#include #include #include #include #include #include #include #include "maat.h" #include "attribute_schema.h" void attribute_schema_free(struct attribute_schema *schema) { if(schema==NULL) { return ; } if(schema->log_field_name!=NULL) { free(schema->log_field_name); } if(schema->scan_attribute_name!=NULL) { free(schema->scan_attribute_name); } free(schema); } void attribute_scratch_reset(struct attribute_scratch *attr, size_t n_attr) { for(size_t i=0; i attr_max) || schema==NULL) { return ; } attr[*attr_offset].string.value=value; attr[*attr_offset].string.value_sz=value_sz; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_STRING; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_string_array_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, char **value, size_t value_sz[], size_t n_value) { if(value==NULL || n_value==0 || (*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].string_array.value=value; attr[*attr_offset].string_array.value_sz=value_sz; attr[*attr_offset].string_array.n_value=n_value; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_STRING_ARRAY; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_chunk_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, char *value, size_t value_sz) { if(value==NULL || value_sz==0 || (*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].chunk.value=value; attr[*attr_offset].chunk.value_sz=value_sz; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_STREAM; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_integer_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, long long value) { if((*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].integer=value; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_INTEGER; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_flag_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint64_t value) { if((*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].flag=value; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_FLAG; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_ipv4_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint32_t ipv4, int32_t port) { if((*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].ipv4_port.port=port; attr[*attr_offset].ipv4_port.ipv4=ipv4; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_IPV4; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_ipv6_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uint8_t ipv6[16], int32_t port) { if((*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].ipv6_port.port=port; memcpy(attr[*attr_offset].ipv6_port.ipv6, ipv6, sizeof(attr[*attr_offset].ipv6_port.ipv6)); attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_IPV6; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; (*attr_offset)+=1; } void attribute_scratch_maat_object_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value, uuid_t item_uuid[], uuid_t object_uuid[], size_t n_uuid) { if((*attr_offset+1 > attr_max) || schema==NULL || n_uuid==0 || (object_uuid==NULL && item_uuid==NULL)) { return ; } if(object_uuid!=NULL) { attr[*attr_offset].maat_object.object_uuid=(uuid_t *)malloc(sizeof(uuid_t)*n_uuid); memcpy(attr[*attr_offset].maat_object.object_uuid, object_uuid, sizeof(uuid_t)*n_uuid); } if(item_uuid!=NULL) { attr[*attr_offset].maat_object.item_uuid=(uuid_t *)malloc(sizeof(uuid_t)*n_uuid); memcpy(attr[*attr_offset].maat_object.item_uuid, item_uuid, sizeof(uuid_t)*n_uuid); } attr[*attr_offset].maat_object.n_uuid=n_uuid; attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_MAAT_OBJECT; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=1; (*attr_offset)+=1; if(is_free_value==FREE_TRUE) { if(object_uuid!=NULL) { free(object_uuid); } if(item_uuid!=NULL) { free(item_uuid); } } } void attribute_scratch_not_logic_fill(struct attribute_scratch *attr, size_t attr_max, size_t *attr_offset, int is_free_schema, struct attribute_schema *schema, int is_free_value) { if((*attr_offset+1 > attr_max) || schema==NULL) { return ; } attr[*attr_offset].value_type=ATTRIBUTE_VALUE_TYPE_NOT_LOGIC; attr[*attr_offset].schema=schema; attr[*attr_offset].is_free_schema=is_free_schema; attr[*attr_offset].is_free_value=is_free_value; attr[*attr_offset].null_ptr=NULL; (*attr_offset)+=1; } void attribute_schema_init(struct attribute_schema *attr_schema, size_t attr_schema_sz) { if(attr_schema==NULL || attr_schema_sz!=ATTRIBUTE_SCHEMA_MAX) { return ; } // tunnel attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_LEVEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_LEVEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TUNNEL_LEVEL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_GTP_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_GTP_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TUNNEL_GTP_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_GRE_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TUNNEL_GRE_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_IP_IN_IP_ENDPOINT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TUNNEL_IP_IN_IP_ENDPOINT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TUNNEL_UUID_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNEL_UUID_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tunnel_uuid_list" }; attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_INTERNAL_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_EXTERNAL_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_INTERNAL_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_INTERNAL_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_INTERNAL_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_EXTERNAL_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_EXTERNAL_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_EXTERNAL_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // tcp attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_C2S_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_S2C_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_C2S_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_C2S_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TCP_PAYLOAD_S2C_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_TCP_PAYLOAD_S2C_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // udp attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_C2S_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_S2C_FIRST_DATA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_C2S_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_C2S_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA_LEN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_UDP_PAYLOAD_S2C_FIRST_DATA_LEN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_UDP_PAYLOAD_S2C_FIRST_DATA_LEN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // session flags attr_schema[ATTRIBUTE_SCHEMA_GENERAL_FLAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_FLAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FLAG", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"flags" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_FLAGS_IDENTIFY_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_FLAGS_IDENTIFY_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"flags_identify_info" }; // app id attr_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_APP_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_ANALYSIS_APPLICATION_ID_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_APP_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_DECODED_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DECODED_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"decoded_path" }; attr_schema[ATTRIBUTE_SCHEMA_TRANS_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANS_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ip_protocol" }; // http attr_schema[ATTRIBUTE_SCHEMA_HTTP_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_version" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_HOST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_HOST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_host" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_URL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_URL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_URL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_url" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_URL_DECODED]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_URL_DECODED, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_URL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // http request header attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_user_agent" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_cookie" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_content_type" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_LENGTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_CONTENT_LENGTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_content_length" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_HEADER_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_REFERER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_REFERER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_referer" }; // http request body attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_body" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_BODY_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_REQ_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // http response header attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_user_agent" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_cookie" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_content_type" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_LENGTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_CONTENT_LENGTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_content_length" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_HEADER_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_HDR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_REFERER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_REFERER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_referer" }; // http response body attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_body" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_BODY_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_HTTP_RES_BODY", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; // http attr_schema[ATTRIBUTE_SCHEMA_HTTP_SEQUENCE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SEQUENCE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_sequence" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_SNAPSHOT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SNAPSHOT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_snapshot" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_REQUEST_LINE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_REQUEST_LINE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_request_line" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LINE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LINE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_line" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_STATUS_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_STATUS_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_status_code" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_SET_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_SET_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_set_cookie" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_RESPONSE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_response_latency_ms" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_SESSION_DURATION_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_SESSION_DURATION_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_session_duration_ms" }; attr_schema[ATTRIBUTE_SCHEMA_HTTP_ACTION_FILE_SIZE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_HTTP_ACTION_FILE_SIZE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"http_action_file_size" }; // mail attr_schema[ATTRIBUTE_SCHEMA_MAIL_ACCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ACCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ACCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_account" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_PASSWORD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_PASSWORD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_password" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_FROM_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_FROM_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_FROM", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_from_cmd" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_CMD_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_CMD_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_to_cmd" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_FROM]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_FROM, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_FROM", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_from" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_TO_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_TO_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_to" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CC_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CC_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_cc" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_BCC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_BCC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_TO", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_BCC_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_BCC_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_bcc" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_SUBJECT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_subject" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_content" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_CONTENT_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_name" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_content" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_CONTENT_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_ATT_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_EML_FILE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_EML_FILE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_MAIL_EML_FILE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_eml_file" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_PROTOCOL_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_PROTOCOL_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_protocol_type" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_SUBJECT_CHARSET]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_SUBJECT_CHARSET, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_subject_charset" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_CHARSET]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_ATTACHMENT_NAME_CHARSET, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_attachment_name_charset" }; attr_schema[ATTRIBUTE_SCHEMA_MAIL_STARTTLS_CMD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_MAIL_STARTTLS_CMD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mail_starttls_flag" }; //dns attr_schema[ATTRIBUTE_SCHEMA_DNS_QNAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QNAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_QNAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qname" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_MESSAGE_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_MESSAGE_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_MESSAGE_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_message_id" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_QR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_QR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qr" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_OPCODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_OPCODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_OPCODE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_opcode" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_AA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_AA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_AA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_aa" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_TC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_TC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_TC", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_tc" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_RD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_RD", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rd" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_RA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_RA", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_ra" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_RCODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RCODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_RCODE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rcode" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_QDCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QDCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_QDCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qdcount" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_ANCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_ANCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_ANCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_ancount" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_NSCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_NSCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_NSCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_nscount" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_ARCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_ARCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_ARCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_arcount" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_QTYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QTYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_QTYPE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qtype" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_QCLASS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_QCLASS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_QCLASS", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_qclass" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_RR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_RR", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_rr" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_CNAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_CNAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_CNAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_cname" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_SUB]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_SUB, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DNS_SUB", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_sub" }; attr_schema[ATTRIBUTE_SCHEMA_DNS_RESPONSE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DNS_RESPONSE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dns_response_latency_ms" }; // ssl attr_schema[ATTRIBUTE_SCHEMA_SSL_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_version" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_sni" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_CN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cn" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_san" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_SAN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_SAN_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_SAN_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_SAN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_JA3_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA3_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA3", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja3_hash" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_JA3S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA3S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA3S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja3s_hash" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_JA4_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA4_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA4", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja4_fingerprint" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_JA4S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_JA4S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ANALYSIS_JA4S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ja4s_fingerprint" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ESNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ESNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ESNI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ESNI_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ESNI_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_esni_flag" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ECH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ECH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_ECH", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_ECH_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_ECH_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_ech_flag" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_NO_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_NO_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_NO_SNI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_IDENTIFIER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_IDENTIFIER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ALGORITHM_IDENTIFIER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SERIAL_NUMBER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SERIAL_NUMBER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SERIAL_NUMBER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COMMON_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COMMON_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_COMMON_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_ORGANIZATION_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_ORGANIZATION_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_ORGANIZATION_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COUNTRY_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER_COUNTRY_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ISSUER_COUNTRY_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_COUNTRY_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_COUNTRY_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SUBJECT_COUNTRY_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_ORGANIZATION_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT_ORGANIZATION_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_SUBJECT_ORGANIZATION_NAME", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_BEFORE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_BEFORE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_NOT_VALID_BEFORE", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_AFTER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_NOT_VALID_AFTER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_NOT_VALID_AFTER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ALGORITHM_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SSL_HANDSHAKE_CERTIFICATE_ALGORITHM_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SSL_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_handshake_latency_ms" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_ISSUER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cert_issuer" }; attr_schema[ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSL_CERTIFICATE_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssl_cert_subject" }; // dtls attr_schema[ATTRIBUTE_SCHEMA_DTLS_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_sni" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cookie" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_version" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_CN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DTLS_CN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cn" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_SAN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_SAN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_san" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_handshake_latency_ms" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_JA3_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_JA3_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DTLS_ANALYSIS_JA3", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_ja3_hash" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_JA3S_HASH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_JA3S_HASH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DTLS_ANALYSIS_JA3S", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_ja3s_hash" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_ISSUER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_ISSUER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cert_issuer" }; attr_schema[ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_SUBJECT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_DTLS_CERTIFICATE_SUBJECT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dtls_cert_subject" }; // quic attr_schema[ATTRIBUTE_SCHEMA_QUIC_SNI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_SNI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_sni" }; attr_schema[ATTRIBUTE_SCHEMA_QUIC_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_version" }; attr_schema[ATTRIBUTE_SCHEMA_QUIC_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_QUIC_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"quic_user_agent" }; // ftp attr_schema[ATTRIBUTE_SCHEMA_FTP_ACCOUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_ACCOUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_ACCOUNT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_account" }; attr_schema[ATTRIBUTE_SCHEMA_FTP_PASSWORD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_PASSWORD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_password" }; attr_schema[ATTRIBUTE_SCHEMA_FTP_URL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_URL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_URI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_url" }; attr_schema[ATTRIBUTE_SCHEMA_FTP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_FTP_CONTENT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_CONTENT_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_FTP_CONTENT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_FTP_LINK_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_FTP_LINK_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ftp_link_type" }; // sip attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_DESCRIPTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_DESCRIPTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SIP_ORIGINATOR_DESCRIPTION", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_description" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_DESCRIPTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_DESCRIPTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SIP_RESPONDER_DESCRIPTION", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_description" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_CALL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_CALL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_call_id" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_USER_AGENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_USER_AGENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_user_agent" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_SERVER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_SERVER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_server" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONNECT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONNECT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_connect_ip" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONNECT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONNECT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_connect_ip" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_media_port" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_media_port" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_MEDIA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_media_type" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_MEDIA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_media_type" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_ORIGINATOR_SDP_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_originator_sdp_content" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_RESPONDER_SDP_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_responder_sdp_content" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_DURATION_S]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_DURATION_S, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_duration_s" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_BYE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_BYE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_bye" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_BYE_REASON]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_BYE_REASON, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_bye_reason" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_VIA]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_VIA, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_via" }; attr_schema[ATTRIBUTE_SCHEMA_SIP_CSEQ]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SIP_CSEQ, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sip_cseq" }; // rtp attr_schema[ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_C2S]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_C2S, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_payload_type_c2s" }; attr_schema[ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_S2C]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PAYLOAD_TYPE_S2C, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_payload_type_s2c" }; attr_schema[ATTRIBUTE_SCHEMA_RTP_PCAP_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_PCAP_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_pcap_path" }; attr_schema[ATTRIBUTE_SCHEMA_RTP_ORIGINATOR_DIR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RTP_ORIGINATOR_DIR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rtp_originator_dir" }; // ssh attr_schema[ATTRIBUTE_SCHEMA_SSH_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_version" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_AUTH_SUCCESS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_AUTH_SUCCESS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_auth_success" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_CLIENT_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_CLIENT_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_client_version" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_SERVER_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_SERVER_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_server_version" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_CIPHER_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_CIPHER_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_cipher_alg" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_MAC_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_MAC_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_mac_alg" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_COMPRESSION_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_COMPRESSION_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_compression_alg" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_KEX_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_KEX_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_kex_alg" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_HOST_KEY_ALG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HOST_KEY_ALG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_host_key_alg" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_HOST_KEY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HOST_KEY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_host_key" }; attr_schema[ATTRIBUTE_SCHEMA_SSH_HASSH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SSH_HASSH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"ssh_hassh" }; // stratum attr_schema[ATTRIBUTE_SCHEMA_STRATUM_CRYPTOCURRENCY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_CRYPTOCURRENCY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_cryptocurrency" }; attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_POOLS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_POOLS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_pools" }; attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_PROGRAM]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_PROGRAM, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_program" }; attr_schema[ATTRIBUTE_SCHEMA_STRATUM_MINING_SUBSCRIBE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_STRATUM_MINING_SUBSCRIBE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"stratum_mining_subscribe" }; // rdp attr_schema[ATTRIBUTE_SCHEMA_RDP_COOKIE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_COOKIE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_cookie" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_SECURITY_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_SECURITY_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_security_protocol" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_CHANNELS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_CHANNELS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_channels" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_KEYBOARD_LAYOUT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_KEYBOARD_LAYOUT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_keyboard_layout" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_version" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_NAME]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_NAME, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_name" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CLIENT_PRODUCT_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CLIENT_PRODUCT_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_client_product_id" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_DESKTOP_WIDTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_DESKTOP_WIDTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_desktop_width" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_DESKTOP_HEIGHT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_DESKTOP_HEIGHT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_desktop_height" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_REQUESTED_COLOR_DEPTH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_REQUESTED_COLOR_DEPTH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_requested_color_depth" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_type" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_COUNT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_COUNT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_count" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_PERMANENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_CERTIFICATE_PERMANENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_certificate_permanent" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_LEVEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_LEVEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_encryption_level" }; attr_schema[ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_METHOD]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_RDP_ENCRYPTION_METHOD, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"rdp_encryption_method" }; // general attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SESSION_DIRECTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SESSION_DIRECTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"direction" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DECODED_AS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DECODED_AS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"decoded_as" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"session_id" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_START_TIMESTAMP_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_START_TIMESTAMP_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"start_timestamp_ms" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_END_TIMESTAMP_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_END_TIMESTAMP_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"end_timestamp_ms" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DURATION_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DURATION_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"duration_ms" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_TCP_HANDSHAKE_LATENCY_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_TCP_HANDSHAKE_LATENCY_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_handshake_latency_ms" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_id" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_OUT_LINK_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_OUT_LINK_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_link_id" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_IN_LINK_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_IN_LINK_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_link_id" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_TAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_TAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_tag" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DATA_CENTER]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DATA_CENTER, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"data_center" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_DEVICE_GROUP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_DEVICE_GROUP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"device_group" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_SLED_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_SLED_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sled_ip" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_ADDRESS_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_ADDRESS_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"address_type" }; attr_schema[ATTRIBUTE_SCHEMA_IP_PROTOCOL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_IP_PROTOCOL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_IP_PROTOCOL", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_VSYS_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_VSYS_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vsys_id" }; attr_schema[ATTRIBUTE_SCHEMA_GENERAL_T_VSYS_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_GENERAL_T_VSYS_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"t_vsys_id" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"security_rule_uuid_list" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_ACTION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_SECURITY_ACTION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"security_action" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_rule_uuid_list" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_mirrored_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_MONITOR_MIRRORED_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"monitor_mirrored_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TREATMENT_STATISTICS_RULE_LIST]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TREATMENT_STATISTICS_RULE_LIST, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"statistics_rule_uuid_list" }; // client and server attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_TAG_UUIDS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=(char *)"ATTR_SOURCE_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IP_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IP_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_ip_tags" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_port" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_PORT_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SOURCE_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_OS_DESC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_OS_DESC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_os_desc" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_ASN_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_ASN_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_asn" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_ASN_ID_STR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_ASN_ID_STR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_SUBSCRIBER_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_SUBSCRIBER_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SUBSCRIBER_ID", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"subscriber_id" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_COUNTRY_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_COUNTRY_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_country" }; // imei, imsi, apn, phone number attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMEI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IMEI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_GTP_IMEI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"imei" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_IMSI]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_IMSI, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_GTP_IMSI", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"imsi" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_APN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_APN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_GTP_APN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"apn" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_MSISDN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_MSISDN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_GTP_PHONE_NUMBER", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"phone_number" }; attr_schema[ATTRIBUTE_SCHEMA_CLIENT_FISRT_PKT_TTL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_CLIENT_FISRT_PKT_TTL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_ttl" }; // server attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_TAG_UUIDS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=(char *)"ATTR_DESTINATION_IP", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_IP_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_IP_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_ip_tags" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_port" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_PORT_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_DESTINATION_PORT", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_OS_DESC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_OS_DESC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_os_desc" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_ASN_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_ASN_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_asn" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_ASN_ID_STR]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_ASN_ID_STR, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_COUNTRY_CODE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_COUNTRY_CODE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_country" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SERVER_FQDN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_COMMIT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_COMMIT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_TRUE, .scan_attribute_name=(char *)"ATTR_SERVER_FQDN", .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=NULL }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_fqdn" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FQDN_TAGS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FQDN_TAGS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_fqdn_tags" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_DOMAIN_LOG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_DOMAIN_LOG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_domain" }; attr_schema[ATTRIBUTE_SCHEMA_SERVER_FISRT_PKT_TTL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_SERVER_FISRT_PKT_TTL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_ttl" }; // application attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_TRANSITION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_TRANSITION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_transition" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_CATEGORY]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_CATEGORY, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_category" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_EXTRA_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_EXTRA_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_extra_info" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_DEBUG_INFO]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_DEBUG_INFO, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_debug_info" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_CONTENT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_CONTENT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"app_content" }; attr_schema[ATTRIBUTE_SCHEMA_APPLICATION_PROTOCOL_PATH]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_APPLICATION_PROTOCOL_PATH, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"protocol_path" }; // transmission attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sent_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_SENT_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"sent_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"received_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_RECEIVED_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"received_bytes" }; // transmission tcp attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_IP_FRAGMENTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_IP_FRAGMENTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_ip_fragments" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_IP_FRAGMENTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_IP_FRAGMENTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_ip_fragments" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_LOST_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_LOST_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_lost_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_LOST_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_LOST_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_lost_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_O3_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_O3_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_o3_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_O3_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_O3_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_o3_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_rtx_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_PKTS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_PKTS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_rtx_pkts" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_C2S_RTX_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_c2s_rtx_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_BYTES]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_S2C_RTX_BYTES, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_s2c_rtx_bytes" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_RTT_MS]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_RTT_MS, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_rtt_ms" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_CLEINT_ISN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_CLEINT_ISN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_client_isn" }; attr_schema[ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_SERVER_ISN]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TRANSMISSION_TCP_SERVER_ISN, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tcp_server_isn" }; // init other attribute schema attr_schema[ATTRIBUTE_SCHEMA_OTHER_PACKET_CAPTURE_FILE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_PACKET_CAPTURE_FILE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"packet_capture_file" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"encapsulation_type" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_IN_SRC_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_IN_SRC_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_src_mac" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_OUT_SRC_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_OUT_SRC_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_src_mac" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_IN_DEST_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_IN_DEST_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"in_dest_mac" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_OUT_DEST_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_OUT_DEST_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"out_dest_mac" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_ENCAPSULATION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"encapsulation" }; attr_schema[ATTRIBUTE_SCHEMA_OTHER_DUP_TRAFFIC_FLAG]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_OTHER_DUP_TRAFFIC_FLAG, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"dup_traffic_flag" }; // encapsulation attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SCHEMA_TYPE]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SCHEMA_TYPE, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"tunnels_schema_type" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_A_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a_port" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_ENDPOINT_B_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b_port" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_A2B_TEID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_A2B_TEID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_a2b_teid" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_GTP_B2A_TEID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_GTP_B2A_TEID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"gtp_endpoint_b2a_teid" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_MPLS_C2S_DIRECTION_LABEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_MPLS_C2S_DIRECTION_LABEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mpls_c2s_direction_label" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_MPLS_S2C_DIRECTION_LABEL]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_MPLS_S2C_DIRECTION_LABEL, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"mpls_s2c_direction_label" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_VLAN_C2S_DIRECTION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_VLAN_C2S_DIRECTION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vlan_c2s_direction_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_VLAN_S2C_DIRECTION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_VLAN_S2C_DIRECTION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"vlan_s2c_direction_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"source_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"destination_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_C2S_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_C2S_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_source_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_C2S_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_C2S_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"c2s_destination_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_S2C_SOURCE_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_S2C_SOURCE_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_source_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_S2C_DESTINATION_MAC]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_S2C_DESTINATION_MAC, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"s2c_destination_mac" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_CLIENT_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_CLIENT_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"client_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"server_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_PPTP_UPLINK_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_PPTP_UPLINK_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"pptp_uplink_tunnel_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_PPTP_DOWNLINK_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_PPTP_DOWNLINK_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"pptp_downlink_tunnel_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_VERSION]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_VERSION, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_version" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lac2lns_tunnel_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_TUNNEL_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_TUNNEL_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lns2lac_tunnel_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LAC2LNS_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lac2lns_session_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_SESSION_ID]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_LNS2LAC_SESSION_ID, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_lns2lac_session_id" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_access_concentrator_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_IP]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_IP, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_network_server_ip" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_ACCESS_CONCENTRATOR_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_access_concentrator_port" }; attr_schema[ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_PORT]=(struct attribute_schema){ .attr_idx=ATTRIBUTE_SCHEMA_TUNNELS_L2TP_NETWORK_SERVER_PORT, .scan_not_logic_flag=SCHEMA_SCAN_NOT_LOGIC_FALSE, .scan_attribute_name=NULL, .log_field_name_sz=SCHEMA_DEFAULT_LOG_FIELD_NAME_SZ, .log_field_name=(char *)"l2tp_network_server_port" }; for(int i=ATTRIBUTE_SCHEMA_UNKNOWN; i