I am trying to see what kind of traffic is listed in the Stream Log, what each column in the log file say, need to parse the log to understand it,
thanks Meir
How i can read Log Stream Data from Disk (for Debugging)?
Votes:
0
Best Answer
Accepted Answer
Votes:
0
This is the heading for the Netflow streamlog:
Now,FromDateTime,ToDateTime,EthernetType,Protocol,SourceIP,SourcePort,SourceMAC,DestinationIP,DestinationPort,DestinationMAC,Size,ChannelID,ToS,SenderIP,InboundInterface,OutboundInterface,SourceASI,DestinationASI,SourceMask,DestinationMask,NextHop,SourceVLAN,DestinationVLAN
Created on Mar 9, 2017 5:20:28 PM by
4 Replies
Votes:
0
The "best trick" to analyze them is to copy them out of the StreamLog folder. Then, open the file in notepad (or similar) and add the following to the begining of the file:
SEP=,
It should look like this:
SEP=, 01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,56321,6,10.0.0.1,286,01-DC-40-59-C6-B7,10.0.0.2,139,01-DC-40-59-C6-B7,44427,3008,255,10.0.11.65,0,0,65535,65535 01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,23875,6,10.0.0.1,500,43-5D-42-59-C6-B7,10.0.0.2,947,43-5D-42-59-C6-B7,72430,3009,255,10.0.11.65,0,0,65535,65535 01.03.2016 05:46:41,01.03.2016 04:45:41,01.03.2016 04:46:41,972,6,10.0.0.1,386,CC-03-44-59-C6-B7,10.0.0.2,144,CC-03-44-59-C6-B7,77595,3009,255,10.0.11.65,0,0,65535,65535 [...]
Now, you can open the file in excel and it should be legible. Something like this(This is from a Packet Sniffer sensor):
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 56321 | 6 | 10.0.0.1 | 286 | 01-DC-40-59-C6-B7 | 10.0.0.2 | 139 | 01-DC-40-59-C6-B7 | 44427 | 3008 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 23875 | 6 | 10.0.0.1 | 500 | 43-5D-42-59-C6-B7 | 10.0.0.2 | 947 | 43-5D-42-59-C6-B7 | 72430 | 3009 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
| 01.03.2016 05:46:41 | 01.03.2016 04:45:41 | 01.03.2016 04:46:41 | 972 | 6 | 10.0.0.1 | 386 | CC-03-44-59-C6-B7 | 10.0.0.2 | 144 | CC-03-44-59-C6-B7 | 77595 | 3009 | 255 | 10.0.11.65 | 0 | 0 | 65535 | 65535 |
The fields will include the information listed here:
Basically you'll have some general properties, and then the IP/Port/Mac Source and the IP/Port/Mac destination.
Created on Mar 2, 2017 7:08:40 AM by
Last change on Dec 2, 2021 9:14:22 AM by
Votes:
0
hey, thanks for quick respond, but now how i know what the meaning of every column ? first,second,third column is date of what ? what is 56231,6,10.0.0.1,286, and so on until the end, sorry if i don't explain my question,
I add few lines to show ..
|28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|27678|1|199.203.158.61|13509|00-00-00-00-00-00|199.203.1.20|53|00-00-00-00-00-00|122|1018|0|199.203.158.61|2|7|0|0|0|0|0.0.0.0|0|0| |28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|63317|17|199.203.1.20|53|00-00-00-00-00-00|199.203.158.61|13509|00-00-00-00-00-00|116|1004|0|199.203.158.61|7|2|0|0|0|0|0.0.0.0|0|0| |28-02-17 16:43|28-02-17 14:43|28-02-17 14:43|14636|1|199.203.158.61|30772|00-00-00-00-00-00|199.203.1.20|53|00-00-00-00-00-00|135|1018|0|199.203.158.61|2|7|0|0|0|0|0.0.0.0|0|0|
thanks again
Last change on Mar 6, 2017 7:17:36 AM by
Accepted Answer
Votes:
0
This is the heading for the Netflow streamlog:
Now,FromDateTime,ToDateTime,EthernetType,Protocol,SourceIP,SourcePort,SourceMAC,DestinationIP,DestinationPort,DestinationMAC,Size,ChannelID,ToS,SenderIP,InboundInterface,OutboundInterface,SourceASI,DestinationASI,SourceMask,DestinationMask,NextHop,SourceVLAN,DestinationVLAN
Created on Mar 9, 2017 5:20:28 PM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment