diff --git a/x-pack/filebeat/module/shorewall/_meta/fields.yml b/x-pack/filebeat/module/shorewall/_meta/fields.yml index 5ccad4af6f0..bea78feba2e 100644 --- a/x-pack/filebeat/module/shorewall/_meta/fields.yml +++ b/x-pack/filebeat/module/shorewall/_meta/fields.yml @@ -21,30 +21,21 @@ type: keyword description: > Name of the output network interface - - name: action - type: group - description: > - Shorewal network log files - fields: - - name: one - type: keywork - description: > - Specifies the action to be taken if the connection request matches - the rule. target must be one of the following values (ACCEPT, ACCEPT+, - ACCEPT!, ADD, AUDIT, A_ACCEPT, A_ACCEPT+, A_ACCEPT!, A_DROP, A_DROP!, - A_REJECT, A_REJECT!, ?COMMENT, CONMARK, CONTINUE, CONTINUE!, COUNT, DEL, - DNAT, DNAT-, DROP, DROP!, HELPER, INLINE, IPTABLES, IP6TABLES, LOG, MACRO, - MARK, NFLOG, NFQUEUE, NONAT, QUEUE, QUEUE!, REJECT, REJECT!, REDIRECT, - REDIRECT-, TARPIT, ULOG. See http://shorewall.net/manpages/shorewall-rules.html - - name: two - type: keyword - description: > - Action two - name: frame_type type: keyword description: > This field is part of the MAC address in the log. It indicates whether the ethernet frame carried an IPv4 datagram or not. + - name: packet_action + type: keywork + description: > + Specifies the action to be taken if the connection request matches + the rule. target must be one of the following values (ACCEPT, ACCEPT+, + ACCEPT!, ADD, AUDIT, A_ACCEPT, A_ACCEPT+, A_ACCEPT!, A_DROP, A_DROP!, + A_REJECT, A_REJECT!, ?COMMENT, CONMARK, CONTINUE, CONTINUE!, COUNT, DEL, + DNAT, DNAT-, DROP, DROP!, HELPER, INLINE, IPTABLES, IP6TABLES, LOG, MACRO, + MARK, NFLOG, NFQUEUE, NONAT, QUEUE, QUEUE!, REJECT, REJECT!, REDIRECT, + REDIRECT-, TARPIT, ULOG. See http://shorewall.net/manpages/shorewall-rules.html - name: precedence type: keyword description: > @@ -74,4 +65,17 @@ The TCP Receive Window size. This may be scaled by bit-shifting left by a number of bits specified in the "Window Scale" TCP option. If the host supports ECN, then the TCP Receive Window size will also - be controlled by that. \ No newline at end of file + be controlled by that. + - name: zone + type: group + description: > + Shorewal Zone fields + fields: + - name: device + type: keyword + description: > + Name of the device for the zone + - name: name + type: keywork + description: > + Name of the zone \ No newline at end of file diff --git a/x-pack/filebeat/module/shorewall/fields.go b/x-pack/filebeat/module/shorewall/fields.go index 1bdc50202ed..23b926940dd 100644 --- a/x-pack/filebeat/module/shorewall/fields.go +++ b/x-pack/filebeat/module/shorewall/fields.go @@ -19,5 +19,5 @@ func init() { // AssetShorewall returns asset data. // This is the base64 encoded gzipped contents of module/shorewall. func AssetShorewall() string { - return "eJysVs2S4jYQvs9TfMMlqYqHraRSOXBIioB3QwKG8FN7nBJ221aNLDlSG4qc9kGSl9snSUnGLCxkNtkdXSxare/7Wt0t8YAnOgzgSmNpL5S6A1iyogF6J1vvDsjIpVbWLI0e4Mc7AJiZrFGE3FjUwjqpC6y6LVCmQC4Vuf4dkEtSmRuEXQ/QoqJLRj/4UNMAhTVNfbTcoPTjdQBDbk11yReo/DinO6fUxHtjn072W6TPEPvREX6I72z5Y95zbqkvzB31Ex0+kvQJAX4koiKYHFwSpK4b7iKD1Ew2Fynd1GAafkZE9vkiTMPPq+gUiNTDvUgCOrL/mwij6eUysaoplbkkF46hjQ5ssCWweCIN2R5QarSmdtXSHw05RiU4LS9UH9WUBNso6oOFLYhRNY49oNGn886NUmbvG24nVEMOXw9Ho3ixjtB+v4muYNuF+wjD8TjCcDOeeO/H077Hbudp6n0fx8v5ovve30B9XMa/xqMA0M7uI/w0ms9mcbKOMJons+HytzBZT5JN/GF276cb7zSOp9fA42Tol5Lh+iFCK6KVgF/i6SJeRpgk00kSR5gs1sOfp/HKz37optP5mwiz4Wg5v4ZuFSWvg0/y+vdN7HUl88B4/BU+9xG66E6xLePxZOlNV7DdykOE9XC58Me7mc7f9LEiQslcD169Ot15fU38qhK6FgW5D+YHn3jXL7lSN2uX9+blGnh4rNYzzI4nt6KiR4991arXVM/QrEvp2maEdP6R4K6CZ8MRRJZZcg5SB5MyRR8ThtSZTAWTw74kLsleQHrPYNXErU6kwlpJGYTGZLH7HplgUVhRwVhow/2r8GpLKWWk0y8N71AT5jlWZHcypQhCZ5D8lQ8ptST8k6gO2JLvVEu1Eill2B4wXgXXeJRci7MXd8JnqFqSI7vzRJJdH+uSPBFyJQqH3ujtshfIe/EoiXvYS6X8W7xHU3eZ+LjMFAnHcLLQMpep0Byg21R2Cb4OhGVF316F4t+G4iyn597f/XdvVp/0/URlEixVQmqfm7WsCGuDqdzRdSCNLeovZ9vYgjRjYcLrCOFvcBf+PDVhJULPNKE/tkJnvVDFYCu0y8n2L+A2OjeWGy2Y1MGXuEdDbQ2b1CjIqlZUkWbhtTiIwhJFcOaYLpFKJflwASkdSmEzdQDtyKJxdCOje6kzs//yo1iPFlhSSnJHeBsw4eSf1G/vi0r4loFLhWq7ZSv5wZUyZ58qRfnln5jtAQK6qbZkw+H5ynTHZznrKvr9u7+ORCsP+/7d30GECRIvD3fSXlCl8SXf1LWx7HwDRd7cov2L/raXhHKX3bMNzz9bo47xcCm4f/dPAAAA///CVi2F" + return "eJy0Vl2P4jYUfZ9fcYaXVmqGVauqD/PQikJ2S8sEyoBW6gsyyU1i4dipfQNif31lh7BkmJ1dzah+wdzY55xr3w/fYUfHe7jSWDoIpW4AlqzoHoOzbXADZORSK2uWRt/j1xsAeDBZowi5saiFdVIXeOy2QJkCuVTkhjdALkll7j7suoMWFfUZ/eBjTfcorGnqk+UZSj/eBzDk1lR9vkDlxyXdJaUmPhi7O9ufI32B2I+O8LN/F5+f8l5yS90zd9Q7Oj6R9BUBfiSiIpgcXBKkrhvuPIPUTDYXKT2rwTT8gojs9SJMwy+r6BTkVlS08axXl3At4gUBq1K69rghnY8+7qQ8jMYQWWbJOUgdTMoUQ0wZUmcyFUwOh5K4JNuD9CuDVRO3OpEKayVlEBrTxf5nZIJFYUUFY6END6/cq0W6I96I1Gv+goe7bwy0mlKZS3JBWIsINtgSWOxIQ7b+pkZrar9a+rchx6gEp2UvMFvvbKNoCBa2IEbVOPZgRp9vMTdKmYNP471QDTl8PxqP48UqQvv7Q9SDbI23EUaTSYTRejL1KzfnPZtu13nq124my/mi+719grhZxn/G47C5nd1G+G08f3iIk1WE8Tx5GC3/CpPVNFnHn2e3frr2iybxrA86SUbenIxWdxFa8pYaf8SzRbyMME1m0ySOMF2sRr/P4kc/+6WbzuYfIh9Uy3kftlWSvA/fk/d/r2OvJ5kHttO/8HMbofPq7NMynkyX3tSD7Kx3EVaj5cIf53o2/zDEIxFK5vr+3btz1Rxq4neV0LUoyH023/lLdsOSK3UdnZZSykinb02+Y02Y53gku5cpRRA6g+TvfMKlloTvBOqILflQslQrkVKG7RGTx7A0HifXqWN7AfsKVUtyZPeeSLIbYlWSJ0KuROEwGH9cDgL5IB4n8QAHqZRvQQc0dVcn+GB6iIqEYzhZaJnLVGgO0G22dOXn2hGWFf145YovicVFxblc/dO3r2b11bVfqZsES5WQ2t/NSlaElcFM7unakcYW9dvZ1rYgzViY0BQgfIlx4c3QhC8RBqYJ1XsrdDYINRZshXY52WEPbq1zY7nRgkkdfQH2aKitYZMaBVnViirSLLwWB1FYogjOnK5LpFJJPvYgpUMpbKaOoD1ZNI6eudGD1Jk5vP0oVuMFlpSS3BM+Bkw4+YmGbTerhE8ZuFSoNlu2ku9cKXP2V6Uo7/fu7RECuqm2ZMPh+ch0p56RdRE9ONE8etBBEGCCvP7BTtv6Xxof7k1dG8vOJ0/kzS3SF7S3eSSU62fONvQltkadfOFSPNMuPxl9XYpe8xj7x3ex9vX1jc+xjHzp+n9eQy12iHH/94mXF89RUb2k4A2PwkD5XwAAAP//kCpJIg==" } diff --git a/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json b/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json index 3d03d3b5992..58eade0bd6f 100644 --- a/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json +++ b/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json @@ -5,7 +5,7 @@ "grok": { "field": "message", "patterns": [ - "(%{SYSLOGTIMESTAMP:timestamp}).*(%{WORD:host.hostname}).*kernel:.*\\[(%{INT:shorewall.time1:int}).(%{INT:shorewall.time2:int})\\].*Shorewall:(%{USERNAME:network.name}):(%{WORD:shorewall.action.one}):(%{WORD:shorewall.action.two})=(%{USERNAME:shorewall.network.in}).*OUT=.*MAC=(%{MAC:destination.mac})?:(%{MAC:source.mac})?:(%{NOTSPACE:shorewall.frame_type})?.*SRC=(%{IPV4:source.ip})?.*DST=(%{IPV4:destination.ip})?.*LEN=(%{INT:network.packets:int})?.*TOS=(%{WORD:service.type})?.*PREC=(%{WORD:shorewall.precedence})?.*TTL=(%{INT:shorewall.ttl:int})?.*ID=(%{INT:event.id:int})?.*PROTO=(%{WORD:network.protocol})?.*SPT=(%{INT:source.port:int})?.*DPT=(%{INT:destination.port:int})?.*(WINDOW=(%{NUMBER:shorewall.window:int}))?.*(RES=(%{WORD:shorewall.res})?)?.*(SYN)?.*(URGP=(%{INT:shorewall.urgp:int})?)?" + "(%{SYSLOGTIMESTAMP:timestamp}).*(%{WORD:host.hostname}).*kernel:.*\\[(%{INT:shorewall.time1:int}).(%{INT:shorewall.time2:int})\\].*Shorewall:(%{USERNAME:shorewall.zone.name}):(%{WORD:shorewall.packet_action}):(%{WORD:shorewall.zone.device})=(%{USERNAME:shorewall.network.in}).*OUT=.*MAC=(%{MAC:destination.mac})?:(%{MAC:source.mac})?:(%{NOTSPACE:shorewall.frame_type})?.*SRC=(%{IPV4:source.ip})?.*DST=(%{IPV4:destination.ip})?.*LEN=(%{INT:network.packets:int})?.*TOS=(%{WORD:service.type})?.*PREC=(%{WORD:shorewall.precedence})?.*TTL=(%{INT:shorewall.ttl:int})?.*ID=(%{INT:event.id:int})?.*PROTO=(%{WORD:network.protocol})?.*SPT=(%{INT:source.port:int})?.*DPT=(%{INT:destination.port:int})?.*(WINDOW=(%{NUMBER:shorewall.window:int}))?.*(RES=(%{WORD:shorewall.res})?)?.*(SYN)?.*(URGP=(%{INT:shorewall.urgp:int})?)?" ], "ignore_missing": false } diff --git a/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json b/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json index d9d65c7d488..539735a66ea 100644 --- a/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json +++ b/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json @@ -13,18 +13,18 @@ "input.type": "log", "log.offset": 0, "message": "May 20 06:25:04 myHost kernel: [5665774.433812] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8108 PROTO=TCP SPT=50371 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665774, "shorewall.time2": 433812, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:62:a7:46", "source.port": 50371 @@ -43,18 +43,18 @@ "input.type": "log", "log.offset": 258, "message": "May 20 06:25:07 myHost kernel: [5665777.620517] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=56740 PROTO=UDP SPT=58761 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665777, "shorewall.time2": 620517, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 58761 @@ -73,18 +73,18 @@ "input.type": "log", "log.offset": 502, "message": "May 20 06:25:07 myHost kernel: [5665777.621095] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=411 TOS=0x00 PREC=0x00 TTL=63 ID=1452 PROTO=UDP SPT=58761 DPT=443 LEN=391 ", - "network.name": "wif-net", "network.packets": 411, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665777, "shorewall.time2": 621095, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 58761 @@ -103,18 +103,18 @@ "input.type": "log", "log.offset": 743, "message": "May 20 06:25:10 myHost kernel: [5665780.629574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13568 PROTO=TCP SPT=55651 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665780, "shorewall.time2": 629574, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:3e:72", "source.port": 55651 @@ -133,18 +133,18 @@ "input.type": "log", "log.offset": 1002, "message": "May 20 06:25:14 myHost kernel: [5665784.796963] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3097 DF PROTO=TCP SPT=60391 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 ", - "network.name": "wif-net", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665784, "shorewall.time2": 796963, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60391 @@ -163,18 +163,18 @@ "input.type": "log", "log.offset": 1271, "message": "May 20 06:25:14 myHost kernel: [5665784.807881] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=12465 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665784, "shorewall.time2": 807881, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60525 @@ -193,18 +193,18 @@ "input.type": "log", "log.offset": 1541, "message": "May 20 06:25:15 myHost kernel: [5665785.711972] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9741 PROTO=TCP SPT=46896 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665785, "shorewall.time2": 711972, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:30:1a", "source.port": 46896 @@ -223,18 +223,18 @@ "input.type": "log", "log.offset": 1799, "message": "May 20 06:25:22 myHost kernel: [5665792.533866] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29417 PROTO=TCP SPT=41131 DPT=60561 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665792, "shorewall.time2": 533866, "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 41131 @@ -253,18 +253,18 @@ "input.type": "log", "log.offset": 2067, "message": "May 20 06:25:25 myHost kernel: [5665795.346806] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4615 PROTO=TCP SPT=60423 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665795, "shorewall.time2": 346806, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:c9:bc:f0", "source.port": 60423 @@ -283,18 +283,18 @@ "input.type": "log", "log.offset": 2326, "message": "May 20 06:25:25 myHost kernel: [5665795.391942] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19852 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665795, "shorewall.time2": 391942, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -313,18 +313,18 @@ "input.type": "log", "log.offset": 2564, "message": "May 20 06:25:27 myHost kernel: [5665797.609158] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62477 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 64, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665797, "shorewall.time2": 609158, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 62477 @@ -343,18 +343,18 @@ "input.type": "log", "log.offset": 2829, "message": "May 20 06:25:27 myHost kernel: [5665797.609464] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62478 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 64, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665797, "shorewall.time2": 609464, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 62478 @@ -373,18 +373,18 @@ "input.type": "log", "log.offset": 3094, "message": "May 20 06:25:27 myHost kernel: [5665797.801696] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62479 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 64, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665797, "shorewall.time2": 801696, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 62479 @@ -403,18 +403,18 @@ "input.type": "log", "log.offset": 3359, "message": "May 20 06:25:28 myHost kernel: [5665798.736156] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54649 PROTO=TCP SPT=41131 DPT=61929 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665798, "shorewall.time2": 736156, "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 41131 @@ -433,18 +433,18 @@ "input.type": "log", "log.offset": 3627, "message": "May 20 06:25:29 myHost kernel: [5665799.665870] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=60378 DF PROTO=TCP SPT=61113 DPT=8291 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665799, "shorewall.time2": 665870, "shorewall.ttl": 252, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 61113 @@ -463,18 +463,18 @@ "input.type": "log", "log.offset": 3898, "message": "May 20 06:25:32 myHost kernel: [5665802.156520] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=101 TOS=0x00 PREC=0x00 TTL=116 ID=24468 PROTO=UDP SPT=7718 DPT=18377 LEN=81 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 101, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665802, "shorewall.time2": 156520, "shorewall.ttl": 116, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 7718 @@ -493,18 +493,18 @@ "input.type": "log", "log.offset": 4141, "message": "May 20 06:25:34 myHost kernel: [5665804.111364] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8832 PROTO=TCP SPT=39229 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665804, "shorewall.time2": 111364, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:50:b6:3d", "source.port": 39229 @@ -523,18 +523,18 @@ "input.type": "log", "log.offset": 4400, "message": "May 20 06:25:38 myHost kernel: [5665808.647159] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61638 PROTO=TCP SPT=8080 DPT=33396 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665808, "shorewall.time2": 647159, "shorewall.ttl": 248, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 8080 @@ -553,18 +553,18 @@ "input.type": "log", "log.offset": 4667, "message": "May 20 06:25:40 myHost kernel: [5665810.425471] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28391 DF PROTO=TCP SPT=56642 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665810, "shorewall.time2": 425471, "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 56642 @@ -583,18 +583,18 @@ "input.type": "log", "log.offset": 4938, "message": "May 20 06:25:40 myHost kernel: [5665810.466469] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28398 DF PROTO=TCP SPT=56643 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665810, "shorewall.time2": 466469, "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 56643 @@ -613,18 +613,18 @@ "input.type": "log", "log.offset": 5208, "message": "May 20 06:25:40 myHost kernel: [5665810.492512] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28402 DF PROTO=TCP SPT=56644 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665810, "shorewall.time2": 492512, "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 56644 @@ -643,18 +643,18 @@ "input.type": "log", "log.offset": 5479, "message": "May 20 06:25:40 myHost kernel: [5665810.517875] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28409 DF PROTO=TCP SPT=56645 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665810, "shorewall.time2": 517875, "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 56645 @@ -673,18 +673,18 @@ "input.type": "log", "log.offset": 5749, "message": "May 20 06:25:41 myHost kernel: [5665811.550988] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8119 PROTO=TCP SPT=50372 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665811, "shorewall.time2": 550988, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:62:a7:46", "source.port": 50372 @@ -703,18 +703,18 @@ "input.type": "log", "log.offset": 6007, "message": "May 20 06:25:42 myHost kernel: [5665812.814869] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15595 DF PROTO=UDP SPT=58973 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665812, "shorewall.time2": 814869, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 58973 @@ -733,18 +733,18 @@ "input.type": "log", "log.offset": 6255, "message": "May 20 06:25:42 myHost kernel: [5665812.814907] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15596 DF PROTO=UDP SPT=58973 DPT=443 LEN=366 ", - "network.name": "wif-net", "network.packets": 386, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665812, "shorewall.time2": 814907, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 58973 @@ -763,18 +763,18 @@ "input.type": "log", "log.offset": 6501, "message": "May 20 06:25:43 myHost kernel: [5665813.094960] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=2832 PROTO=TCP SPT=41131 DPT=58772 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665813, "shorewall.time2": 94960, "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 41131 @@ -793,18 +793,18 @@ "input.type": "log", "log.offset": 6768, "message": "May 20 06:25:48 myHost kernel: [5665818.708387] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13578 PROTO=TCP SPT=35540 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665818, "shorewall.time2": 708387, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:3e:72", "source.port": 35540 @@ -823,18 +823,18 @@ "input.type": "log", "log.offset": 7027, "message": "May 20 06:25:53 myHost kernel: [5665823.838331] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:ac:cc:8e:59:43:c4:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=170 DF PROTO=UDP SPT=37876 DPT=123 LEN=56 ", - "network.name": "wif-net", "network.packets": 76, "network.protocol": "UDP", "service.type": "0x10", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665823, "shorewall.time2": 838331, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "ac:cc:8e:59:43:c4", "source.port": 37876 @@ -853,18 +853,18 @@ "input.type": "log", "log.offset": 7268, "message": "May 20 06:25:55 myHost kernel: [5665825.551009] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19854 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665825, "shorewall.time2": 551009, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -883,18 +883,18 @@ "input.type": "log", "log.offset": 7506, "message": "May 20 06:25:55 myHost kernel: [5665825.808201] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9751 PROTO=TCP SPT=46897 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665825, "shorewall.time2": 808201, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:30:1a", "source.port": 46897 @@ -913,18 +913,18 @@ "input.type": "log", "log.offset": 7764, "message": "May 20 06:25:59 myHost kernel: [5665829.270149] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=63893 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK PSH URGP=0 ", - "network.name": "wif-net", "network.packets": 83, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665829, "shorewall.time2": 270149, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f8:32:e4:e3:ae:c5", "source.port": 48338 @@ -943,18 +943,18 @@ "input.type": "log", "log.offset": 8036, "message": "May 20 06:25:59 myHost kernel: [5665829.275316] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=63894 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK FIN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665829, "shorewall.time2": 275316, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f8:32:e4:e3:ae:c5", "source.port": 48338 @@ -973,18 +973,18 @@ "input.type": "log", "log.offset": 8308, "message": "May 20 06:25:59 myHost kernel: [5665829.282743] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48586 DF PROTO=TCP SPT=59914 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665829, "shorewall.time2": 282743, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f8:32:e4:e3:ae:c5", "source.port": 59914 @@ -1003,18 +1003,18 @@ "input.type": "log", "log.offset": 8577, "message": "May 20 06:26:03 myHost kernel: [5665833.634545] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4628 PROTO=TCP SPT=60424 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665833, "shorewall.time2": 634545, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:c9:bc:f0", "source.port": 60424 @@ -1033,18 +1033,18 @@ "input.type": "log", "log.offset": 8836, "message": "May 20 06:26:06 myHost kernel: [5665836.622479] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43325 PROTO=TCP SPT=8080 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665836, "shorewall.time2": 622479, "shorewall.ttl": 248, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 8080 @@ -1063,18 +1063,18 @@ "input.type": "log", "log.offset": 9102, "message": "May 20 06:26:07 myHost kernel: [5665837.859827] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=36238 PROTO=UDP SPT=61330 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665837, "shorewall.time2": 859827, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 61330 @@ -1093,18 +1093,18 @@ "input.type": "log", "log.offset": 9346, "message": "May 20 06:26:07 myHost kernel: [5665837.860199] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=442 TOS=0x00 PREC=0x00 TTL=63 ID=22277 PROTO=UDP SPT=61330 DPT=443 LEN=422 ", - "network.name": "wif-net", "network.packets": 442, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665837, "shorewall.time2": 860199, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 61330 @@ -1123,18 +1123,18 @@ "input.type": "log", "log.offset": 9588, "message": "May 20 06:26:07 myHost kernel: [5665837.860223] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=150 TOS=0x00 PREC=0x00 TTL=63 ID=8101 PROTO=UDP SPT=61330 DPT=443 LEN=130 ", - "network.name": "wif-net", "network.packets": 150, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665837, "shorewall.time2": 860223, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 61330 @@ -1153,18 +1153,18 @@ "input.type": "log", "log.offset": 9829, "message": "May 20 06:26:09 myHost kernel: [5665839.818545] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7051 DF PROTO=TCP SPT=60526 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665839, "shorewall.time2": 818545, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60526 @@ -1183,18 +1183,18 @@ "input.type": "log", "log.offset": 10098, "message": "May 20 06:26:12 myHost kernel: [5665842.372077] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8844 PROTO=TCP SPT=39230 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665842, "shorewall.time2": 372077, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:50:b6:3d", "source.port": 39230 @@ -1213,18 +1213,18 @@ "input.type": "log", "log.offset": 10357, "message": "May 20 06:26:13 myHost kernel: [5665843.902992] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=32586 DF PROTO=UDP SPT=64806 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665843, "shorewall.time2": 902992, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 64806 @@ -1243,18 +1243,18 @@ "input.type": "log", "log.offset": 10605, "message": "May 20 06:26:17 myHost kernel: [5665847.730485] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8129 PROTO=TCP SPT=50373 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665847, "shorewall.time2": 730485, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:62:a7:46", "source.port": 50373 @@ -1273,18 +1273,18 @@ "input.type": "log", "log.offset": 10863, "message": "May 20 06:26:22 myHost kernel: [5665852.790852] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13588 PROTO=TCP SPT=35541 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665852, "shorewall.time2": 790852, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:3e:72", "source.port": 35541 @@ -1303,18 +1303,18 @@ "input.type": "log", "log.offset": 11122, "message": "May 20 06:26:25 myHost kernel: [5665855.713411] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19856 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665855, "shorewall.time2": 713411, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -1333,18 +1333,18 @@ "input.type": "log", "log.offset": 11360, "message": "May 20 06:26:30 myHost kernel: [5665860.305453] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31944 PROTO=TCP SPT=48293 DPT=49495 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665860, "shorewall.time2": 305453, "shorewall.ttl": 246, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 48293 @@ -1363,18 +1363,18 @@ "input.type": "log", "log.offset": 11628, "message": "May 20 06:26:30 myHost kernel: [5665860.904274] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9761 PROTO=TCP SPT=60773 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665860, "shorewall.time2": 904274, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:30:1a", "source.port": 60773 @@ -1393,18 +1393,18 @@ "input.type": "log", "log.offset": 11886, "message": "May 20 06:26:38 myHost kernel: [5665868.905177] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4641 PROTO=TCP SPT=60425 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665868, "shorewall.time2": 905177, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:c9:bc:f0", "source.port": 60425 @@ -1423,18 +1423,18 @@ "input.type": "log", "log.offset": 12145, "message": "May 20 06:26:44 myHost kernel: [5665874.640128] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8856 PROTO=TCP SPT=39231 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665874, "shorewall.time2": 640128, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:50:b6:3d", "source.port": 39231 @@ -1453,18 +1453,18 @@ "input.type": "log", "log.offset": 12404, "message": "May 20 06:26:50 myHost kernel: [5665880.272050] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:c4:9f:4c:e8:ca:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1224 DF PROTO=TCP SPT=38769 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665880, "shorewall.time2": 272050, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "c4:9f:4c:e8:ca:1a", "source.port": 38769 @@ -1483,18 +1483,18 @@ "input.type": "log", "log.offset": 12672, "message": "May 20 06:26:50 myHost kernel: [5665880.916295] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31010 PROTO=TCP SPT=41131 DPT=59830 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665880, "shorewall.time2": 916295, "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 41131 @@ -1513,18 +1513,18 @@ "input.type": "log", "log.offset": 12940, "message": "May 20 06:26:52 myHost kernel: [5665882.101246] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8140 PROTO=TCP SPT=50374 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665882, "shorewall.time2": 101246, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:62:a7:46", "source.port": 50374 @@ -1543,18 +1543,18 @@ "input.type": "log", "log.offset": 13198, "message": "May 20 06:26:55 myHost kernel: [5665885.867369] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19858 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665885, "shorewall.time2": 867369, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -1573,18 +1573,18 @@ "input.type": "log", "log.offset": 13436, "message": "May 20 06:26:56 myHost kernel: [5665886.872870] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13598 PROTO=TCP SPT=35542 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665886, "shorewall.time2": 872870, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:3e:72", "source.port": 35542 @@ -1603,18 +1603,18 @@ "input.type": "log", "log.offset": 13695, "message": "May 20 06:26:58 myHost kernel: [5665888.837986] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34778 PROTO=TCP SPT=49514 DPT=3291 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665888, "shorewall.time2": 837986, "shorewall.ttl": 249, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 49514 @@ -1633,18 +1633,18 @@ "input.type": "log", "log.offset": 13962, "message": "May 20 06:26:59 myHost kernel: [5665889.708842] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:94:0e:6b:6f:4d:5b:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60038 DF PROTO=TCP SPT=57121 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665889, "shorewall.time2": 708842, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "94:0e:6b:6f:4d:5b", "source.port": 57121 @@ -1663,18 +1663,18 @@ "input.type": "log", "log.offset": 14230, "message": "May 20 06:27:00 myHost kernel: [5665890.633270] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=44244 PROTO=TCP SPT=48293 DPT=46462 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665890, "shorewall.time2": 633270, "shorewall.ttl": 246, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 48293 @@ -1693,18 +1693,18 @@ "input.type": "log", "log.offset": 14498, "message": "May 20 06:27:04 myHost kernel: [5665895.011208] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9771 PROTO=TCP SPT=60774 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665895, "shorewall.time2": 11208, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:30:1a", "source.port": 60774 @@ -1723,18 +1723,18 @@ "input.type": "log", "log.offset": 14756, "message": "May 20 06:27:05 myHost kernel: [5665895.443186] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62480 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 64, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665895, "shorewall.time2": 443186, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 62480 @@ -1753,18 +1753,18 @@ "input.type": "log", "log.offset": 15021, "message": "May 20 06:27:07 myHost kernel: [5665897.853344] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=2997 DF PROTO=UDP SPT=61074 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665897, "shorewall.time2": 853344, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 61074 @@ -1783,18 +1783,18 @@ "input.type": "log", "log.offset": 15268, "message": "May 20 06:27:07 myHost kernel: [5665897.853903] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=533 TOS=0x00 PREC=0x00 TTL=127 ID=2998 DF PROTO=UDP SPT=61074 DPT=443 LEN=513 ", - "network.name": "wif-net", "network.packets": 533, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665897, "shorewall.time2": 853903, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 61074 @@ -1813,18 +1813,18 @@ "input.type": "log", "log.offset": 15513, "message": "May 20 06:27:07 myHost kernel: [5665897.853924] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=177 TOS=0x00 PREC=0x00 TTL=127 ID=2999 DF PROTO=UDP SPT=61074 DPT=443 LEN=157 ", - "network.name": "wif-net", "network.packets": 177, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665897, "shorewall.time2": 853924, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 61074 @@ -1843,18 +1843,18 @@ "input.type": "log", "log.offset": 15758, "message": "May 20 06:27:08 myHost kernel: [5665898.619970] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=42012 PROTO=UDP SPT=54438 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665898, "shorewall.time2": 619970, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 54438 @@ -1873,18 +1873,18 @@ "input.type": "log", "log.offset": 16002, "message": "May 20 06:27:08 myHost kernel: [5665898.620495] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=412 TOS=0x00 PREC=0x00 TTL=63 ID=25900 PROTO=UDP SPT=54438 DPT=443 LEN=392 ", - "network.name": "wif-net", "network.packets": 412, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665898, "shorewall.time2": 620495, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 54438 @@ -1903,18 +1903,18 @@ "input.type": "log", "log.offset": 16244, "message": "May 20 06:27:13 myHost kernel: [5665903.167952] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4654 PROTO=TCP SPT=60426 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665903, "shorewall.time2": 167952, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:c9:bc:f0", "source.port": 60426 @@ -1933,18 +1933,18 @@ "input.type": "log", "log.offset": 16503, "message": "May 20 06:27:15 myHost kernel: [5665905.929948] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:ac:cc:8e:59:43:c4:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=54364 DF PROTO=UDP SPT=45541 DPT=123 LEN=56 ", - "network.name": "wif-net", "network.packets": 76, "network.protocol": "UDP", "service.type": "0x10", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665905, "shorewall.time2": 929948, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "ac:cc:8e:59:43:c4", "source.port": 45541 @@ -1963,18 +1963,18 @@ "input.type": "log", "log.offset": 16746, "message": "May 20 06:27:16 myHost kernel: [5665906.191334] Shorewall:net_dnat:DNAT:IN=eth3 OUT= MAC=68:05:ca:08:4a:a2:34:b3:54:dd:cd:92:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=100 ID=14934 PROTO=TCP SPT=46284 DPT=80 WINDOW=62920 RES=0x00 SYN URGP=0 MARK=0x2 ", - "network.name": "net_dnat", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth3", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665906, "shorewall.time2": 191334, "shorewall.ttl": 100, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "34:b3:54:dd:cd:92", "source.port": 46284 @@ -1993,18 +1993,18 @@ "input.type": "log", "log.offset": 17014, "message": "May 20 06:27:19 myHost kernel: [5665909.755990] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f8:95:c7:c2:49:5f:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38606 DF PROTO=TCP SPT=38240 DPT=443 WINDOW=431 RES=0x00 ACK RST URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665909, "shorewall.time2": 755990, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f8:95:c7:c2:49:5f", "source.port": 38240 @@ -2023,18 +2023,18 @@ "input.type": "log", "log.offset": 17285, "message": "May 20 06:27:19 myHost kernel: [5665909.911069] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8868 PROTO=TCP SPT=39232 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665909, "shorewall.time2": 911069, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:50:b6:3d", "source.port": 39232 @@ -2053,18 +2053,18 @@ "input.type": "log", "log.offset": 17544, "message": "May 20 06:27:21 myHost kernel: [5665911.686689] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=47360 PROTO=UDP SPT=59192 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665911, "shorewall.time2": 686689, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 59192 @@ -2083,18 +2083,18 @@ "input.type": "log", "log.offset": 17788, "message": "May 20 06:27:21 myHost kernel: [5665911.687076] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=446 TOS=0x00 PREC=0x00 TTL=63 ID=30044 PROTO=UDP SPT=59192 DPT=443 LEN=426 ", - "network.name": "wif-net", "network.packets": 446, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665911, "shorewall.time2": 687076, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 59192 @@ -2113,18 +2113,18 @@ "input.type": "log", "log.offset": 18030, "message": "May 20 06:27:21 myHost kernel: [5665911.806450] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=26478 PROTO=UDP SPT=123 DPT=123 LEN=56 ", - "network.name": "wif-net", "network.packets": 76, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665911, "shorewall.time2": 806450, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 123 @@ -2143,18 +2143,18 @@ "input.type": "log", "log.offset": 18268, "message": "May 20 06:27:21 myHost kernel: [5665911.840839] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=60981 PROTO=UDP SPT=123 DPT=123 LEN=56 ", - "network.name": "wif-net", "network.packets": 76, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665911, "shorewall.time2": 840839, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 123 @@ -2173,18 +2173,18 @@ "input.type": "log", "log.offset": 18506, "message": "May 20 06:27:21 myHost kernel: [5665911.881137] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=44073 PROTO=UDP SPT=123 DPT=123 LEN=56 ", - "network.name": "wif-net", "network.packets": 76, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665911, "shorewall.time2": 881137, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 123 @@ -2203,18 +2203,18 @@ "input.type": "log", "log.offset": 18744, "message": "May 20 06:27:25 myHost kernel: [5665916.048593] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19860 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665916, "shorewall.time2": 48593, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -2233,18 +2233,18 @@ "input.type": "log", "log.offset": 18982, "message": "May 20 06:27:27 myHost kernel: [5665917.377574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8150 PROTO=TCP SPT=50375 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665917, "shorewall.time2": 377574, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:62:a7:46", "source.port": 50375 @@ -2263,18 +2263,18 @@ "input.type": "log", "log.offset": 19240, "message": "May 20 06:27:27 myHost kernel: [5665917.611542] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62481 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 64, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665917, "shorewall.time2": 611542, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 62481 @@ -2293,18 +2293,18 @@ "input.type": "log", "log.offset": 19505, "message": "May 20 06:27:28 myHost kernel: [5665918.663884] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6888 DF PROTO=TCP SPT=60527 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665918, "shorewall.time2": 663884, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60527 @@ -2323,18 +2323,18 @@ "input.type": "log", "log.offset": 19774, "message": "May 20 06:27:36 myHost kernel: [5665926.954899] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13608 PROTO=TCP SPT=35543 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665926, "shorewall.time2": 954899, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:3e:72", "source.port": 35543 @@ -2353,18 +2353,18 @@ "input.type": "log", "log.offset": 20033, "message": "May 20 06:27:41 myHost kernel: [5665931.409341] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7064 DF PROTO=TCP SPT=60528 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665931, "shorewall.time2": 409341, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60528 @@ -2383,18 +2383,18 @@ "input.type": "log", "log.offset": 20302, "message": "May 20 06:27:43 myHost kernel: [5665933.108273] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9781 PROTO=TCP SPT=60775 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665933, "shorewall.time2": 108273, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "44:d9:e7:68:30:1a", "source.port": 60775 @@ -2413,18 +2413,18 @@ "input.type": "log", "log.offset": 20560, "message": "May 20 06:27:43 myHost kernel: [5665933.843105] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15608 DF PROTO=UDP SPT=49618 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665933, "shorewall.time2": 843105, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 49618 @@ -2443,18 +2443,18 @@ "input.type": "log", "log.offset": 20808, "message": "May 20 06:27:43 myHost kernel: [5665933.843134] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15609 DF PROTO=UDP SPT=49618 DPT=443 LEN=366 ", - "network.name": "wif-net", "network.packets": 386, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665933, "shorewall.time2": 843134, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 49618 @@ -2473,18 +2473,18 @@ "input.type": "log", "log.offset": 21054, "message": "May 20 06:27:50 myHost kernel: [5665940.288037] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=41776 PROTO=UDP SPT=63129 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665940, "shorewall.time2": 288037, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 63129 @@ -2503,18 +2503,18 @@ "input.type": "log", "log.offset": 21298, "message": "May 20 06:27:50 myHost kernel: [5665940.391265] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=33504 PROTO=UDP SPT=58864 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665940, "shorewall.time2": 391265, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 58864 @@ -2533,18 +2533,18 @@ "input.type": "log", "log.offset": 21542, "message": "May 20 06:27:50 myHost kernel: [5665940.421000] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=24133 PROTO=UDP SPT=58864 DPT=443 LEN=1358 ", - "network.name": "wif-net", "network.packets": 1378, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665940, "shorewall.time2": 421000, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "f4:0f:24:2f:71:df", "source.port": 58864 @@ -2563,18 +2563,18 @@ "input.type": "log", "log.offset": 21786, "message": "May 20 06:27:50 myHost kernel: [5665940.444005] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4667 PROTO=TCP SPT=60427 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665940, "shorewall.time2": 444005, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:c9:bc:f0", "source.port": 60427 @@ -2593,18 +2593,18 @@ "input.type": "log", "log.offset": 22045, "message": "May 20 06:27:53 myHost kernel: [5665943.272863] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=17727 DF PROTO=TCP SPT=1991 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665943, "shorewall.time2": 272863, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 1991 @@ -2623,18 +2623,18 @@ "input.type": "log", "log.offset": 22322, "message": "May 20 06:27:53 myHost kernel: [5665943.643038] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=27195 DF PROTO=TCP SPT=711 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665943, "shorewall.time2": 643038, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 711 @@ -2653,18 +2653,18 @@ "input.type": "log", "log.offset": 22598, "message": "May 20 06:27:53 myHost kernel: [5665943.787828] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=19622 DF PROTO=TCP SPT=1372 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665943, "shorewall.time2": 787828, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 1372 @@ -2683,18 +2683,18 @@ "input.type": "log", "log.offset": 22875, "message": "May 20 06:27:54 myHost kernel: [5665944.317910] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=12474 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 ", - "network.name": "wif-net", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665944, "shorewall.time2": 317910, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60525 @@ -2713,18 +2713,18 @@ "input.type": "log", "log.offset": 23145, "message": "May 20 06:27:54 myHost kernel: [5665944.345621] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=3098 DF PROTO=TCP SPT=60529 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665944, "shorewall.time2": 345621, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60529 @@ -2743,18 +2743,18 @@ "input.type": "log", "log.offset": 23414, "message": "May 20 06:27:55 myHost kernel: [5665945.223595] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:c4:9f:4c:e8:c9:bc:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37429 DF PROTO=TCP SPT=45640 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665945, "shorewall.time2": 223595, "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "c4:9f:4c:e8:c9:bc", "source.port": 45640 @@ -2773,18 +2773,18 @@ "input.type": "log", "log.offset": 23683, "message": "May 20 06:27:56 myHost kernel: [5665946.204223] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19862 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", - "network.name": "lan-fw", "network.packets": 345, "network.protocol": "UDP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665946, "shorewall.time2": 204223, "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.44", "source.mac": "ec:22:80:c0:b6:40", "source.port": 62976 @@ -2803,18 +2803,18 @@ "input.type": "log", "log.offset": 23921, "message": "May 20 06:27:56 myHost kernel: [5665946.518251] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=23222 DF PROTO=TCP SPT=2017 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665946, "shorewall.time2": 518251, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 2017 @@ -2833,18 +2833,18 @@ "input.type": "log", "log.offset": 24198, "message": "May 20 06:27:57 myHost kernel: [5665947.744034] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=25280 DF PROTO=TCP SPT=803 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665947, "shorewall.time2": 744034, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 803 @@ -2863,18 +2863,18 @@ "input.type": "log", "log.offset": 24474, "message": "May 20 06:27:57 myHost kernel: [5665948.054796] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=1220 DF PROTO=TCP SPT=2264 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665948, "shorewall.time2": 54796, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 2264 @@ -2893,18 +2893,18 @@ "input.type": "log", "log.offset": 24750, "message": "May 20 06:27:58 myHost kernel: [5665949.033645] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=8559 DF PROTO=TCP SPT=2111 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", - "network.name": "net_dnat", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x02", - "shorewall.action.one": "DNAT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", "shorewall.precedence": "0x00", "shorewall.time1": 5665949, "shorewall.time2": 33645, "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 2111 @@ -2923,18 +2923,18 @@ "input.type": "log", "log.offset": 25026, "message": "May 20 06:27:59 myHost kernel: [5665949.184901] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8880 PROTO=TCP SPT=39233 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", - "network.name": "lan-fw", "network.packets": 60, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665949, "shorewall.time2": 184901, "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", "source.ip": "1.2.3.4", "source.mac": "80:2a:a8:50:b6:3d", "source.port": 39233 @@ -2953,18 +2953,18 @@ "input.type": "log", "log.offset": 25285, "message": "May 20 06:28:02 myHost kernel: [5665952.767539] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=22426 DF PROTO=TCP SPT=60530 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", - "network.name": "wif-net", "network.packets": 52, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "ACCEPT", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", "shorewall.precedence": "0x00", "shorewall.time1": 5665952, "shorewall.time2": 767539, "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", "source.ip": "1.2.3.4", "source.mac": "e4:b3:18:44:92:1a", "source.port": 60530 @@ -2983,18 +2983,18 @@ "input.type": "log", "log.offset": 25555, "message": "May 20 06:28:06 myHost kernel: [5665956.741703] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40105 PROTO=TCP SPT=43212 DPT=1081 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", - "network.name": "net-fw", "network.packets": 40, "network.protocol": "TCP", "service.type": "0x00", - "shorewall.action.one": "DROP", - "shorewall.action.two": "IN", "shorewall.frame_type": "08:00", "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", "shorewall.precedence": "0x00", "shorewall.time1": 5665956, "shorewall.time2": 741703, "shorewall.ttl": 244, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", "source.ip": "1.2.3.4", "source.mac": "28:c0:da:b7:eb:3e", "source.port": 43212