public_schema_info.json#/schema_type/BGP" + }, + "SIP": { + "$ref": "public_schema_info.json#/schema_type/SIP" + }, + "RTP": { + "$ref": "public_schema_info.json#/schema_type/RTP" + }, + "APP": { + "$ref": "public_schema_info.json#/schema_type/APP" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "common_server_ip", + "common_server_port", + "common_schema_type" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_tunnels", + "common_sessions", + "common_flags_identify_info", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "http_request_body", + "http_response_body" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Receive Time" + }, + { + "name": "common_log_id", + "type": "long", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Log ID" + }, + { + "name": "common_policy_id", + "type": "long", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "Policy ID" + }, + { + "name": "common_subscriber_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Subscriber ID" + }, + { + "name": "common_imei", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "IMEI" + }, + { + "name": "common_imsi", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "IMSI" + }, + { + "name": "common_phone_number", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Phone Number" + }, + { + "name": "common_in_src_mac", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Incoming Source MAC" + }, + { + "name": "common_out_src_mac", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Outgoing Source MAC" + }, + { + "name": "common_client_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Client IP" + }, + { + "name": "common_internal_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Internal IP" + }, + { + "name": "common_client_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Client Port" + }, + { + "name": "common_l4_protocol", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "L4 Protocol" + }, + { + "name": "common_address_type", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Address Type" + }, + { + "name": "common_server_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Server IP" + }, + { + "name": "common_server_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Server Port" + }, + { + "name": "common_external_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "External IP" + }, + { + "name": "common_action", + "type": "int", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "label": "Action" + }, + { + "name": "common_direction", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "label": "Direction" + }, + { + "name": "common_entrance_id", + "type": "int", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "label": "Entrance ID" + }, + { + "name": "common_sled_ip", + "type": "string", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Sled IP" + }, + { + "name": "common_client_location", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Client Location" + }, + { + "name": "common_client_asn", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Client ASN" + }, + { + "name": "common_server_location", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Server Location" + }, + { + "name": "common_server_asn", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Server ASN" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Outgoing Destination MAC" + }, + { + "name": "common_sessions", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Sessions" + }, + { + "name": "common_c2s_pkt_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Packets Sent" + }, + { + "name": "common_s2c_pkt_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Packets Received" + }, + { + "name": "common_c2s_byte_num", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Bytes Sent" + }, + { + "name": "common_s2c_byte_num", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Bytes Received" + }, + { + "name": "common_c2s_pkt_diff", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Packets Sent (Delta)" + }, + { + "name": "common_s2c_pkt_diff", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Packets Received (Delta)" + }, + { + "name": "common_c2s_byte_diff", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Bytes Sent (Delta)" + }, + { + "name": "common_s2c_byte_diff", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Bytes Received (Delta)" + }, + { + "name": "common_service", + "type": "int", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "label": "Service" + }, + { + "name": "common_schema_type", + "type": "string", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "BASE", + "value": "BASE" + }, + { + "code": "DNS", + "value": "DNS" + }, + { + "code": "HTTP", + "value": "HTTP" + }, + { + "code": "SIP", + "value": "SIP" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Schema Type" + }, + { + "name": "common_vsys_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Vsys ID", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "type": "string", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "label": "User Tags" + }, + { + "name": "common_sub_action", + "type": "string", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "label": "Sub Action" + }, + { + "name": "common_user_region", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "User Region" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Device ID" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "type": "string", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "label": "ISP" + }, + { + "name": "common_device_tag", + "type": "string", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "label": "Device Tag" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Encapsulation" + }, + { + "name": "common_app_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Application Label" + }, + { + "name": "common_tunnels", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "label": "Tunnels" + }, + { + "name": "common_protocol_label", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Protocol Label" + }, + { + "name": "common_app_id", + "type": "string", + "label": "Application ID", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "type": "string", + "label": "Surrogate ID", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "L7 Protocol" + }, + { + "name": "common_service_category", + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + }, + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "FQDN Category" + }, + { + "name": "common_start_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Start Time" + }, + { + "name": "common_end_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "End Time" + }, + { + "name": "common_establish_latency_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "TCP Handshake Latency (ms)" + }, + { + "name": "common_con_duration_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Duration (ms)" + }, + { + "name": "common_stream_dir", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Stream Direction(Deprecated)" + }, + { + "name": "common_address_list", + "type": "string", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "label": "Address List" + }, + { + "name": "common_has_dup_traffic", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "Duplication Traffic" + }, + { + "name": "common_stream_error", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "Stream Error" + }, + { + "name": "common_stream_trace_id", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "Session ID" + }, + { + "name": "common_link_info_c2s", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "Link Info (c2s)" + }, + { + "name": "common_link_info_s2c", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "Link Info (s2c)" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "ttl": null, + "constraints": { + "type": "file" + } + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Fragmentation Packets (c2s)" + }, + { + "name": "common_s2c_ipfrag_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Fragmentation Packets (s2c)" + }, + { + "name": "common_c2s_tcp_lostlen", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Sequence Gap Loss (c2s)" + }, + { + "name": "common_s2c_tcp_lostlen", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Sequence Gap Loss (s2c)" + }, + { + "name": "common_c2s_tcp_unorder_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Unordered Packets (c2s)" + }, + { + "name": "common_s2c_tcp_unorder_num", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Unordered Packets (s2c)" + }, + { + "name": "common_c2s_pkt_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Packet Retransmission (c2s)" + }, + { + "name": "common_s2c_pkt_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Packet Retransmission (s2c)" + }, + { + "name": "common_c2s_byte_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Byte Retransmission (c2s)" + }, + { + "name": "common_s2c_byte_retrans", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "Byte Retransmission (s2c)" + }, + { + "name": "common_tcp_client_isn", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "TCP Client ISN" + }, + { + "name": "common_tcp_server_isn", + "type": "long", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "TCP Server ISN" + }, + { + "name": "common_first_ttl", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "First TTL" + }, + { + "name": "common_processing_time", + "type": { + "type": "long", + "logicalType": "timestamp" + }, + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "Processing Time" + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "http_url", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.URL" + }, + { + "name": "http_host", + "type": "string", + "doc": { + "format": [ + { + "function": "sub_domain", + "appendTo": "http_domain" + }, + { + "function": "sub_domain", + "appendTo": "common_server_domain" + }, + { + "function": "get_value", + "appendTo": "common_server_fqdn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Host" + }, + { + "name": "http_domain", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Domain(Deprecated)" + }, + { + "name": "http_request_line", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Request Line" + }, + { + "name": "http_response_line", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Response Line" + }, + { + "name": "http_request_header", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Request Headers" + }, + { + "name": "http_response_header", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Response Headers" + }, + { + "name": "http_request_content", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Request Content" + }, + { + "name": "http_request_content_length", + "label": "HTTP.Request Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_content_type", + "label": "HTTP.Request Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Response Content" + }, + { + "name": "http_response_content_length", + "label": "HTTP.Response Content Length", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_response_content_type", + "label": "HTTP.Response Content Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "http_request_body", + "type": "string", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Request Body" + }, + { + "name": "http_response_body", + "type": "string", + "doc": { + "allow_query": "false", + "constraints": { + "type": "file" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Response Body" + }, + { + "name": "http_proxy_flag", + "type": "int", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Proxy Flag" + }, + { + "name": "http_sequence", + "type": "int", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Sequence" + }, + { + "name": "http_snapshot", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Snapshot" + }, + { + "name": "http_cookie", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Cookie" + }, + { + "name": "http_referer", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Referer" + }, + { + "name": "http_user_agent", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.User Agent" + }, + { + "name": "http_set_cookie", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Set Cookie" + }, + { + "name": "http_version", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Version" + }, + { + "name": "http_response_latency_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Response Latency (ms)" + }, + { + "name": "http_session_duration_ms", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "HTTP.Session Duration (ms)" + }, + { + "name": "http_action_file_size", + "type": "int", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "label": "HTTP.Action File Size" + }, + { + "name": "dns_message_id", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.Message ID" + }, + { + "name": "dns_qr", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "RESPONSE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.QR" + }, + { + "name": "dns_opcode", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "QUERY" + }, + { + "code": "1", + "value": "IQUERY" + }, + { + "code": "2", + "value": "STATUS" + }, + { + "code": "5", + "value": "UPDATE" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.OPCODE" + }, + { + "name": "dns_aa", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.AA" + }, + { + "name": "dns_tc", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.TC" + }, + { + "name": "dns_rd", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.RD" + }, + { + "name": "dns_ra", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.RA" + }, + { + "name": "dns_rcode", + "type": "int", + "doc": { + "data": [ + { + "code": 0, + "value": "NoError" + }, + { + "code": 1, + "value": "FormErr" + }, + { + "code": 2, + "value": "ServFail" + }, + { + "code": 3, + "value": "NXDomain" + }, + { + "code": 4, + "value": "NotImp" + }, + { + "code": 5, + "value": "Refused" + }, + { + "code": 6, + "value": "YXDomain" + }, + { + "code": 7, + "value": "YXRRSet" + }, + { + "code": 8, + "value": "NXRRSet" + }, + { + "code": 9, + "value": "NotAuth" + }, + { + "code": 10, + "value": "NotZone" + }, + { + "code": 16, + "value": "BADSIG" + }, + { + "code": 17, + "value": "BADKEY" + }, + { + "code": 18, + "value": "BADTIME" + }, + { + "code": 19, + "value": "BADMODE" + }, + { + "code": 20, + "value": "BADNAME" + }, + { + "code": 21, + "value": "BADALG" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.RCODE" + }, + { + "name": "dns_qdcount", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.QDCOUNT" + }, + { + "name": "dns_ancount", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.ANCOUNT" + }, + { + "name": "dns_nscount", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.NSCOUNT" + }, + { + "name": "dns_arcount", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.ARCOUNT" + }, + { + "name": "dns_qname", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.QNAME" + }, + { + "name": "dns_qtype", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "A" + }, + { + "code": "2", + "value": "NS" + }, + { + "code": "3", + "value": "MD" + }, + { + "code": "4", + "value": "MF" + }, + { + "code": "5", + "value": "CNAME" + }, + { + "code": "6", + "value": "SOA" + }, + { + "code": "7", + "value": "MB" + }, + { + "code": "8", + "value": "MG" + }, + { + "code": "9", + "value": "MR" + }, + { + "code": "10", + "value": "NULL" + }, + { + "code": "11", + "value": "WKS" + }, + { + "code": "12", + "value": "PTR" + }, + { + "code": "13", + "value": "HINFO" + }, + { + "code": "14", + "value": "MINFO" + }, + { + "code": "15", + "value": "MX" + }, + { + "code": "16", + "value": "TXT" + }, + { + "code": "17", + "value": "RP" + }, + { + "code": "18", + "value": "AFSDB" + }, + { + "code": "19", + "value": "X25" + }, + { + "code": "20", + "value": "ISDN" + }, + { + "code": "21", + "value": "RT" + }, + { + "code": "22", + "value": "NSAP" + }, + { + "code": "23", + "value": "NSAP" + }, + { + "code": "24", + "value": "SIG" + }, + { + "code": "25", + "value": "KEY" + }, + { + "code": "26", + "value": "PX" + }, + { + "code": "27", + "value": "GPOS" + }, + { + "code": "28", + "value": "AAAA" + }, + { + "code": "29", + "value": "LOC" + }, + { + "code": "30", + "value": "EID" + }, + { + "code": "31", + "value": "NIMLOC" + }, + { + "code": "32", + "value": "NB" + }, + { + "code": "33", + "value": "SRV" + }, + { + "code": "34", + "value": "ATMA" + }, + { + "code": "35", + "value": "NAPTR" + }, + { + "code": "36", + "value": "KX" + }, + { + "code": "37", + "value": "CERT" + }, + { + "code": "38", + "value": "A6" + }, + { + "code": "39", + "value": "DNAME" + }, + { + "code": "40", + "value": "SINK" + }, + { + "code": "41", + "value": "OPT" + }, + { + "code": "42", + "value": "APL" + }, + { + "code": "43", + "value": "DS" + }, + { + "code": "44", + "value": "SSHFP" + }, + { + "code": "45", + "value": "IPSECKEY" + }, + { + "code": "46", + "value": "RRSIG" + }, + { + "code": "47", + "value": "NSEC" + }, + { + "code": "48", + "value": "DNSKEY" + }, + { + "code": "49", + "value": "DHCID" + }, + { + "code": "50", + "value": "NSEC3" + }, + { + "code": "51", + "value": "NSEC3PARAM" + }, + { + "code": "52", + "value": "TLSA" + }, + { + "code": "53", + "value": "SMIMEA" + }, + { + "code": "55", + "value": "HIP" + }, + { + "code": "59", + "value": "CDS" + }, + { + "code": "60", + "value": "CDNSKEY" + }, + { + "code": "61", + "value": "OPENPGPKEY" + }, + { + "code": "62", + "value": "CSYNC" + }, + { + "code": "63", + "value": "ZONEMD" + }, + { + "code": "64", + "value": "SVCB" + }, + { + "code": "65", + "value": "HTTPS" + }, + { + "code": "99", + "value": "SPF" + }, + { + "code": "100", + "value": "UINFO" + }, + { + "code": "101", + "value": "UID" + }, + { + "code": "102", + "value": "GID" + }, + { + "code": "103", + "value": "UNSPEC" + }, + { + "code": "108", + "value": "EUI48" + }, + { + "code": "109", + "value": "EUI64" + }, + { + "code": "249", + "value": "TKEY" + }, + { + "code": "250", + "value": "TSIG" + }, + { + "code": "251", + "value": "IXFR" + }, + { + "code": "252", + "value": "AXFR" + }, + { + "code": "253", + "value": "MAILB" + }, + { + "code": "254", + "value": "MAILA" + }, + { + "code": "255", + "value": "*" + }, + { + "code": "256", + "value": "URI" + }, + { + "code": "257", + "value": "CAA" + }, + { + "code": "32768", + "value": "TA" + }, + { + "code": "32769", + "value": "DLV" + }, + { + "code": "65521", + "value": "INTEGRITY" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.QTYPE" + }, + { + "name": "dns_qclass", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.QCLASS" + }, + { + "name": "dns_cname", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.CNAME" + }, + { + "name": "dns_sub", + "type": "int", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "DNS" + }, + { + "code": "2", + "value": "DNSSEC" + } + ], + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.SUB" + }, + { + "name": "dns_rr", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "DNS.RR" + }, + { + "name": "dns_response_latency_ms", + "label": "DNS.Response Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_call_id", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Call-ID" + }, + { + "name": "sip_originator_description", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Originator" + }, + { + "name": "sip_responder_description", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Responder" + }, + { + "name": "sip_user_agent", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.User-Agent" + }, + { + "name": "sip_server", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Server" + }, + { + "name": "sip_originator_sdp_connect_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Originator IP" + }, + { + "name": "sip_originator_sdp_media_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Originator Port" + }, + { + "name": "sip_originator_sdp_media_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Originator Media Type" + }, + { + "name": "sip_originator_sdp_content", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Originator Content" + }, + { + "name": "sip_responder_sdp_connect_ip", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Responder IP" + }, + { + "name": "sip_responder_sdp_media_port", + "type": "int", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Responder Port" + }, + { + "name": "sip_responder_sdp_media_type", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Responder Media Type" + }, + { + "name": "sip_responder_sdp_content", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Responder Content" + }, + { + "name": "sip_duration_s", + "type": "int", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Duration (s)" + }, + { + "name": "sip_bye", + "type": "string", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "label": "SIP.Bye" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/version.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/version.json new file mode 100644 index 0000000..ab423a9 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/version.json @@ -0,0 +1,316 @@ +{ + "product": "Galaxy cluster install package", + "version": "23.06", + "registered": "Geedge", + "updated": "2023-06-27 12:00:00", + "components": { + "oss": [ + { + "name": "Zookeeper", + "version": "3.4.10", + "licenseType": "Apache License 2.0", + "description": "分布式应用程序协调服务" + }, + { + "name": "Kafka", + "version": "1.0.0", + "licenseType": "Apache License 2.0", + "description": "消息队列" + }, + { + "name": "Hadoop", + "version": "2.7.1", + "licenseType": "Apache License 2.0", + "description": "用于存储HBase数据及Flink任务元数据信息" + }, + { + "name": "HBase", + "version": "2.2.3", + "licenseType": "Apache License 2.0", + "description": "用于文件系统和存储Radius数据" + }, + { + "name": "Flink", + "version": "1.13.1", + "licenseType": "Apache License 2.0", + "description": "流数据计算框架用于日志预处理及部分统计" + }, + { + "name": "Clickhouse", + "version": "21.8.13.1.altinitystable", + "licenseType": "Apache License 2.0", + "description": "原始日志数据库" + }, + { + "name": "Druid", + "version": "0.18.1", + "licenseType": "Apache License 2.0", + "description": "分析实时数据并提供低延迟查询的OLAP应用程序" + }, + { + "name": "Gohangout", + "version": "1.15.2.20230310", + "description": "动态获取Clickhouse日志表字段类型,解析ETL处理后日志入库程序" + }, + { + "name": "Nacos", + "version": "2.0.2", + "licenseType": "Apache License 2.0", + "description": "分布式配置中心" + }, + { + "name": "Mariadb", + "version": "10.5.3", + "licenseType": "Apache License 2.0", + "description": "传统数据库用于nacos/druid/galaxy-job-service数据存储" + }, + { + "name": "Arangodb", + "version": "3.6.4", + "licenseType": "Apache License 2.0", + "description": "图数据库用于存储IPlearning统计结果" + }, + { + "name": "cmak", + "version": "3.0.0.6", + "licenseType": "Apache License 2.0", + "description": "Kafka 管理界面" + } + ], + "apps": [ + { + "name": "Galaxy-qgw-service", + "version": "368", + "description": "数据平台对外统一查询网关" + }, + { + "name": "Galaxy-report-service", + "version": "23.05.01", + "description": "自定义报表查询服务" + }, + { + "name": "Galaxy-hos-service", + "version": "23.06.07", + "description": "对象存储服务" + }, + { + "name": "Galaxy-job-admin", + "version": "v1.3.220308", + "description": "分布式任务调度平台" + }, + { + "name": "Galaxy-job-executor", + "version": "v1.3.230522", + "description": "分布式任务调度平台-执行器" + }, + { + "name": "Nginx", + "version": "1.17.0", + "description": "查询网管负载均衡器" + }, + { + "name": "Chproxy", + "version": "21.06.30", + "description": "Clickhouse查询负载均衡器" + }, + { + "name": "Node-exporter", + "version": "1.2.2", + "description": "采集服务器基础资源指标插件(Prometheus)" + }, + { + "name": "packet_dump", + "version": "v3.0.7-90f1ed2b", + "description": "DPI补包插件" + } + ], + "tasks": [ + { + "name": "flink", + "topology": [ + { + "name": "log-completion-schema-230607-FastJson2.jar", + "md5": "6660f70d94ae9d5ff83d3293972d9a23", + "description": "ETL程序用于原始日志补全及汇聚程序" + }, + { + "name": "flink-dos-detection.jar", + "md5": "9c058afdb5054dc03b6b44db37c11b3a", + "description": "Ddos威胁检测程序" + }, + { + "name": "topn-metrics-job-23-06-02.jar", + "md5": "ed18d989044bef78b3165f59c5371ff9", + "description": "TOPN计算程序" + }, + { + "name": "app-protocol-stat-traffic-merge-230530.jar", + "md5": "657466b17fc8292d2c6cf32c539e45c5", + "description": "livecharts统计程序" + }, + { + "name": "radius-account-knowledge-230607-FastJson2.jar", + "md5": "500aa9489f7fcb05d1c8fb8a9d54dac3", + "description": "Raidus用户上下线信息记录程序" + }, + { + "name": "log-stream-voip-relation-230607-FastJson2.jar", + "md5": "b5f57645949f2e7ca6cd77ac7b06a68d", + "description": "VOIP融合程序" + }, + { + "name": "radius-relation-23-06-02.jar", + "md5": "cb35179a218ae1c49bf09b11407f3200", + "description": "Radius subscriber知识库学习程序" + }, + { + "name": "relationship-gtpc-user-23-06-02.jar", + "md5": "252a5671578669055acf2cac75225ab1", + "description": "GTP-C知识库学习程序" + } + ] + }, + { + "name": "druid", + "topology": [ + { + "name": "service_chaining_rule_hits", + "description": "服务链统计结果表" + }, + { + "name": "service_function_status", + "description": "服务链统计结果表" + }, + { + "name": "traffic_general_stat", + "description": "流量基础指标统计结果表" + }, + { + "name": "application_protocol_stat", + "description": "协议与应用统计结果表" + }, + { + "name": "top_client_ips", + "description": "活跃客户端IP排名统计结果表" + }, + { + "name": "top_server_ips", + "description": "活跃服务端IP排名统计结果表" + }, + { + "name": "top_external_ips", + "description": "活跃外部IP排名统计结果表" + }, + { + "name": "top_internal_ips", + "description": "活跃内部IP排名统计结果表" + }, + { + "name": "top_server_domains", + "description": "活跃域名(有效的实质二级域名)排名统计结果表" + }, + { + "name": "top_server_fqdns", + "description": "活跃完全限定域名排名统计结果表" + }, + { + "name": "top_subscribers", + "description": "活跃Subscriber ID排名统计结果表" + }, + { + "name": "traffic_shaping_rule_hits", + "description": "流量整形统计结果表" + }, + { + "name": "security_rule_hits", + "description": "安全策略规则命中统计结果表" + }, + { + "name": "proxy_rule_hits", + "description": "代理策略规则命中统计结果表" + }, + { + "name": "traffic_top_destination_ip_metrics_log", + "description": "Dos检测服务端IP流量统计结果表" + }, + { + "name": "sys_storage_log", + "description": "系统存储容量统计结果表" + } + ], + "segments": [ + { + "name": "segments.zip", + "md5": "18b26f56532cc389d5207ff2a83fb78a", + "description": "内置segments用于生成对应的基础表结构" + }, + { + "name": "druid_segments-tsg3.0.sql", + "md5": "dec5970745497f7d9d5a409da36a736c", + "description": "内置segments元数据信息sql数据" + } + ] + }, + { + "name": "gohangout", + "topology": [ + { + "name": "k2ck_active_defence_event_tsgv3", + "description": "主动防御事件日志入库程序" + }, + { + "name": "k2ck_dos_event_tsgv3", + "description": "Dos检测结果日志入库程序" + }, + { + "name": "k2ck_gtpc_record_tsgv3", + "description": "GTP-C流量日志入库程序" + }, + { + "name": "k2ck_interim_session_record_tsgv3", + "description": "过渡会话日志日志入库程序" + }, + { + "name": "k2ck_proxy_event_tsgv3", + "description": "代理策略命中日志入库程序" + }, + { + "name": "k2ck_radius_onff_tsgv3", + "description": "Radius用户上下线日志入库程序" + }, + { + "name": "k2ck_radius_record_tsgv3", + "description": "Radius流量日志入库程序" + }, + { + "name": "k2ck_security_event_tsgv3", + "description": "安全策略命中日志入库程序" + }, + { + "name": "k2ck_session_record_tsgv3", + "description": "会话日志入库程序" + }, + { + "name": "k2ck_sys_packet_capture_event_tsgv3", + "description": "捕包事件日志入库程序" + }, + { + "name": "k2ck_transaction_record_tsgv3", + "description": "过渡会话日志入库程序" + }, + { + "name": "k2ck_voip_record_tsgv3", + "description": "Voip关联日志入库程序" + } + ], + "description": "ETL处理日志/统计结果日志/数据关联日志入库相关任务" + }, + { + "name": "clickhouse", + "topology": "create_ck_table.sql", + "md5": "3d5db04e13abb18dd9e0fd48f88363b5", + "description": "Clickhouse 基于VSYS_ID为主键的全量建表语句" + } + ] + } +}
\ No newline at end of file diff --git a/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/voip_record.json b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/voip_record.json new file mode 100644 index 0000000..479df88 --- /dev/null +++ b/MPE/nacos/MSH/nacos_config_export_20230724161814/Galaxy/voip_record.json @@ -0,0 +1,2031 @@ +{ + "type": "record", + "name": "voip_record", + "namespace": "tsg_galaxy_v3", + "doc": { + "primary_key": "common_log_id", + "partition_key": "common_recv_time", + "ttl": null, + "default_ttl": 2592000, + "index_key": { + "$ref": "public_schema_info.json#/voip_record/index_key" + }, + "functions": { + "$ref": "public_schema_info.json#/functions" + }, + "schema_query": { + "dimensions": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_duration_s", + "sip_bye", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "rtp_originator_dir" + ], + "metrics": [ + "common_start_time", + "common_end_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_l4_protocol", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_sessions", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_duration_s" + ], + "filters": [ + "common_stream_trace_id", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_device_id", + "common_data_center", + "common_sled_ip", + "common_device_group", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_action", + "common_sub_action", + "common_policy_id", + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac", + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac", + "common_app_full_path", + "common_app_identify_info", + "common_app_label", + "common_app_behavior", + "common_protocol_label", + "common_service_category", + "common_l4_protocol", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "sip_call_id", + "sip_originator_description", + "sip_responder_description", + "sip_user_agent", + "sip_server", + "sip_duration_s", + "sip_bye", + "rtp_payload_type_c2s", + "rtp_payload_type_s2c", + "rtp_originator_dir" + ], + "references": { + "$ref": "public_schema_info.json#/schema_query/references" + }, + "details": { + "general": [ + "common_recv_time", + "common_log_id", + "common_stream_trace_id", + "common_address_type", + "common_schema_type", + "common_vsys_id", + "common_t_vsys_id", + "common_flags", + "common_flags_identify_info", + "common_direction", + "common_stream_dir", + "common_start_time", + "common_end_time", + "common_con_duration_ms", + "common_establish_latency_ms", + "common_processing_time", + "common_ingestion_time", + "common_entrance_id", + "common_device_id", + "common_egress_link_id", + "common_ingress_link_id", + "common_isp", + "common_data_center", + "common_device_group", + "common_sled_ip" + ], + "source": [ + "common_client_ip", + "common_internal_ip", + "common_client_port", + "common_client_location", + "common_client_asn", + "common_subscriber_id", + "common_imei", + "common_imsi", + "common_phone_number", + "common_in_src_mac", + "common_out_src_mac" + ], + "destination": [ + "common_server_ip", + "common_external_ip", + "common_server_port", + "common_server_location", + "common_server_asn", + "common_server_fqdn", + "common_server_domain", + "common_in_dest_mac", + "common_out_dest_mac" + ], + "application": [ + "common_app_id", + "common_app_full_path", + "common_userdefine_app_name", + "common_app_identify_info", + "common_app_label", + "common_app_surrogate_id", + "common_l7_protocol", + "common_protocol_label", + "common_service_category", + "common_service", + "common_l4_protocol", + "common_app_behavior" + ], + "transmission": [ + "common_sessions", + "common_c2s_pkt_num", + "common_s2c_pkt_num", + "common_c2s_byte_num", + "common_s2c_byte_num", + "common_c2s_pkt_diff", + "common_s2c_pkt_diff", + "common_c2s_byte_diff", + "common_s2c_byte_diff", + "common_c2s_ipfrag_num", + "common_s2c_ipfrag_num", + "common_c2s_tcp_lostlen", + "common_s2c_tcp_lostlen", + "common_c2s_tcp_unorder_num", + "common_s2c_tcp_unorder_num", + "common_c2s_pkt_retrans", + "common_s2c_pkt_retrans", + "common_c2s_byte_retrans", + "common_s2c_byte_retrans", + "common_first_ttl", + "common_tcp_client_isn", + "common_tcp_server_isn", + "common_mirrored_pkts", + "common_mirrored_bytes" + ], + "other": [ + "common_device_tag", + "common_encapsulation", + "common_tunnels", + "common_address_list", + "common_has_dup_traffic", + "common_stream_error", + "common_link_info_c2s", + "common_link_info_s2c", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "common_action", + "common_sub_action", + "common_policy_id", + "common_user_tags", + "common_user_region", + "common_shaping_rule_ids" + ] + } + }, + "schema_type": { + "SIP": { + "$ref": "public_schema_info.json#/schema_type/SIP" + }, + "RTP": { + "$ref": "public_schema_info.json#/schema_type/RTP" + }, + "VoIP": { + "$ref": "public_schema_info.json#/schema_type/VoIP" + } + }, + "default_columns": [ + "common_recv_time", + "common_log_id", + "common_subscriber_id", + "common_client_ip", + "sip_originator_description", + "sip_responder_description", + "sip_call_id", + "common_server_ip", + "common_server_port", + "rtp_pcap_path", + "rtp_originator_dir" + ], + "internal_columns": [ + "common_recv_time", + "common_log_id", + "common_sessions", + "common_flags_identify_info", + "common_app_identify_info", + "common_packet_capture_file", + "common_tunnel_endpoint_a_desc", + "common_tunnel_endpoint_b_desc", + "rtp_pcap_path" + ], + "tunnel_type": { + "$ref": "public_schema_info.json#/tunnel_type" + } + }, + "fields": [ + { + "name": "common_recv_time", + "label": "Receive Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_log_id", + "label": "Log ID", + "doc": { + "format": [ + { + "function": "snowflake_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_policy_id", + "label": "Policy ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_subscriber_id", + "label": "Subscriber ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imei", + "label": "IMEI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_imsi", + "label": "IMSI", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_phone_number", + "label": "Phone Number", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_src_mac", + "label": "Incoming Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_src_mac", + "label": "Outgoing Source MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_ip", + "label": "Client IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_client_asn" + }, + { + "function": "radius_match", + "appendTo": "common_subscriber_id" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_internal_ip", + "label": "Internal IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_port", + "label": "Client Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_l4_protocol", + "label": "L4 Protocol", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_address_type", + "label": "Address Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "4", + "value": "ipv4" + }, + { + "code": "6", + "value": "ipv6" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_server_ip", + "label": "Server IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "geo_asn", + "appendTo": "common_server_asn" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_port", + "label": "Server Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_external_ip", + "label": "External IP", + "doc": { + "constraints": { + "type": "ip" + }, + "format": [ + { + "function": "if", + "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_action", + "label": "Action", + "doc": { + "visibility": "hidden", + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "None" + }, + { + "code": "1", + "value": "Monitor" + }, + { + "code": "2", + "value": "Intercept" + }, + { + "code": "16", + "value": "Deny" + }, + { + "code": "96", + "value": "Allow" + }, + { + "code": "128", + "value": "Allow(Deprecated)" + } + ], + "ttl": null + }, + "type": "int" + }, + { + "name": "common_direction", + "label": "Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "69", + "value": "outbound" + }, + { + "code": "73", + "value": "inbound" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_entrance_id", + "label": "Entrance ID", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_sled_ip", + "label": "Sled IP", + "doc": { + "constraints": { + "type": "ip" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_location", + "label": "Client Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_client_asn", + "label": "Client ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_location", + "label": "Server Location", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_asn", + "label": "Server ASN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_fqdn", + "label": "Server FQDN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_server_domain", + "label": "Server Domain", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_in_dest_mac", + "label": "Incoming Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_out_dest_mac", + "label": "Outgoing Destination MAC", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sessions", + "label": "Sessions", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_num", + "label": "Packets Sent", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_num", + "label": "Packets Received", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_num", + "label": "Bytes Sent", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_num", + "label": "Bytes Received", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_diff", + "label": "Packets Sent (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_diff", + "label": "Packets Received (Delta)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_diff", + "label": "Bytes Sent (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_diff", + "label": "Bytes Received (Delta)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "disabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_service", + "label": "Service", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_schema_type", + "label": "Schema Type", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "VoIP", + "value": "VoIP" + }, + { + "code": "SIP", + "value": "SIP" + }, + { + "code": "RTP", + "value": "RTP" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_vsys_id", + "label": "Vsys ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int", + "default": 1 + }, + { + "name": "common_t_vsys_id", + "label": "Traffic Vsys ID", + "doc": { + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_flags", + "label": "Flags", + "doc": { + "constraints": { + "type": "bit", + "operator_functions": "=,!=,bitAnd" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_flags/data" + }, + "allow_query": "false", + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "bit" + } + }, + { + "name": "common_flags_identify_info", + "label": "Flags Identify Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_tags", + "label": "User Tags", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_sub_action", + "label": "Sub Action", + "doc": { + "data": [ + { + "code": "allow", + "value": "Allow" + }, + { + "code": "deny", + "value": "Deny" + }, + { + "code": "monitor", + "value": "Monitor" + }, + { + "code": "replace", + "value": "Replace" + }, + { + "code": "redirect", + "value": "Redirect" + }, + { + "code": "insert", + "value": "Insert" + }, + { + "code": "hijack", + "value": "Hijack" + } + ], + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_user_region", + "label": "User Region", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_shaping_rule_ids", + "label": "Shaping Rule IDs", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "hidden", + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_device_id", + "label": "Device ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_egress_link_id", + "label": "Egress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_ingress_link_id", + "label": "Ingress Link ID", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_isp", + "label": "ISP", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_tag", + "label": "Device Tag", + "doc": { + "visibility": "hidden", + "format": [ + { + "function": "flattenSpec", + "appendTo": "common_data_center", + "param": "$.tags[?(@.tag=='data_center')][0].value" + }, + { + "function": "flattenSpec", + "appendTo": "common_device_group", + "param": "$.tags[?(@.tag=='device_group')][0].value" + } + ], + "ttl": null + }, + "type": "string" + }, + { + "name": "common_data_center", + "label": "Data Center", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']", + "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_device_group", + "label": "Device Group", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "device_tag.json#", + "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']", + "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_behavior", + "label": "Application Behavior", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_encapsulation", + "label": "Encapsulation", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_encapsulation/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_app_label", + "label": "Application Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnels", + "label": "Tunnels", + "doc": { + "visibility": "hidden", + "ttl": null, + "format": [ + { + "function": "gtpc_match", + "appendTo": "common_imsi,common_imei,common_phone_number", + "param": "$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_a2b_teid,$.[?(@.tunnels_schema_type=='GTP')][0].gtp_endpoint_b2a_teid" + } + ] + }, + "type": "string" + }, + { + "name": "common_protocol_label", + "label": "Protocol Label", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_id", + "label": "Application ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_full_path", + "label": "Application Full Path", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_userdefine_app_name", + "label": "User Define App Name", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_app_identify_info", + "label": "App Identity Info", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_app_surrogate_id", + "label": "Surrogate ID", + "type": "string", + "doc": { + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_l7_protocol", + "label": "L7 Protocol", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_service_category", + "label": "FQDN Category", + "doc": { + "constraints": { + "operator_functions": "has,notEmpty,empty" + }, + "visibility": "disabled", + "dict_location": { + "path": "/v1/category/dict", + "key": "categoryId", + "value": "categoryName" + }, + "ttl": null + }, + "type": { + "type": "array", + "items": "int", + "logicalType": "array" + } + }, + { + "name": "common_start_time", + "label": "Start Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_end_time", + "label": "End Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_establish_latency_ms", + "label": "TCP Handshake Latency (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_con_duration_ms", + "label": "Duration (ms)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_stream_dir", + "label": "Stream Direction(Deprecated)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + }, + { + "code": "3", + "value": "double" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_address_list", + "label": "Address List", + "doc": { + "visibility": "disabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_has_dup_traffic", + "label": "Duplication Traffic", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": { + "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_stream_error", + "label": "Stream Error", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_stream_trace_id", + "label": "Session ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_link_info_c2s", + "label": "Link Info (c2s)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_link_info_s2c", + "label": "Link Info (s2c)", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_packet_capture_file", + "label": "Packet Capture File", + "doc": { + "visibility": "hidden", + "constraints": { + "type": "file" + }, + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_a_desc", + "label": "Tunnel Endpoint A Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_tunnel_endpoint_b_desc", + "label": "Tunnel Endpoint B Description", + "doc": { + "visibility": "hidden", + "ttl": null + }, + "type": "string" + }, + { + "name": "common_c2s_ipfrag_num", + "label": "Fragmentation Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_ipfrag_num", + "label": "Fragmentation Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_lostlen", + "label": "Sequence Gap Loss (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_lostlen", + "label": "Sequence Gap Loss (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_tcp_unorder_num", + "label": "Unordered Packets (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_tcp_unorder_num", + "label": "Unordered Packets (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_pkt_retrans", + "label": "Packet Retransmission (c2s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_pkt_retrans", + "label": "Packet Retransmission (s2c)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_c2s_byte_retrans", + "label": "Byte Retransmission (c2s)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_s2c_byte_retrans", + "label": "Byte Retransmission (s2c)", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_client_isn", + "label": "TCP Client ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_tcp_server_isn", + "label": "TCP Server ISN", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "long" + }, + { + "name": "common_first_ttl", + "label": "First TTL", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + }, + "type": "int" + }, + { + "name": "common_processing_time", + "label": "Processing Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "current_timestamp" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_ingestion_time", + "label": "Ingestion Time", + "doc": { + "constraints": { + "type": "timestamp" + }, + "format": [ + { + "function": "ingestion_time" + }, + { + "function": "get_value", + "appendTo": "common_recv_time" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": { + "type": "long", + "logicalType": "timestamp" + } + }, + { + "name": "common_mirrored_pkts", + "label": "Mirrored Packets", + "type": "long", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "common_mirrored_bytes", + "label": "Mirrored Bytes", + "type": "long", + "doc": { + "constraints": { + "type": "bytes" + }, + "visibility": "hidden", + "ttl": null + } + }, + { + "name": "sip_call_id", + "label": "SIP.Call-ID", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_description", + "label": "SIP.Originator", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_description", + "label": "SIP.Responder", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_user_agent", + "label": "SIP.User-Agent", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_server", + "label": "SIP.Server", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_connect_ip", + "label": "SIP.Originator IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_media_port", + "label": "SIP.Originator Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_originator_sdp_media_type", + "label": "SIP.Originator Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_originator_sdp_content", + "label": "SIP.Originator Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_connect_ip", + "label": "SIP.Responder IP", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_media_port", + "label": "SIP.Responder Port", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_responder_sdp_media_type", + "label": "SIP.Responder Media Type", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_responder_sdp_content", + "label": "SIP.Responder Content", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "sip_duration_s", + "label": "SIP.Duration (s)", + "doc": { + "constraints": { + "type": "decimal" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "sip_bye", + "label": "SIP.Bye", + "doc": { + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_payload_type_c2s", + "label": "RTP.Payload Type (c2s)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_payload_type_s2c", + "label": "RTP.Payload Type (s2c)", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "PCMU" + }, + { + "code": "1", + "value": "1016" + }, + { + "code": "2", + "value": "G721" + }, + { + "code": "3", + "value": "GSM" + }, + { + "code": "4", + "value": "G723" + }, + { + "code": "5", + "value": "DVI4_8000" + }, + { + "code": "6", + "value": "DVI4_16000" + }, + { + "code": "7", + "value": "LPC" + }, + { + "code": "8", + "value": "PCMA" + }, + { + "code": "9", + "value": "G722" + }, + { + "code": "10", + "value": "L16_STEREO" + }, + { + "code": "11", + "value": "L16_MONO" + }, + { + "code": "12", + "value": "QCELP" + }, + { + "code": "13", + "value": "CN" + }, + { + "code": "14", + "value": "MPA" + }, + { + "code": "15", + "value": "G728" + }, + { + "code": "16", + "value": "DVI4_11025" + }, + { + "code": "17", + "value": "DVI4_22050" + }, + { + "code": "18", + "value": "G729" + }, + { + "code": "19", + "value": "CN_OLD" + }, + { + "code": "25", + "value": "CELB" + }, + { + "code": "26", + "value": "JPEG" + }, + { + "code": "28", + "value": "NV" + }, + { + "code": "31", + "value": "H261" + }, + { + "code": "32", + "value": "MPV" + }, + { + "code": "33", + "value": "MP2T" + }, + { + "code": "34", + "value": "H263" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + }, + { + "name": "rtp_pcap_path", + "label": "RTP.PCAP", + "doc": { + "allow_query": "false", + "constraints": { + "type": "files" + }, + "visibility": "enabled", + "ttl": null + }, + "type": "string" + }, + { + "name": "rtp_originator_dir", + "label": "RTP.Direction", + "doc": { + "constraints": { + "operator_functions": "=,!=,in,not in" + }, + "data": [ + { + "code": "0", + "value": "unknown" + }, + { + "code": "1", + "value": "c2s" + }, + { + "code": "2", + "value": "s2c" + } + ], + "visibility": "enabled", + "ttl": null + }, + "type": "int" + } + ] +}
\ No newline at end of file diff --git a/MPE/nacos/PCAP/nacos_config_export_20230724162048/.meta.yml b/MPE/nacos/PCAP/nacos_config_export_20230724162048/.meta.yml new file mode 100644 index 0000000..b078bbc --- /dev/null +++ b/MPE/nacos/PCAP/nacos_config_export_20230724162048/.meta.yml @@ -0,0 +1 @@ +Galaxy.galaxy-hos-service~yml.app=galaxy-hos-service diff --git a/MPE/nacos/PCAP/nacos_config_export_20230724162048/Galaxy/galaxy-hos-service.yml b/MPE/nacos/PCAP/nacos_config_export_20230724162048/Galaxy/galaxy-hos-service.yml new file mode 100644 index 0000000..54113fc --- /dev/null +++ b/MPE/nacos/PCAP/nacos_config_export_20230724162048/Galaxy/galaxy-hos-service.yml @@ -0,0 +1,120 @@ +#服务端口 +server: + port: 8186 + tomcat: + max-threads: 400 +#tomcat缓存大小,单位KB系统默认10M,配置10g +tomcat: + cacheMaxSize: 100000 +#hbase参数 +hbase: + zookeeper_quorum: 192.168.10.193:2181,192.168.10.194:2181,192.168.10.195:2181 + zookeeper_property_clientPort: 2181 + zookeeper_znode_parent: /hbase + client_retries_number: 1 + rpc_timeout: 100000 + connect_pool: 10 + client_write_buffer: 10485760 + client_keyvalue_maxsize: 1024000000 + #批量获取数量 + get_batch: 10000 + #part 最大数据量 + maxParts: 100000 + #每次获取的part数 + get_part_batch: 1000 + #每次追加是否更新主文件 + isUpdate: 1 + #hbase索引表前缀,前缀为以下的都为索引表 + time_index_table_prefix: index_time_ + filename_index_table_prefix: index_filename_ + partfile_index_table_prefix: index_partfile_ + system_bucket_meta: system:bucket_meta + #创建表预分区时的分区,为空则不分区 + region_start_key: 1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + filename_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + part_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + #获取文件大小的目录 + hbasePath: /hbase + #1是集群0是单机,主要针对存储配额获取方式 + standone: 1 + #hadoop集群namenode节点 + namenodes: 192.168.10.193,192.168.10.194 + #hadoop端口 + hadoop_port: 9000 + #建表时是否打开hbase wal,1打开,0关闭 + openWal: 0 + #ttl相关参数 + ttl_scan_batch: 5000 + ttl_scan_caching: 10000 + ttl_delete_batch: 10000 + hadoop_user: root + hadoop_defaultFS: hdfs://ns1 + hadoop_nameservices: ns1 + hadoop_namenodes_ns1: nn1,nn2 + hadoop_replication: 2 +#是否打开验证,0打开,打开需要使用S3身份验证或者token访问服务 +auth: + open: 0 + #http访问使用的token + token: ENC(M8BbPaTywYw1/NyRY6TAVnqPzx7Nae92BVBcHoYi3pL9/o6kunHqpW3E50LO/XEL) + #s3验证 + s3: + accessKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) + secretKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) +hos: + #文件最大值 + maxFileSize: 5368709000 + #小文件阈值 + uploadThreshold: 10485760 + #长连接超时时间 + keepAliveTimeout: 60000 + #批量删除对象的最大数量 + deleteMultipleNumber: 1000 + #获取对象列表等操作的最大值 + maxResultLimit: 100000 + #分块上传的最大分块数 + maxPartNumber: 1000 + #追加上传的最大次数 + maxPosition: 100000 + #存放对象的用户自定义元数据的请求头 + metaHeader: x-hos-meta-message + #存放对象信息的请求头 + objectInfo: x-hos-object-info + #是否快速下载文件,1打开,hbase内存小于20G的集群设为0 + isQuickDownloadFile: 0 + #是否打开对象列表查询功能,1打开 + simple: 1 + #用户白名单(hbase的namespace),获取存储配额 + users: default + #元数据存储占比 + metaProportion: 0.03 + #是否打开限流,0:关闭,1:打开 + openRateLimiter: 1 + #限流每秒请求数 + rateLimiterQps: 10000 + #展示追加文件丢失块的最大数量 + lostPartsCount: 10 + #执行ttl的线程数 + thread: 10 + #是否打开手动ttl,1打开,默认为1 + manualTtl: 0 +#设置上传文件大小的最大值 +spring: + servlet: + multipart: + max-file-size: 1024MB + max-request-size: 1024MB +#Prometheus参数 + application: + name: HosServiceApplication +#Prometheus参数 +management: + endpoints: + web: + exposure: + include: '*' + metrics: + tags: + application: ${spring.application.name} +logging: + config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/MPE/nacos/TWA/nacos_config_export_20230724162147/.meta.yml b/MPE/nacos/TWA/nacos_config_export_20230724162147/.meta.yml new file mode 100644 index 0000000..b078bbc --- /dev/null +++ b/MPE/nacos/TWA/nacos_config_export_20230724162147/.meta.yml @@ -0,0 +1 @@ +Galaxy.galaxy-hos-service~yml.app=galaxy-hos-service diff --git a/MPE/nacos/TWA/nacos_config_export_20230724162147/Galaxy/galaxy-hos-service.yml b/MPE/nacos/TWA/nacos_config_export_20230724162147/Galaxy/galaxy-hos-service.yml new file mode 100644 index 0000000..0662af7 --- /dev/null +++ b/MPE/nacos/TWA/nacos_config_export_20230724162147/Galaxy/galaxy-hos-service.yml @@ -0,0 +1,120 @@ +#服务端口 +server: + port: 8186 + tomcat: + max-threads: 400 +#tomcat缓存大小,单位KB系统默认10M,配置10g +tomcat: + cacheMaxSize: 100000 +#hbase参数 +hbase: + zookeeper_quorum: 192.168.30.193:2181,192.168.30.194:2181,192.168.30.195:2181 + zookeeper_property_clientPort: 2181 + zookeeper_znode_parent: /hbase + client_retries_number: 1 + rpc_timeout: 100000 + connect_pool: 10 + client_write_buffer: 10485760 + client_keyvalue_maxsize: 1024000000 + #批量获取数量 + get_batch: 10000 + #part 最大数据量 + maxParts: 100000 + #每次获取的part数 + get_part_batch: 1000 + #每次追加是否更新主文件 + isUpdate: 1 + #hbase索引表前缀,前缀为以下的都为索引表 + time_index_table_prefix: index_time_ + filename_index_table_prefix: index_filename_ + partfile_index_table_prefix: index_partfile_ + system_bucket_meta: system:bucket_meta + #创建表预分区时的分区,为空则不分区 + region_start_key: 1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + filename_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + part_head: 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f + #获取文件大小的目录 + hbasePath: /hbase + #1是集群0是单机,主要针对存储配额获取方式 + standone: 1 + #hadoop集群namenode节点 + namenodes: 192.168.30.193,192.168.30.194 + #hadoop端口 + hadoop_port: 9000 + #建表时是否打开hbase wal,1打开,0关闭 + openWal: 0 + #ttl相关参数 + ttl_scan_batch: 5000 + ttl_scan_caching: 10000 + ttl_delete_batch: 10000 + hadoop_user: root + hadoop_defaultFS: hdfs://ns1 + hadoop_nameservices: ns1 + hadoop_namenodes_ns1: nn1,nn2 + hadoop_replication: 2 +#是否打开验证,0打开,打开需要使用S3身份验证或者token访问服务 +auth: + open: 0 + #http访问使用的token + token: ENC(M8BbPaTywYw1/NyRY6TAVnqPzx7Nae92BVBcHoYi3pL9/o6kunHqpW3E50LO/XEL) + #s3验证 + s3: + accessKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) + secretKey: ENC(FUQDvVP+zqCiwHQhXcRvbw==) +hos: + #文件最大值 + maxFileSize: 5368709000 + #小文件阈值 + uploadThreshold: 10485760 + #长连接超时时间 + keepAliveTimeout: 60000 + #批量删除对象的最大数量 + deleteMultipleNumber: 1000 + #获取对象列表等操作的最大值 + maxResultLimit: 100000 + #分块上传的最大分块数 + maxPartNumber: 1000 + #追加上传的最大次数 + maxPosition: 100000 + #存放对象的用户自定义元数据的请求头 + metaHeader: x-hos-meta-message + #存放对象信息的请求头 + objectInfo: x-hos-object-info + #是否快速下载文件,1打开,hbase内存小于20G的集群设为0 + isQuickDownloadFile: 0 + #是否打开对象列表查询功能,1打开 + simple: 1 + #用户白名单(hbase的namespace),获取存储配额 + users: default + #元数据存储占比 + metaProportion: 0.03 + #是否打开限流,0:关闭,1:打开 + openRateLimiter: 1 + #限流每秒请求数 + rateLimiterQps: 10000 + #展示追加文件丢失块的最大数量 + lostPartsCount: 10 + #执行ttl的线程数 + thread: 10 + #是否打开手动ttl,1打开,默认为1 + manualTtl: 0 +#设置上传文件大小的最大值 +spring: + servlet: + multipart: + max-file-size: 1024MB + max-request-size: 1024MB +#Prometheus参数 + application: + name: HosServiceApplication +#Prometheus参数 +management: + endpoints: + web: + exposure: + include: '*' + metrics: + tags: + application: ${spring.application.name} +logging: + config: ./config/log4j2-dev.xml
\ No newline at end of file diff --git a/MPE/nacos/bin/dae-nacos.sh b/MPE/nacos/bin/dae-nacos.sh new file mode 100644 index 0000000..400e0c5 --- /dev/null +++ b/MPE/nacos/bin/dae-nacos.sh @@ -0,0 +1,46 @@ +#!/bin/bash +source /etc/profile + +#安装路径 +BASE_DIR=/data/tsg/olap +VERSION=nacos-2.0.2 + +function setlog(){ +RES_SUM_FILE=$BASE_DIR/$VERSION/logs + +if [ ! -f "$RES_SUM_FILE/" ] +then + mkdir -p $RES_SUM_FILE +fi + +if [ ! -d "$RES_SUM_FILE/$1" ];then + echo "0" > $RES_SUM_FILE/nacosRes_sum +fi + +OLD_NUM=`cat $RES_SUM_FILE/nacosRes_sum` +RESTART_NUM=`expr $OLD_NUM + 1` +echo $RESTART_NUM > $RES_SUM_FILE/nacosRes_sum +if [ $OLD_NUM -eq "0" ];then + echo "`date "+%Y-%m-%d %H:%M:%S"` - Nacos服务初次启动" >> $BASE_DIR/$VERSION/logs/restart.log +else + echo "`date +%Y-%m-%d` `date +%H:%M:%S` - Nacos服务异常 - 重启次数 -> $RESTART_NUM." >> $BASE_DIR/$VERSION/logs/restart.log +fi +} + +while true ; do +HAS_NACOS=`jps | grep -w nacos | grep -v grep |wc -l` +if [ $HAS_NACOS -lt "1" ];then + nohup $BASE_DIR/$VERSION/bin/startup.sh > /dev/null 2>&1 & + set_log +else + STATUS=`curl -s http://192.168.20.223:8847/nacos/actuator/health | grep UP | wc -l` + if [ "${STATUS}" -ne "1" ];then + echo "`date "+%Y-%m-%d %H:%M:%S"` - nacos服务进程存在,状态异常,尝试重启" >> $BASE_DIR/$VERSION/logs/restart.log + echo "`date "+%Y-%m-%d %H:%M:%S"` - `ps -ef |grep nacos | grep -v grep`" >> $BASE_DIR/$VERSION/logs/restart.log + sh $BASE_DIR/$VERSION/bin/shutdown.sh + sleep 5 + fi +fi +sleep 60 +done + diff --git a/MPE/nacos/bin/set-nacos-env.sh b/MPE/nacos/bin/set-nacos-env.sh new file mode 100644 index 0000000..dc8fd52 --- /dev/null +++ b/MPE/nacos/bin/set-nacos-env.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +echo -e "\n#nacos\nexport NACOS_HOME=/data/tsg/olap/nacos-2.0.2\nexport PATH=\$NACOS_HOME/bin:\$PATH" >> /etc/profile.d/nacos.sh +chmod +x /etc/profile.d/nacos.sh +source /etc/profile + +keeppath='/etc/init.d/keepnacosalive' +if [ -x $keeppath ];then + chkconfig --add keepnacosalive + chkconfig keepnacosalive on + service keepnacosalive start && sleep 5 + nacos_dae=`ps -ef | grep dae-nacos.sh | grep -v grep | wc -l` + if [ $nacos_dae -eq "0" ];then + nohup /data/tsg/olap/nacos-2.0.2/bin/dae-nacos.sh > /dev/null 2>&1 & + fi +fi + diff --git a/MPE/nacos/bin/shutdown.cmd b/MPE/nacos/bin/shutdown.cmd new file mode 100644 index 0000000..e3ae899 --- /dev/null +++ b/MPE/nacos/bin/shutdown.cmd @@ -0,0 +1,24 @@ +@echo off +rem Copyright 1999-2018 Alibaba Group Holding Ltd. +rem Licensed under the Apache License, Version 2.0 (the "License"); +rem you may not use this file except in compliance with the License. +rem You may obtain a copy of the License at +rem +rem http://www.apache.org/licenses/LICENSE-2.0 +rem +rem Unless required by applicable law or agreed to in writing, software +rem distributed under the License is distributed on an "AS IS" BASIS, +rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +rem See the License for the specific language governing permissions and +rem limitations under the License. +if not exist "%JAVA_HOME%\bin\jps.exe" echo Please set the JAVA_HOME variable in your environment, We need java(x64)! jdk8 or later is better! & EXIT /B 1 + +setlocal + +set "PATH=%JAVA_HOME%\bin;%PATH%" + +echo killing nacos server + +for /f "tokens=1" %%i in ('jps -m ^| find "nacos.nacos"') do ( taskkill /F /PID %%i ) + +echo Done! diff --git a/MPE/nacos/bin/shutdown.sh b/MPE/nacos/bin/shutdown.sh new file mode 100644 index 0000000..e3e14fe --- /dev/null +++ b/MPE/nacos/bin/shutdown.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Copyright 1999-2018 Alibaba Group Holding Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +cd `dirname $0`/../target +target_dir=`pwd` + +pid=`ps ax | grep -i 'nacos.nacos' | grep ${target_dir} | grep java | grep -v grep | awk '{print $1}'` +if [ -z "$pid" ] ; then + echo "No nacosServer running." + exit -1; +fi + +echo "The nacosServer(${pid}) is running..." + +kill ${pid} + +echo "Send shutdown request to nacosServer(${pid}) OK" diff --git a/MPE/nacos/bin/startup.cmd b/MPE/nacos/bin/startup.cmd new file mode 100644 index 0000000..c991087 --- /dev/null +++ b/MPE/nacos/bin/startup.cmd @@ -0,0 +1,95 @@ +@echo off +rem Copyright 1999-2018 Alibaba Group Holding Ltd. +rem Licensed under the Apache License, Version 2.0 (the "License"); +rem you may not use this file except in compliance with the License. +rem You may obtain a copy of the License at +rem +rem http://www.apache.org/licenses/LICENSE-2.0 +rem +rem Unless required by applicable law or agreed to in writing, software +rem distributed under the License is distributed on an "AS IS" BASIS, +rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +rem See the License for the specific language governing permissions and +rem limitations under the License. +if not exist "%JAVA_HOME%\bin\java.exe" echo Please set the JAVA_HOME variable in your environment, We need java(x64)! jdk8 or later is better! & EXIT /B 1 +set "JAVA=%JAVA_HOME%\bin\java.exe" + +setlocal enabledelayedexpansion + +set BASE_DIR=%~dp0 +rem added double quotation marks to avoid the issue caused by the folder names containing spaces. +rem removed the last 5 chars(which means \bin\) to get the base DIR. +set BASE_DIR="%BASE_DIR:~0,-5%" + +set CUSTOM_SEARCH_LOCATIONS=file:%BASE_DIR%/conf/ + +set MODE="cluster" +set FUNCTION_MODE="all" +set SERVER=nacos-server +set MODE_INDEX=-1 +set FUNCTION_MODE_INDEX=-1 +set SERVER_INDEX=-1 +set EMBEDDED_STORAGE_INDEX=-1 +set EMBEDDED_STORAGE="" + + +set i=0 +for %%a in (%*) do ( + if "%%a" == "-m" ( set /a MODE_INDEX=!i!+1 ) + if "%%a" == "-f" ( set /a FUNCTION_MODE_INDEX=!i!+1 ) + if "%%a" == "-s" ( set /a SERVER_INDEX=!i!+1 ) + if "%%a" == "-p" ( set /a EMBEDDED_STORAGE_INDEX=!i!+1 ) + set /a i+=1 +) + +set i=0 +for %%a in (%*) do ( + if %MODE_INDEX% == !i! ( set MODE="%%a" ) + if %FUNCTION_MODE_INDEX% == !i! ( set FUNCTION_MODE="%%a" ) + if %SERVER_INDEX% == !i! (set SERVER="%%a") + if %EMBEDDED_STORAGE_INDEX% == !i! (set EMBEDDED_STORAGE="%%a") + set /a i+=1 +) + +rem if nacos startup mode is standalone +if %MODE% == "standalone" ( + echo "nacos is starting with standalone" + set "NACOS_OPTS=-Dnacos.standalone=true" + set "NACOS_JVM_OPTS=-Xms512m -Xmx512m -Xmn256m" +) + +rem if nacos startup mode is cluster +if %MODE% == "cluster" ( + echo "nacos is starting with cluster" + if %EMBEDDED_STORAGE% == "embedded" ( + set "NACOS_OPTS=-DembeddedStorage=true" + ) + + set "NACOS_JVM_OPTS=-server -Xms2g -Xmx2g -Xmn1g -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=320m -XX:-OmitStackTraceInFastThrow -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=%BASE_DIR%\logs\java_heapdump.hprof -XX:-UseLargePages" +) + +rem set nacos's functionMode +if %FUNCTION_MODE% == "config" ( + set "NACOS_OPTS=%NACOS_OPTS% -Dnacos.functionMode=config" +) + +if %FUNCTION_MODE% == "naming" ( + set "NACOS_OPTS=%NACOS_OPTS% -Dnacos.functionMode=naming" +) + +rem set nacos options +set "NACOS_OPTS=%NACOS_OPTS% -Dloader.path=%BASE_DIR%/plugins/health,%BASE_DIR%/plugins/cmdb" +set "NACOS_OPTS=%NACOS_OPTS% -Dnacos.home=%BASE_DIR%" +set "NACOS_OPTS=%NACOS_OPTS% -jar %BASE_DIR%\target\%SERVER%.jar" + +rem set nacos spring config location +set "NACOS_CONFIG_OPTS=--spring.config.additional-location=%CUSTOM_SEARCH_LOCATIONS%" + +rem set nacos log4j file location +set "NACOS_LOG4J_OPTS=--logging.config=%BASE_DIR%/conf/nacos-logback.xml" + + +set COMMAND="%JAVA%" %NACOS_JVM_OPTS% %NACOS_OPTS% %NACOS_CONFIG_OPTS% %NACOS_LOG4J_OPTS% nacos.nacos %* + +rem start nacos command +%COMMAND% diff --git a/MPE/nacos/bin/startup.sh b/MPE/nacos/bin/startup.sh new file mode 100644 index 0000000..bdc4af3 --- /dev/null +++ b/MPE/nacos/bin/startup.sh @@ -0,0 +1,142 @@ +#!/bin/bash + +# Copyright 1999-2018 Alibaba Group Holding Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cygwin=false +darwin=false +os400=false +case "`uname`" in +CYGWIN*) cygwin=true;; +Darwin*) darwin=true;; +OS400*) os400=true;; +esac +error_exit () +{ + echo "ERROR: $1 !!" + exit 1 +} +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=$HOME/jdk/java +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/usr/java +[ ! -e "$JAVA_HOME/bin/java" ] && JAVA_HOME=/opt/taobao/java +[ ! -e "$JAVA_HOME/bin/java" ] && unset JAVA_HOME + +if [ -z "$JAVA_HOME" ]; then + if $darwin; then + + if [ -x '/usr/libexec/java_home' ] ; then + export JAVA_HOME=`/usr/libexec/java_home` + + elif [ -d "/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home" ]; then + export JAVA_HOME="/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home" + fi + else + JAVA_PATH=`dirname $(readlink -f $(which javac))` + if [ "x$JAVA_PATH" != "x" ]; then + export JAVA_HOME=`dirname $JAVA_PATH 2>/dev/null` + fi + fi + if [ -z "$JAVA_HOME" ]; then + error_exit "Please set the JAVA_HOME variable in your environment, We need java(x64)! jdk8 or later is better!" + fi +fi + +export SERVER="nacos-server" +export MODE="cluster" +export FUNCTION_MODE="all" +export MEMBER_LIST="" +export EMBEDDED_STORAGE="" +while getopts ":m:f:s:c:p:" opt +do + case $opt in + m) + MODE=$OPTARG;; + f) + FUNCTION_MODE=$OPTARG;; + s) + SERVER=$OPTARG;; + c) + MEMBER_LIST=$OPTARG;; + p) + EMBEDDED_STORAGE=$OPTARG;; + ?) + echo "Unknown parameter" + exit 1;; + esac +done + +export JAVA_HOME +export JAVA="$JAVA_HOME/bin/java" +export BASE_DIR=`cd $(dirname $0)/..; pwd` +export CUSTOM_SEARCH_LOCATIONS=file:${BASE_DIR}/conf/ + +#=========================================================================================== +# JVM Configuration +#=========================================================================================== +if [[ "${MODE}" == "standalone" ]]; then + JAVA_OPT="${JAVA_OPT} -Xms512m -Xmx512m -Xmn256m" + JAVA_OPT="${JAVA_OPT} -Dnacos.standalone=true" +else + if [[ "${EMBEDDED_STORAGE}" == "embedded" ]]; then + JAVA_OPT="${JAVA_OPT} -DembeddedStorage=true" + fi + JAVA_OPT="${JAVA_OPT} -server -Xmx4096m -Xms1024m -Xmn256m -XX:MetaspaceSize=128m -XX:MaxMetaspaceSize=320m" + JAVA_OPT="${JAVA_OPT} -XX:-OmitStackTraceInFastThrow -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=${BASE_DIR}/logs/java_heapdump.hprof" + JAVA_OPT="${JAVA_OPT} -XX:-UseLargePages" + JAVA_OPT="${JAVA_OPT} -Dnacos.server.ip=192.168.20.223" +fi + +if [[ "${FUNCTION_MODE}" == "config" ]]; then + JAVA_OPT="${JAVA_OPT} -Dnacos.functionMode=config" +elif [[ "${FUNCTION_MODE}" == "naming" ]]; then + JAVA_OPT="${JAVA_OPT} -Dnacos.functionMode=naming" +fi + +JAVA_OPT="${JAVA_OPT} -Dnacos.member.list=${MEMBER_LIST}" + +JAVA_MAJOR_VERSION=$($JAVA -version 2>&1 | sed -E -n 's/.* version "([0-9]*).*$/\1/p') +if [[ "$JAVA_MAJOR_VERSION" -ge "9" ]] ; then + JAVA_OPT="${JAVA_OPT} -Xlog:gc*:file=${BASE_DIR}/logs/nacos_gc.log:time,tags:filecount=10,filesize=102400" +else + JAVA_OPT="${JAVA_OPT} -Djava.ext.dirs=${JAVA_HOME}/jre/lib/ext:${JAVA_HOME}/lib/ext" + JAVA_OPT="${JAVA_OPT} -Xloggc:${BASE_DIR}/logs/nacos_gc.log -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=100M" +fi + +JAVA_OPT="${JAVA_OPT} -Dloader.path=${BASE_DIR}/plugins/health,${BASE_DIR}/plugins/cmdb" +JAVA_OPT="${JAVA_OPT} -Dnacos.home=${BASE_DIR}" +JAVA_OPT="${JAVA_OPT} -jar ${BASE_DIR}/target/${SERVER}.jar" +JAVA_OPT="${JAVA_OPT} ${JAVA_OPT_EXT}" +JAVA_OPT="${JAVA_OPT} --spring.config.additional-location=${CUSTOM_SEARCH_LOCATIONS}" +JAVA_OPT="${JAVA_OPT} --logging.config=${BASE_DIR}/conf/nacos-logback.xml" +JAVA_OPT="${JAVA_OPT} --server.max-http-header-size=524288" + +if [ ! -d "${BASE_DIR}/logs" ]; then + mkdir ${BASE_DIR}/logs +fi + +echo "$JAVA ${JAVA_OPT}" + +if [[ "${MODE}" == "standalone" ]]; then + echo "nacos is starting with standalone" +else + echo "nacos is starting with cluster" +fi + +# check the start.out log output file +if [ ! -f "${BASE_DIR}/logs/start.out" ]; then + touch "${BASE_DIR}/logs/start.out" +fi +# start +echo "$JAVA ${JAVA_OPT}" > ${BASE_DIR}/logs/start.out 2>&1 & +nohup $JAVA ${JAVA_OPT} nacos.nacos >> ${BASE_DIR}/logs/start.out 2>&1 & +echo "nacos is starting,you can check the ${BASE_DIR}/logs/start.out" diff --git a/MPE/nacos/conf/1.4.0-ipv6_support-update.sql b/MPE/nacos/conf/1.4.0-ipv6_support-update.sql new file mode 100644 index 0000000..f480147 --- /dev/null +++ b/MPE/nacos/conf/1.4.0-ipv6_support-update.sql @@ -0,0 +1,27 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +ALTER TABLE `config_info_tag` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`; + +ALTER TABLE `his_config_info` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL AFTER `src_user`; + +ALTER TABLE `config_info` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`; + +ALTER TABLE `config_info_beta` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`;
\ No newline at end of file diff --git a/MPE/nacos/conf/application.properties b/MPE/nacos/conf/application.properties new file mode 100644 index 0000000..ecb049d --- /dev/null +++ b/MPE/nacos/conf/application.properties @@ -0,0 +1,228 @@ +# +# Copyright 1999-2018 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#*************** Spring Boot Related Configurations ***************# +### Default web context path: +server.servlet.contextPath=/nacos +### Default web server port: +server.port=8847 + +#*************** Network Related Configurations ***************# +### If prefer hostname over ip for Nacos server addresses in cluster.conf: +# nacos.inetutils.prefer-hostname-over-ip=false + +### Specify local server's IP: +# nacos.inetutils.ip-address= + + +#*************** Config Module Related Configurations ***************# +### If use MySQL as datasource: +spring.datasource.platform=mysql + +### Count of DB: +db.num=1 + +### Connect URL of DB: +db.url.0=jdbc:mysql://192.168.20.253:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC&failOverReadOnly=false +db.user.0=root +db.password.0=galaxy2019 + +### Connection pool configuration: hikariCP +db.pool.config.connectionTimeout=30000 +db.pool.config.validationTimeout=10000 +db.pool.config.maximumPoolSize=20 +db.pool.config.minimumIdle=2 + +#*************** Naming Module Related Configurations ***************# +### Data dispatch task execution period in milliseconds: Will removed on v2.1.X, replace with nacos.core.protocol.distro.data.sync.delayMs +# nacos.naming.distro.taskDispatchPeriod=200 + +### Data count of batch sync task: Will removed on v2.1.X. Deprecated +# nacos.naming.distro.batchSyncKeyCount=1000 + +### Retry delay in milliseconds if sync task failed: Will removed on v2.1.X, replace with nacos.core.protocol.distro.data.sync.retryDelayMs +# nacos.naming.distro.syncRetryDelay=5000 + +### If enable data warmup. If set to false, the server would accept request without local data preparation: +# nacos.naming.data.warmup=true + +### If enable the instance auto expiration, kind like of health check of instance: +# nacos.naming.expireInstance=true + +### will be removed and replaced by `nacos.naming.clean` properties +nacos.naming.empty-service.auto-clean=true +nacos.naming.empty-service.clean.initial-delay-ms=50000 +nacos.naming.empty-service.clean.period-time-ms=30000 + +### Add in 2.0.0 +### The interval to clean empty service, unit: milliseconds. +# nacos.naming.clean.empty-service.interval=60000 + +### The expired time to clean empty service, unit: milliseconds. +# nacos.naming.clean.empty-service.expired-time=60000 + +### The interval to clean expired metadata, unit: milliseconds. +# nacos.naming.clean.expired-metadata.interval=5000 + +### The expired time to clean metadata, unit: milliseconds. +# nacos.naming.clean.expired-metadata.expired-time=60000 + +### The delay time before push task to execute from service changed, unit: milliseconds. +# nacos.naming.push.pushTaskDelay=500 + +### The timeout for push task execute, unit: milliseconds. +# nacos.naming.push.pushTaskTimeout=5000 + +### The delay time for retrying failed push task, unit: milliseconds. +# nacos.naming.push.pushTaskRetryDelay=1000 + +#*************** CMDB Module Related Configurations ***************# +### The interval to dump external CMDB in seconds: +# nacos.cmdb.dumpTaskInterval=3600 + +### The interval of polling data change event in seconds: +# nacos.cmdb.eventTaskInterval=10 + +### The interval of loading labels in seconds: +# nacos.cmdb.labelTaskInterval=300 + +### If turn on data loading task: +# nacos.cmdb.loadDataAtStart=false + + +#*************** Metrics Related Configurations ***************# +### Metrics for prometheus +management.endpoints.web.exposure.include=* + +### Metrics for elastic search +management.metrics.export.elastic.enabled=false +#management.metrics.export.elastic.host=http://localhost:9200 + +### Metrics for influx +management.metrics.export.influx.enabled=false +#management.metrics.export.influx.db=springboot +#management.metrics.export.influx.uri=http://localhost:8086 +#management.metrics.export.influx.auto-create-db=true +#management.metrics.export.influx.consistency=one +#management.metrics.export.influx.compressed=true + +#*************** Access Log Related Configurations ***************# +### If turn on the access log: +server.tomcat.accesslog.enabled=false + +### The access log pattern: +server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i + +### The directory of access log: +server.tomcat.basedir= + +#*************** Access Control Related Configurations ***************# +### If enable spring security, this option is deprecated in 1.2.0: +#spring.security.enabled=false + +### The ignore urls of auth, is deprecated in 1.2.0: +nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/** + +### The auth system to use, currently only 'nacos' and 'ldap' is supported: +nacos.core.auth.system.type=nacos + +### If turn on auth system: +nacos.core.auth.enabled=true + +### worked when nacos.core.auth.system.type=ldap,{0} is Placeholder,replace login username +# nacos.core.auth.ldap.url=ldap://localhost:389 +# nacos.core.auth.ldap.userdn=cn={0},ou=user,dc=company,dc=com + +### The token expiration in seconds: +nacos.core.auth.default.token.expire.seconds=18000 + +### The default token: +nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789012345678901234567890123456789 + +### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay. +nacos.core.auth.caching.enabled=false + +### Since 1.4.1, Turn on/off white auth for user-agent: nacos-server, only for upgrade from old version. +nacos.core.auth.enable.userAgentAuthWhite=true + +### Since 1.4.1, worked when nacos.core.auth.enabled=true and nacos.core.auth.enable.userAgentAuthWhite=false. +### The two properties is the white list for auth and used by identity the request from other server. +nacos.core.auth.server.identity.key=serverIdentity +nacos.core.auth.server.identity.value=security + +#*************** Istio Related Configurations ***************# +### If turn on the MCP server: +nacos.istio.mcp.server.enabled=false + +#*************** Core Related Configurations ***************# + +### set the WorkerID manually +# nacos.core.snowflake.worker-id= + +### Member-MetaData +# nacos.core.member.meta.site= +# nacos.core.member.meta.adweight= +# nacos.core.member.meta.weight= + +### MemberLookup +### Addressing pattern category, If set, the priority is highest +# nacos.core.member.lookup.type=[file,address-server] +## Set the cluster list with a configuration file or command-line argument +# nacos.member.list=192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 +## for AddressServerMemberLookup +# Maximum number of retries to query the address server upon initialization +# nacos.core.address-server.retry=5 +## Server domain name address of [address-server] mode +# address.server.domain=jmenv.tbsite.net +## Server port of [address-server] mode +# address.server.port=8080 +## Request address of [address-server] mode +# address.server.url=/nacos/serverlist + +#*************** JRaft Related Configurations ***************# + +### Sets the Raft cluster election timeout, default value is 5 second +# nacos.core.protocol.raft.data.election_timeout_ms=5000 +### Sets the amount of time the Raft snapshot will execute periodically, default is 30 minute +# nacos.core.protocol.raft.data.snapshot_interval_secs=30 +### raft internal worker threads +# nacos.core.protocol.raft.data.core_thread_num=8 +### Number of threads required for raft business request processing +# nacos.core.protocol.raft.data.cli_service_thread_num=4 +### raft linear read strategy. Safe linear reads are used by default, that is, the Leader tenure is confirmed by heartbeat +# nacos.core.protocol.raft.data.read_index_type=ReadOnlySafe +### rpc request timeout, default 5 seconds +# nacos.core.protocol.raft.data.rpc_request_timeout_ms=5000 + +#*************** Distro Related Configurations ***************# + +### Distro data sync delay time, when sync task delayed, task will be merged for same data key. Default 1 second. +# nacos.core.protocol.distro.data.sync.delayMs=1000 + +### Distro data sync timeout for one sync data, default 3 seconds. +# nacos.core.protocol.distro.data.sync.timeoutMs=3000 + +### Distro data sync retry delay time when sync data failed or timeout, same behavior with delayMs, default 3 seconds. +# nacos.core.protocol.distro.data.sync.retryDelayMs=3000 + +### Distro data verify interval time, verify synced data whether expired for a interval. Default 5 seconds. +# nacos.core.protocol.distro.data.verify.intervalMs=5000 + +### Distro data verify timeout for one verify, default 3 seconds. +# nacos.core.protocol.distro.data.verify.timeoutMs=3000 + +### Distro data load retry delay when load snapshot data failed, default 30 seconds. +# nacos.core.protocol.distro.data.load.retryDelayMs=30000 diff --git a/MPE/nacos/conf/application.properties.example b/MPE/nacos/conf/application.properties.example new file mode 100644 index 0000000..8e17182 --- /dev/null +++ b/MPE/nacos/conf/application.properties.example @@ -0,0 +1,177 @@ +# +# Copyright 1999-2018 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#*************** Spring Boot Related Configurations ***************# +### Default web context path: +server.servlet.contextPath=/nacos +### Default web server port: +server.port=8848 + +#*************** Network Related Configurations ***************# +### If prefer hostname over ip for Nacos server addresses in cluster.conf: +# nacos.inetutils.prefer-hostname-over-ip=false + +### Specify local server's IP: +# nacos.inetutils.ip-address= + + +#*************** Config Module Related Configurations ***************# +### If use MySQL as datasource: +# spring.datasource.platform=mysql + +### Count of DB: +# db.num=1 + +### Connect URL of DB: +# db.url.0=jdbc:mysql://127.0.0.1:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnicode=true&useSSL=false&serverTimezone=UTC +# db.user.0=nacos +# db.password.0=nacos + + +#*************** Naming Module Related Configurations ***************# +### Data dispatch task execution period in milliseconds: +# nacos.naming.distro.taskDispatchPeriod=200 + +### Data count of batch sync task: +# nacos.naming.distro.batchSyncKeyCount=1000 + +### Retry delay in milliseconds if sync task failed: +# nacos.naming.distro.syncRetryDelay=5000 + +### If enable data warmup. If set to false, the server would accept request without local data preparation: +# nacos.naming.data.warmup=true + +### If enable the instance auto expiration, kind like of health check of instance: +# nacos.naming.expireInstance=true + +nacos.naming.empty-service.auto-clean=true +nacos.naming.empty-service.clean.initial-delay-ms=50000 +nacos.naming.empty-service.clean.period-time-ms=30000 + + +#*************** CMDB Module Related Configurations ***************# +### The interval to dump external CMDB in seconds: +# nacos.cmdb.dumpTaskInterval=3600 + +### The interval of polling data change event in seconds: +# nacos.cmdb.eventTaskInterval=10 + +### The interval of loading labels in seconds: +# nacos.cmdb.labelTaskInterval=300 + +### If turn on data loading task: +# nacos.cmdb.loadDataAtStart=false + + +#*************** Metrics Related Configurations ***************# +### Metrics for prometheus +#management.endpoints.web.exposure.include=* + +### Metrics for elastic search +management.metrics.export.elastic.enabled=false +#management.metrics.export.elastic.host=http://localhost:9200 + +### Metrics for influx +management.metrics.export.influx.enabled=false +#management.metrics.export.influx.db=springboot +#management.metrics.export.influx.uri=http://localhost:8086 +#management.metrics.export.influx.auto-create-db=true +#management.metrics.export.influx.consistency=one +#management.metrics.export.influx.compressed=true + + +#*************** Access Log Related Configurations ***************# +### If turn on the access log: +server.tomcat.accesslog.enabled=true + +### The access log pattern: +server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %{User-Agent}i %{Request-Source}i + +### The directory of access log: +server.tomcat.basedir= + + +#*************** Access Control Related Configurations ***************# +### If enable spring security, this option is deprecated in 1.2.0: +#spring.security.enabled=false + +### The ignore urls of auth, is deprecated in 1.2.0: +nacos.security.ignore.urls=/,/error,/**/*.css,/**/*.js,/**/*.html,/**/*.map,/**/*.svg,/**/*.png,/**/*.ico,/console-ui/public/**,/v1/auth/**,/v1/console/health/**,/actuator/**,/v1/console/server/** + +### The auth system to use, currently only 'nacos' is supported: +nacos.core.auth.system.type=nacos + +### If turn on auth system: +nacos.core.auth.enabled=false + +### The token expiration in seconds: +nacos.core.auth.default.token.expire.seconds=18000 + +### The default token: +nacos.core.auth.default.token.secret.key=SecretKey012345678901234567890123456789012345678901234567890123456789 + +### Turn on/off caching of auth information. By turning on this switch, the update of auth information would have a 15 seconds delay. +nacos.core.auth.caching.enabled=true + + +#*************** Istio Related Configurations ***************# +### If turn on the MCP server: +nacos.istio.mcp.server.enabled=false + + + +###*************** Add from 1.3.0 ***************### + + +#*************** Core Related Configurations ***************# + +### set the WorkerID manually +# nacos.core.snowflake.worker-id= + +### Member-MetaData +# nacos.core.member.meta.site= +# nacos.core.member.meta.adweight= +# nacos.core.member.meta.weight= + +### MemberLookup +### Addressing pattern category, If set, the priority is highest +# nacos.core.member.lookup.type=[file,address-server] +## Set the cluster list with a configuration file or command-line argument +# nacos.member.list=192.168.16.101:8847?raft_port=8807,192.168.16.101?raft_port=8808,192.168.16.101:8849?raft_port=8809 +## for AddressServerMemberLookup +# Maximum number of retries to query the address server upon initialization +# nacos.core.address-server.retry=5 +## Server domain name address of [address-server] mode +# address.server.domain=jmenv.tbsite.net +## Server port of [address-server] mode +# address.server.port=8080 +## Request address of [address-server] mode +# address.server.url=/nacos/serverlist + +#*************** JRaft Related Configurations ***************# + +### Sets the Raft cluster election timeout, default value is 5 second +# nacos.core.protocol.raft.data.election_timeout_ms=5000 +### Sets the amount of time the Raft snapshot will execute periodically, default is 30 minute +# nacos.core.protocol.raft.data.snapshot_interval_secs=30 +### raft internal worker threads +# nacos.core.protocol.raft.data.core_thread_num=8 +### Number of threads required for raft business request processing +# nacos.core.protocol.raft.data.cli_service_thread_num=4 +### raft linear read strategy. Safe linear reads are used by default, that is, the Leader tenure is confirmed by heartbeat +# nacos.core.protocol.raft.data.read_index_type=ReadOnlySafe +### rpc request timeout, default 5 seconds +# nacos.core.protocol.raft.data.rpc_request_timeout_ms=5000 diff --git a/MPE/nacos/conf/cluster.conf b/MPE/nacos/conf/cluster.conf new file mode 100644 index 0000000..f939a94 --- /dev/null +++ b/MPE/nacos/conf/cluster.conf @@ -0,0 +1,4 @@ +#2023-07-06T20:01:31.957 +192.168.20.221:8847 +192.168.20.222:8847 +192.168.20.223:8847 diff --git a/MPE/nacos/conf/cluster.conf.example b/MPE/nacos/conf/cluster.conf.example new file mode 100644 index 0000000..0e3a721 --- /dev/null +++ b/MPE/nacos/conf/cluster.conf.example @@ -0,0 +1,21 @@ +# +# Copyright 1999-2018 Alibaba Group Holding Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#it is ip +#example +192.168.16.101:8847 +192.168.16.102 +192.168.16.103 diff --git a/MPE/nacos/conf/nacos-logback.xml b/MPE/nacos/conf/nacos-logback.xml new file mode 100644 index 0000000..2b76b8d --- /dev/null +++ b/MPE/nacos/conf/nacos-logback.xml @@ -0,0 +1,642 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright 1999-2018 Alibaba Group Holding Ltd. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<configuration scan="true" scanPeriod="10 seconds"> + + <springProperty scope="context" name="logPath" source="nacos.logs.path" defaultValue="${nacos.home}/logs"/> + <property name="LOG_HOME" value="${logPath}"/> + + <appender name="cmdb-main" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${nacos.home}/logs/cmdb-main.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${nacos.home}/logs/cmdb-main.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="naming-server" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-server.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-server" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-server"/> + </appender> + + <appender name="naming-raft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-raft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-raft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-raft" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-raft"/> + </appender> + + + <appender name="naming-distro" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-distro.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-distro.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-distro" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-distro"/> + </appender> + + <appender name="naming-event" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-event.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-event.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-event" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-event"/> + </appender> + + <appender name="naming-push" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-push.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-push.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="naming-rt" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-rt.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-rt.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="naming-performance" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-performance.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-performance.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <!--config module logback config--> + <appender name="dumpFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-dump.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-dump.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="pullFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-pull.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-pull.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="fatalFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-fatal.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-fatal.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="memoryFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-memory.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-memory.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="pullCheckFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-pull-check.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-pull-check.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="clientLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-client-request.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-client-request.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date|%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="traceLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-trace.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-trace.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date|%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="notifyLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-notify.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-notify.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="startLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-server.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>512MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="rootFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>512MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="nacos-address" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos-address.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos-address.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="istio-main" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/istio-main.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/istio-main.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="core-auth" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/core-auth.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/core-auth.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="protocol-raft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/protocol-raft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/protocol-raft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="protocol-distro" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/protocol-distro.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/protocol-distro.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="nacos-cluster" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos-cluster.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos-cluster.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="alipay-jraft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/alipay-jraft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/alipay-jraft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <logger name="com.alibaba.nacos.address.main" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="nacos-address"/> + </logger> + + <logger name="com.alibaba.nacos.cmdb.main" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="cmdb-main"/> + </logger> + + <logger name="com.alibaba.nacos.naming.main" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="async-naming-server"/> + </logger> + <logger name="com.alibaba.nacos.naming.raft" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="async-naming-raft"/> + </logger> + <logger name="com.alibaba.nacos.naming.distro" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="async-naming-distro"/> + </logger> + <logger name="com.alibaba.nacos.naming.event" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="async-naming-event"/> + </logger> + <logger name="com.alibaba.nacos.naming.push" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="naming-push"/> + </logger> + <logger name="com.alibaba.nacos.naming.rt" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="naming-rt"/> + </logger> + <logger name="com.alibaba.nacos.naming.performance" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="naming-performance"/> + </logger> + + <logger name="com.alibaba.nacos.config.dumpLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="dumpFile"/> + </logger> + <logger name="com.alibaba.nacos.config.pullLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="pullFile"/> + </logger> + <logger name="com.alibaba.nacos.config.pullCheckLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="pullCheckFile"/> + </logger> + <logger name="com.alibaba.nacos.config.fatal" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="fatalFile"/> + </logger> + <logger name="com.alibaba.nacos.config.monitorLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="memoryFile"/> + </logger> + + <logger name="com.alibaba.nacos.config.clientLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="clientLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.notifyLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="notifyLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.traceLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="traceLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.startLog" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="startLog"/> + </logger> + + <logger name="com.alibaba.nacos.istio.main" additivity="false"> + <level value="WARN"/> + <appender-ref ref="istio-main"/> + </logger> + + <logger name="com.alibaba.nacos.core.auth" additivity="false"> + <level value="WARN"/> + <appender-ref ref="core-auth"/> + </logger> + + <logger name="com.alibaba.nacos.core.protocol.raft" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="protocol-raft"/> + </logger> + + <logger name="com.alipay.sofa.jraft" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="alipay-jraft"/> + </logger> + + <logger name="com.alibaba.nacos.core.protocol.distro" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="protocol-distro"/> + </logger> + + <logger name="com.alibaba.nacos.core.cluster" additivity="false"> + <level value="ERROR"/> + <appender-ref ref="nacos-cluster"/> + </logger> + + <springProfile name="standalone"> + <logger name="org.springframework"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="org.apache.catalina.startup.DigesterFactory"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="org.apache.catalina.util.LifecycleBase"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="org.apache.coyote.http11.Http11NioProtocol"> + <appender-ref ref="CONSOLE"/> + <level value="WARN"/> + </logger> + + <logger name="org.apache.tomcat.util.net.NioSelectorPool"> + <appender-ref ref="CONSOLE"/> + <level value="WARN"/> + </logger> + </springProfile> + + <logger name="com.alibaba.nacos.core.listener.StartingApplicationListener"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="com.alibaba.nacos.common.notify.NotifyCenter"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="com.alibaba.nacos.sys.file.WatchFileCenter"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="com.alibaba.nacos.common.executor.ThreadPoolManager"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <root> + <level value="ERROR"/> + <appender-ref ref="rootFile"/> + </root> +</configuration> + diff --git a/MPE/nacos/conf/nacos-logback.xml_bak b/MPE/nacos/conf/nacos-logback.xml_bak new file mode 100644 index 0000000..15f7623 --- /dev/null +++ b/MPE/nacos/conf/nacos-logback.xml_bak @@ -0,0 +1,778 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright 1999-2018 Alibaba Group Holding Ltd. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<configuration scan="true" scanPeriod="10 seconds"> + + <springProperty scope="context" name="logPath" source="nacos.logs.path" defaultValue="${nacos.home}/logs"/> + <property name="LOG_HOME" value="${logPath}"/> + + <appender name="cmdb-main" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${nacos.home}/logs/cmdb-main.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${nacos.home}/logs/cmdb-main.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="naming-server" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-server.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-server" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-server"/> + </appender> + + <appender name="naming-raft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-raft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-raft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-raft" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-raft"/> + </appender> + + + <appender name="naming-distro" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-distro.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-distro.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-distro" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-distro"/> + </appender> + + <appender name="naming-event" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-event.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-event.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="async-naming-event" class="ch.qos.logback.classic.AsyncAppender"> + <discardingThreshold>0</discardingThreshold> + <queueSize>1024</queueSize> + <neverBlock>true</neverBlock> + <appender-ref ref="naming-event"/> + </appender> + + <appender name="naming-push" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-push.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-push.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="naming-rt" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-rt.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-rt.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="naming-performance" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/naming-performance.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/naming-performance.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <!--config module logback config--> + <appender name="dumpFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-dump.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-dump.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="pullFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-pull.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-pull.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="fatalFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-fatal.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-fatal.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="memoryFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-memory.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-memory.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>20MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>128MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + <appender name="pullCheckFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-pull-check.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-pull-check.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="clientLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-client-request.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-client-request.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date|%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="traceLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-trace.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-trace.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date|%msg%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="notifyLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-notify.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-notify.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>3GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="startLog" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/config-server.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/config-server.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>512MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="rootFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>512MB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="nacos-address" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos-address.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos-address.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="istio-main" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/istio-main.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/istio-main.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="core-auth" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/core-auth.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/core-auth.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="protocol-raft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/protocol-raft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/protocol-raft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="protocol-distro" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/protocol-distro.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/protocol-distro.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="nacos-cluster" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/nacos-cluster.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/nacos-cluster.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="alipay-jraft" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/alipay-jraft.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/alipay-jraft.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + + <!--TPS control --> + <appender name="tps-control" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/tps-control.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/tps-control.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="tps-control-digest" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/tps-control-digest.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/tps-control-digest.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="tps-control-detail" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/tps-control-detail.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/tps-control-detail.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + + <appender name="remote" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/remote.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/remote.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="remote-digest" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/remote-digest.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/remote-digest.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + <appender name="remote-push" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOG_HOME}/remote-push.log</file> + <append>true</append> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${LOG_HOME}/remote-push.log.%d{yyyy-MM-dd}.%i</fileNamePattern> + <maxFileSize>2GB</maxFileSize> + <maxHistory>7</maxHistory> + <totalSizeCap>7GB</totalSizeCap> + <cleanHistoryOnStart>true</cleanHistoryOnStart> + </rollingPolicy> + <encoder> + <Pattern>%date %level %msg%n%n</Pattern> + <charset>UTF-8</charset> + </encoder> + </appender> + + + <logger name="com.alibaba.nacos.address.main" additivity="false"> + <level value="INFO"/> + <appender-ref ref="nacos-address"/> + </logger> + + <logger name="com.alibaba.nacos.cmdb.main" additivity="false"> + <level value="INFO"/> + <appender-ref ref="cmdb-main"/> + </logger> + + <logger name="com.alibaba.nacos.core.remote" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="remote"/> + </logger> + <logger name="com.alibaba.nacos.core.remote.push" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="remote-push"/> + </logger> + + <logger name="com.alibaba.nacos.core.remote.digest" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="remote-digest"/> + </logger> + + <!-- TPS Control--> + <logger name="com.alibaba.nacos.core.remote.control.digest" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="tps-control-digest"/> + </logger> + + <logger name="com.alibaba.nacos.core.remote.control.detail" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="tps-control-detail"/> + </logger> + + <logger name="com.alibaba.nacos.core.remote.control" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="tps-control"/> + </logger> + + <logger name="com.alibaba.nacos.naming.main" additivity="false"> + <level value="INFO"/> + <appender-ref ref="async-naming-server"/> + </logger> + <logger name="com.alibaba.nacos.naming.raft" additivity="false"> + <level value="INFO"/> + <appender-ref ref="async-naming-raft"/> + </logger> + <logger name="com.alibaba.nacos.naming.distro" additivity="false"> + <level value="INFO"/> + <appender-ref ref="async-naming-distro"/> + </logger> + <logger name="com.alibaba.nacos.naming.event" additivity="false"> + <level value="INFO"/> + <appender-ref ref="async-naming-event"/> + </logger> + <logger name="com.alibaba.nacos.naming.push" additivity="false"> + <level value="INFO"/> + <appender-ref ref="naming-push"/> + </logger> + <logger name="com.alibaba.nacos.naming.rt" additivity="false"> + <level value="INFO"/> + <appender-ref ref="naming-rt"/> + </logger> + <logger name="com.alibaba.nacos.naming.performance" additivity="false"> + <level value="INFO"/> + <appender-ref ref="naming-performance"/> + </logger> + + <logger name="com.alibaba.nacos.config.dumpLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="dumpFile"/> + </logger> + <logger name="com.alibaba.nacos.config.pullLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="pullFile"/> + </logger> + <logger name="com.alibaba.nacos.config.pullCheckLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="pullCheckFile"/> + </logger> + <logger name="com.alibaba.nacos.config.fatal" additivity="false"> + <level value="INFO"/> + <appender-ref ref="fatalFile"/> + </logger> + <logger name="com.alibaba.nacos.config.monitorLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="memoryFile"/> + </logger> + + <logger name="com.alibaba.nacos.config.clientLog" additivity="false"> + <level value="info"/> + <appender-ref ref="clientLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.notifyLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="notifyLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.traceLog" additivity="false"> + <level value="info"/> + <appender-ref ref="traceLog"/> + </logger> + + <logger name="com.alibaba.nacos.config.startLog" additivity="false"> + <level value="INFO"/> + <appender-ref ref="startLog"/> + </logger> + + <logger name="com.alibaba.nacos.istio.main" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="istio-main"/> + </logger> + + <logger name="com.alibaba.nacos.core.auth" additivity="false"> + <level value="DEBUG"/> + <appender-ref ref="core-auth"/> + </logger> + + <logger name="com.alibaba.nacos.core.protocol.raft" additivity="false"> + <level value="INFO"/> + <appender-ref ref="protocol-raft"/> + </logger> + + <logger name="com.alipay.sofa.jraft" additivity="false"> + <level value="INFO"/> + <appender-ref ref="alipay-jraft"/> + </logger> + + <logger name="com.alibaba.nacos.core.protocol.distro" additivity="false"> + <level value="INFO"/> + <appender-ref ref="protocol-distro"/> + </logger> + + <logger name="com.alibaba.nacos.core.cluster" additivity="false"> + <level value="INFO"/> + <appender-ref ref="nacos-cluster"/> + </logger> + + <springProfile name="standalone"> + <logger name="org.springframework"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <logger name="org.apache.catalina.startup.DigesterFactory"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <logger name="org.apache.catalina.util.LifecycleBase"> + <appender-ref ref="CONSOLE"/> + <level value="ERROR"/> + </logger> + + <logger name="org.apache.coyote.http11.Http11NioProtocol"> + <appender-ref ref="CONSOLE"/> + <level value="WARN"/> + </logger> + + <logger name="org.apache.tomcat.util.net.NioSelectorPool"> + <appender-ref ref="CONSOLE"/> + <level value="WARN"/> + </logger> + </springProfile> + + <logger name="com.alibaba.nacos.core.listener.StartingApplicationListener"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <logger name="com.alibaba.nacos.common.notify.NotifyCenter"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <logger name="com.alibaba.nacos.sys.file.WatchFileCenter"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <logger name="com.alibaba.nacos.common.executor.ThreadPoolManager"> + <appender-ref ref="CONSOLE"/> + <level value="INFO"/> + </logger> + + <root> + <level value="INFO"/> + <appender-ref ref="rootFile"/> + </root> +</configuration> + diff --git a/MPE/nacos/conf/nacos-mysql.sql b/MPE/nacos/conf/nacos-mysql.sql new file mode 100644 index 0000000..273ecc5 --- /dev/null +++ b/MPE/nacos/conf/nacos-mysql.sql @@ -0,0 +1,226 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = config_info */ +/******************************************/ +CREATE TABLE `config_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` varchar(255) NOT NULL COMMENT 'data_id', + `group_id` varchar(255) DEFAULT NULL, + `content` longtext NOT NULL COMMENT 'content', + `md5` varchar(32) DEFAULT NULL COMMENT 'md5', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + `src_user` text COMMENT 'source user', + `src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip', + `app_name` varchar(128) DEFAULT NULL, + `tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段', + `c_desc` varchar(256) DEFAULT NULL, + `c_use` varchar(64) DEFAULT NULL, + `effect` varchar(64) DEFAULT NULL, + `type` varchar(64) DEFAULT NULL, + `c_schema` text, + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfo_datagrouptenant` (`data_id`,`group_id`,`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info'; + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = config_info_aggr */ +/******************************************/ +CREATE TABLE `config_info_aggr` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` varchar(255) NOT NULL COMMENT 'data_id', + `group_id` varchar(255) NOT NULL COMMENT 'group_id', + `datum_id` varchar(255) NOT NULL COMMENT 'datum_id', + `content` longtext NOT NULL COMMENT '内容', + `gmt_modified` datetime NOT NULL COMMENT '修改时间', + `app_name` varchar(128) DEFAULT NULL, + `tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfoaggr_datagrouptenantdatum` (`data_id`,`group_id`,`tenant_id`,`datum_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='增加租户字段'; + + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = config_info_beta */ +/******************************************/ +CREATE TABLE `config_info_beta` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` varchar(255) NOT NULL COMMENT 'data_id', + `group_id` varchar(128) NOT NULL COMMENT 'group_id', + `app_name` varchar(128) DEFAULT NULL COMMENT 'app_name', + `content` longtext NOT NULL COMMENT 'content', + `beta_ips` varchar(1024) DEFAULT NULL COMMENT 'betaIps', + `md5` varchar(32) DEFAULT NULL COMMENT 'md5', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + `src_user` text COMMENT 'source user', + `src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip', + `tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfobeta_datagrouptenant` (`data_id`,`group_id`,`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info_beta'; + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = config_info_tag */ +/******************************************/ +CREATE TABLE `config_info_tag` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `data_id` varchar(255) NOT NULL COMMENT 'data_id', + `group_id` varchar(128) NOT NULL COMMENT 'group_id', + `tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id', + `tag_id` varchar(128) NOT NULL COMMENT 'tag_id', + `app_name` varchar(128) DEFAULT NULL COMMENT 'app_name', + `content` longtext NOT NULL COMMENT 'content', + `md5` varchar(32) DEFAULT NULL COMMENT 'md5', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + `src_user` text COMMENT 'source user', + `src_ip` varchar(50) DEFAULT NULL COMMENT 'source ip', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_configinfotag_datagrouptenanttag` (`data_id`,`group_id`,`tenant_id`,`tag_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_info_tag'; + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = config_tags_relation */ +/******************************************/ +CREATE TABLE `config_tags_relation` ( + `id` bigint(20) NOT NULL COMMENT 'id', + `tag_name` varchar(128) NOT NULL COMMENT 'tag_name', + `tag_type` varchar(64) DEFAULT NULL COMMENT 'tag_type', + `data_id` varchar(255) NOT NULL COMMENT 'data_id', + `group_id` varchar(128) NOT NULL COMMENT 'group_id', + `tenant_id` varchar(128) DEFAULT '' COMMENT 'tenant_id', + `nid` bigint(20) NOT NULL AUTO_INCREMENT, + PRIMARY KEY (`nid`), + UNIQUE KEY `uk_configtagrelation_configidtag` (`id`,`tag_name`,`tag_type`), + KEY `idx_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='config_tag_relation'; + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = group_capacity */ +/******************************************/ +CREATE TABLE `group_capacity` ( + `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID', + `group_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Group ID,空字符表示整个集群', + `quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额,0表示使用默认值', + `usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量', + `max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限,单位为字节,0表示使用默认值', + `max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数,,0表示使用默认值', + `max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限,单位为字节,0表示使用默认值', + `max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_group_id` (`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='集群、各Group容量信息表'; + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = his_config_info */ +/******************************************/ +CREATE TABLE `his_config_info` ( + `id` bigint(64) unsigned NOT NULL, + `nid` bigint(20) unsigned NOT NULL AUTO_INCREMENT, + `data_id` varchar(255) NOT NULL, + `group_id` varchar(128) NOT NULL, + `app_name` varchar(128) DEFAULT NULL COMMENT 'app_name', + `content` longtext NOT NULL, + `md5` varchar(32) DEFAULT NULL, + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, + `src_user` text, + `src_ip` varchar(50) DEFAULT NULL, + `op_type` char(10) DEFAULT NULL, + `tenant_id` varchar(128) DEFAULT '' COMMENT '租户字段', + PRIMARY KEY (`nid`), + KEY `idx_gmt_create` (`gmt_create`), + KEY `idx_gmt_modified` (`gmt_modified`), + KEY `idx_did` (`data_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='多租户改造'; + + +/******************************************/ +/* 数据库全名 = nacos_config */ +/* 表名称 = tenant_capacity */ +/******************************************/ +CREATE TABLE `tenant_capacity` ( + `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键ID', + `tenant_id` varchar(128) NOT NULL DEFAULT '' COMMENT 'Tenant ID', + `quota` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '配额,0表示使用默认值', + `usage` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '使用量', + `max_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个配置大小上限,单位为字节,0表示使用默认值', + `max_aggr_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '聚合子配置最大个数', + `max_aggr_size` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '单个聚合数据的子配置大小上限,单位为字节,0表示使用默认值', + `max_history_count` int(10) unsigned NOT NULL DEFAULT '0' COMMENT '最大变更历史数量', + `gmt_create` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `gmt_modified` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='租户容量信息表'; + + +CREATE TABLE `tenant_info` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT 'id', + `kp` varchar(128) NOT NULL COMMENT 'kp', + `tenant_id` varchar(128) default '' COMMENT 'tenant_id', + `tenant_name` varchar(128) default '' COMMENT 'tenant_name', + `tenant_desc` varchar(256) DEFAULT NULL COMMENT 'tenant_desc', + `create_source` varchar(32) DEFAULT NULL COMMENT 'create_source', + `gmt_create` bigint(20) NOT NULL COMMENT '创建时间', + `gmt_modified` bigint(20) NOT NULL COMMENT '修改时间', + PRIMARY KEY (`id`), + UNIQUE KEY `uk_tenant_info_kptenantid` (`kp`,`tenant_id`), + KEY `idx_tenant_id` (`tenant_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='tenant_info'; + +CREATE TABLE `users` ( + `username` varchar(50) NOT NULL PRIMARY KEY, + `password` varchar(500) NOT NULL, + `enabled` boolean NOT NULL +); + +CREATE TABLE `roles` ( + `username` varchar(50) NOT NULL, + `role` varchar(50) NOT NULL, + UNIQUE INDEX `idx_user_role` (`username` ASC, `role` ASC) USING BTREE +); + +CREATE TABLE `permissions` ( + `role` varchar(50) NOT NULL, + `resource` varchar(255) NOT NULL, + `action` varchar(8) NOT NULL, + UNIQUE INDEX `uk_role_permission` (`role`,`resource`,`action`) USING BTREE +); + +INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE); + +INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN'); + + +-- ---------------------------- +-- Records of tenant_info +-- ---------------------------- +INSERT INTO `tenant_info` VALUES (null, '1', 'dev', 'dev', '开发环境', 'nacos', 1616642477210, 1616642477210); +INSERT INTO `tenant_info` VALUES (null, '1', 'test', 'test', '测试环境', 'nacos', 1616642477210, 1616642477210); +INSERT INTO `tenant_info` VALUES (null, '1', 'prod', 'prod', '生产环境', 'nacos', 1616642477210, 1616642477210); diff --git a/MPE/nacos/conf/schema.sql b/MPE/nacos/conf/schema.sql new file mode 100644 index 0000000..dfa8d75 --- /dev/null +++ b/MPE/nacos/conf/schema.sql @@ -0,0 +1,228 @@ +/* + * Copyright 1999-2018 Alibaba Group Holding Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +CREATE SCHEMA nacos AUTHORIZATION nacos; + +CREATE TABLE config_info ( + id bigint NOT NULL generated by default as identity, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) default '', + app_name varchar(128), + content CLOB, + md5 varchar(32) DEFAULT NULL, + gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + src_user varchar(128) DEFAULT NULL, + src_ip varchar(50) DEFAULT NULL, + c_desc varchar(256) DEFAULT NULL, + c_use varchar(64) DEFAULT NULL, + effect varchar(64) DEFAULT NULL, + type varchar(64) DEFAULT NULL, + c_schema LONG VARCHAR DEFAULT NULL, + constraint configinfo_id_key PRIMARY KEY (id), + constraint uk_configinfo_datagrouptenant UNIQUE (data_id,group_id,tenant_id)); + +CREATE INDEX configinfo_dataid_key_idx ON config_info(data_id); +CREATE INDEX configinfo_groupid_key_idx ON config_info(group_id); +CREATE INDEX configinfo_dataid_group_key_idx ON config_info(data_id, group_id); + +CREATE TABLE his_config_info ( + id bigint NOT NULL, + nid bigint NOT NULL generated by default as identity, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) default '', + app_name varchar(128), + content CLOB, + md5 varchar(32) DEFAULT NULL, + gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00.000', + gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00.000', + src_user varchar(128), + src_ip varchar(50) DEFAULT NULL, + op_type char(10) DEFAULT NULL, + constraint hisconfiginfo_nid_key PRIMARY KEY (nid)); + +CREATE INDEX hisconfiginfo_dataid_key_idx ON his_config_info(data_id); +CREATE INDEX hisconfiginfo_gmt_create_idx ON his_config_info(gmt_create); +CREATE INDEX hisconfiginfo_gmt_modified_idx ON his_config_info(gmt_modified); + + +CREATE TABLE config_info_beta ( + id bigint NOT NULL generated by default as identity, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) default '', + app_name varchar(128), + content CLOB, + beta_ips varchar(1024), + md5 varchar(32) DEFAULT NULL, + gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + src_user varchar(128), + src_ip varchar(50) DEFAULT NULL, + constraint configinfobeta_id_key PRIMARY KEY (id), + constraint uk_configinfobeta_datagrouptenant UNIQUE (data_id,group_id,tenant_id)); + +CREATE TABLE config_info_tag ( + id bigint NOT NULL generated by default as identity, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) default '', + tag_id varchar(128) NOT NULL, + app_name varchar(128), + content CLOB, + md5 varchar(32) DEFAULT NULL, + gmt_create timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + src_user varchar(128), + src_ip varchar(50) DEFAULT NULL, + constraint configinfotag_id_key PRIMARY KEY (id), + constraint uk_configinfotag_datagrouptenanttag UNIQUE (data_id,group_id,tenant_id,tag_id)); + +CREATE TABLE config_info_aggr ( + id bigint NOT NULL generated by default as identity, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) default '', + datum_id varchar(255) NOT NULL, + app_name varchar(128), + content CLOB, + gmt_modified timestamp NOT NULL DEFAULT '2010-05-05 00:00:00', + constraint configinfoaggr_id_key PRIMARY KEY (id), + constraint uk_configinfoaggr_datagrouptenantdatum UNIQUE (data_id,group_id,tenant_id,datum_id)); + +CREATE TABLE app_list ( + id bigint NOT NULL generated by default as identity, + app_name varchar(128) NOT NULL, + is_dynamic_collect_disabled smallint DEFAULT 0, + last_sub_info_collected_time timestamp DEFAULT '1970-01-01 08:00:00.0', + sub_info_lock_owner varchar(128), + sub_info_lock_time timestamp DEFAULT '1970-01-01 08:00:00.0', + constraint applist_id_key PRIMARY KEY (id), + constraint uk_appname UNIQUE (app_name)); + +CREATE TABLE app_configdata_relation_subs ( + id bigint NOT NULL generated by default as identity, + app_name varchar(128) NOT NULL, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + gmt_modified timestamp DEFAULT '2010-05-05 00:00:00', + constraint configdatarelationsubs_id_key PRIMARY KEY (id), + constraint uk_app_sub_config_datagroup UNIQUE (app_name, data_id, group_id)); + + +CREATE TABLE app_configdata_relation_pubs ( + id bigint NOT NULL generated by default as identity, + app_name varchar(128) NOT NULL, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + gmt_modified timestamp DEFAULT '2010-05-05 00:00:00', + constraint configdatarelationpubs_id_key PRIMARY KEY (id), + constraint uk_app_pub_config_datagroup UNIQUE (app_name, data_id, group_id)); + +CREATE TABLE config_tags_relation ( + id bigint NOT NULL, + tag_name varchar(128) NOT NULL, + tag_type varchar(64) DEFAULT NULL, + data_id varchar(255) NOT NULL, + group_id varchar(128) NOT NULL, + tenant_id varchar(128) DEFAULT '', + nid bigint NOT NULL generated by default as identity, + constraint config_tags_id_key PRIMARY KEY (nid), + constraint uk_configtagrelation_configidtag UNIQUE (id, tag_name, tag_type)); + +CREATE INDEX config_tags_tenant_id_idx ON config_tags_relation(tenant_id); + +CREATE TABLE group_capacity ( + id bigint NOT NULL generated by default as identity, + group_id varchar(128) DEFAULT '', + quota int DEFAULT 0, + usage int DEFAULT 0, + max_size int DEFAULT 0, + max_aggr_count int DEFAULT 0, + max_aggr_size int DEFAULT 0, + max_history_count int DEFAULT 0, + gmt_create timestamp DEFAULT '2010-05-05 00:00:00', + gmt_modified timestamp DEFAULT '2010-05-05 00:00:00', + constraint group_capacity_id_key PRIMARY KEY (id), + constraint uk_group_id UNIQUE (group_id)); + +CREATE TABLE tenant_capacity ( + id bigint NOT NULL generated by default as identity, + tenant_id varchar(128) DEFAULT '', + quota int DEFAULT 0, + usage int DEFAULT 0, + max_size int DEFAULT 0, + max_aggr_count int DEFAULT 0, + max_aggr_size int DEFAULT 0, + max_history_count int DEFAULT 0, + gmt_create timestamp DEFAULT '2010-05-05 00:00:00', + gmt_modified timestamp DEFAULT '2010-05-05 00:00:00', + constraint tenant_capacity_id_key PRIMARY KEY (id), + constraint uk_tenant_id UNIQUE (tenant_id)); + +CREATE TABLE tenant_info ( + id bigint NOT NULL generated by default as identity, + kp varchar(128) NOT NULL, + tenant_id varchar(128) DEFAULT '', + tenant_name varchar(128) DEFAULT '', + tenant_desc varchar(256) DEFAULT NULL, + create_source varchar(32) DEFAULT NULL, + gmt_create bigint NOT NULL, + gmt_modified bigint NOT NULL, + constraint tenant_info_id_key PRIMARY KEY (id), + constraint uk_tenant_info_kptenantid UNIQUE (kp,tenant_id)); +CREATE INDEX tenant_info_tenant_id_idx ON tenant_info(tenant_id); + +CREATE TABLE users ( + username varchar(50) NOT NULL PRIMARY KEY, + password varchar(500) NOT NULL, + enabled boolean NOT NULL DEFAULT true +); + +CREATE TABLE roles ( + username varchar(50) NOT NULL, + role varchar(50) NOT NULL, + constraint uk_username_role UNIQUE (username,role) +); + +CREATE TABLE permissions ( + role varchar(50) NOT NULL, + resource varchar(512) NOT NULL, + action varchar(8) NOT NULL, + constraint uk_role_permission UNIQUE (role,resource,action) +); + +INSERT INTO users (username, password, enabled) VALUES ('nacos', '$2a$10$EuWPZHzz32dJN7jexM34MOeYirDdFAZm2kuWj7VEOJhhZkDrxfvUu', TRUE); + +INSERT INTO roles (username, role) VALUES ('nacos', 'ROLE_ADMIN'); + + +/******************************************/ +/* ipv6 support */ +/******************************************/ +ALTER TABLE `config_info_tag` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`; + +ALTER TABLE `his_config_info` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL AFTER `src_user`; + +ALTER TABLE `config_info` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`; + +ALTER TABLE `config_info_beta` +MODIFY COLUMN `src_ip` varchar(50) CHARACTER SET utf8 COLLATE utf8_bin NULL DEFAULT NULL COMMENT 'source ip' AFTER `src_user`;
\ No newline at end of file |