diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 472d9817b349..6540c34f72ee 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -46,6 +46,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -12484,6 +12485,148 @@ type: keyword Hash of process executable. +-- + +[[exported-fields-shorewall]] +== shorewall fields + +Module for parsing Shorewall log files. + + + +[float] +== shorewall fields + +Fields from Shorewall logs. + + + +[float] +== network fields + +Shorewal log files + + + +*`shorewall.network.in`*:: ++ +-- +type: keywork + +Name of the input network interface + + +-- + +*`shorewall.network.out`*:: ++ +-- +type: keyword + +Name of the output network interface + + +-- + +[float] +== action fields + +Shorewal network log files + + + +*`shorewall.action.one`*:: ++ +-- +type: keywork + +Specifies the action to be taken if the connection request matches the rule. target must be one of the following values (ACCEPT, ACCEPT+, ACCEPT!, ADD, AUDIT, A_ACCEPT, A_ACCEPT+, A_ACCEPT!, A_DROP, A_DROP!, A_REJECT, A_REJECT!, ?COMMENT, CONMARK, CONTINUE, CONTINUE!, COUNT, DEL, DNAT, DNAT-, DROP, DROP!, HELPER, INLINE, IPTABLES, IP6TABLES, LOG, MACRO, MARK, NFLOG, NFQUEUE, NONAT, QUEUE, QUEUE!, REJECT, REJECT!, REDIRECT, REDIRECT-, TARPIT, ULOG. See http://shorewall.net/manpages/shorewall-rules.html + + +-- + +*`shorewall.action.two`*:: ++ +-- +type: keyword + +Action two + + +-- + +*`shorewall.frame_type`*:: ++ +-- +type: keyword + +This field is part of the MAC address in the log. It indicates whether the ethernet frame carried an IPv4 datagram or not. + + +-- + +*`shorewall.precedence`*:: ++ +-- +type: keyword + +Type Of Service, and it's increasingly being replaced by DS and ECN. + + +-- + +*`shorewall.res`*:: ++ +-- +type: keyword + +Reserved bits. The ECN flags "CWR" and "ECNE" will show up in the two least significant bits of this field. + + +-- + +*`shorewall.time1`*:: ++ +-- +type: integer + +-- + +*`shorewall.time2`*:: ++ +-- +type: integer + +-- + +*`shorewall.ttl`*:: ++ +-- +type: integer + +The remaining Time To Live. + + +-- + +*`shorewall.urgp`*:: ++ +-- +type: integer + +The Urgent Pointer allows for urgent, "out of band" data transfer. Unfortunately not all protocol implementations agree, so this facility is hardly ever used. + + +-- + +*`shorewall.window`*:: ++ +-- +type: integer + +The TCP Receive Window size. This may be scaled by bit-shifting left by a number of bits specified in the "Window Scale" TCP option. If the host supports ECN, then the TCP Receive Window size will also be controlled by that. + + -- [[exported-fields-suricata]] diff --git a/filebeat/docs/modules/shorewall.asciidoc b/filebeat/docs/modules/shorewall.asciidoc new file mode 100644 index 000000000000..163ec3e3a9a2 --- /dev/null +++ b/filebeat/docs/modules/shorewall.asciidoc @@ -0,0 +1,60 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-shorewall]] +:modulename: shorewall +:has-dashboards: true + +== shorewall module + +This is the shorewall module. + +include::../include/what-happens.asciidoc[] + +[float] +=== Compatibility + +TODO: document with what versions of the software is this tested + + +include::../include/running-modules.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +TODO: include an image of a sample dashboard. If you do not include a dashboard, +remove this section and set `:has-dashboards: false` at the top of this file. + +include::../include/configuring-intro.asciidoc[] + +TODO: provide an example configuration + +:fileset_ex: {fileset} + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `{fileset}` log fileset settings + +include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 461df2631f91..27dc8ef5ca6e 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -27,6 +27,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> * <> * <> @@ -60,6 +61,7 @@ include::modules/postgresql.asciidoc[] include::modules/rabbitmq.asciidoc[] include::modules/redis.asciidoc[] include::modules/santa.asciidoc[] +include::modules/shorewall.asciidoc[] include::modules/suricata.asciidoc[] include::modules/system.asciidoc[] include::modules/traefik.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 8b33b9351ecc..00fc6b730277 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -470,6 +470,16 @@ filebeat.modules: # Filebeat will choose the the default path. #var.paths: +#------------------------------ Shorewall Module ------------------------------ +- module: shorewall + # All logs + {fileset}: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: + #------------------------------- Suricata Module ------------------------------- - module: suricata # All logs diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index 3265bfe6f8f7..cece7758d95c 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -16,6 +16,7 @@ import ( _ "github.com/elastic/beats/x-pack/filebeat/module/netflow" _ "github.com/elastic/beats/x-pack/filebeat/module/palo_alto" _ "github.com/elastic/beats/x-pack/filebeat/module/rabbitmq" + _ "github.com/elastic/beats/x-pack/filebeat/module/shorewall" _ "github.com/elastic/beats/x-pack/filebeat/module/suricata" _ "github.com/elastic/beats/x-pack/filebeat/module/zeek" ) diff --git a/x-pack/filebeat/module/shorewall/_meta/config.yml b/x-pack/filebeat/module/shorewall/_meta/config.yml new file mode 100644 index 000000000000..459cc89f2ae9 --- /dev/null +++ b/x-pack/filebeat/module/shorewall/_meta/config.yml @@ -0,0 +1,8 @@ +- module: shorewall + # All logs + {fileset}: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: diff --git a/x-pack/filebeat/module/shorewall/_meta/docs.asciidoc b/x-pack/filebeat/module/shorewall/_meta/docs.asciidoc new file mode 100644 index 000000000000..d4109d11ada5 --- /dev/null +++ b/x-pack/filebeat/module/shorewall/_meta/docs.asciidoc @@ -0,0 +1,47 @@ +:modulename: shorewall +:has-dashboards: true + +== shorewall module + +This is the shorewall module. + +include::../include/what-happens.asciidoc[] + +[float] +=== Compatibility + +TODO: document with what versions of the software is this tested + + +include::../include/running-modules.asciidoc[] + +[float] +=== Example dashboard + +This module comes with a sample dashboard. For example: + +TODO: include an image of a sample dashboard. If you do not include a dashboard, +remove this section and set `:has-dashboards: false` at the top of this file. + +include::../include/configuring-intro.asciidoc[] + +TODO: provide an example configuration + +:fileset_ex: {fileset} + +include::../include/config-option-intro.asciidoc[] + +TODO: document the variables from each fileset. If you're describing a variable +that's common to other modules, you can reuse shared descriptions by including +the relevant file. For example: + +[float] +==== `{fileset}` log fileset settings + +include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/x-pack/filebeat/module/shorewall/_meta/fields.yml b/x-pack/filebeat/module/shorewall/_meta/fields.yml new file mode 100644 index 000000000000..bea78feba2e8 --- /dev/null +++ b/x-pack/filebeat/module/shorewall/_meta/fields.yml @@ -0,0 +1,81 @@ +- key: shorewall + title: "shorewall" + description: > + Module for parsing Shorewall log files. + fields: + - name: shorewall + type: group + description: > + Fields from Shorewall logs. + fields: + - name: network + type: group + description: > + Shorewal log files + fields: + - name: in + type: keywork + description: > + Name of the input network interface + - name: out + type: keyword + description: > + Name of the output network interface + - name: frame_type + type: keyword + description: > + This field is part of the MAC address in the log. It indicates whether + the ethernet frame carried an IPv4 datagram or not. + - name: packet_action + type: keywork + description: > + Specifies the action to be taken if the connection request matches + the rule. target must be one of the following values (ACCEPT, ACCEPT+, + ACCEPT!, ADD, AUDIT, A_ACCEPT, A_ACCEPT+, A_ACCEPT!, A_DROP, A_DROP!, + A_REJECT, A_REJECT!, ?COMMENT, CONMARK, CONTINUE, CONTINUE!, COUNT, DEL, + DNAT, DNAT-, DROP, DROP!, HELPER, INLINE, IPTABLES, IP6TABLES, LOG, MACRO, + MARK, NFLOG, NFQUEUE, NONAT, QUEUE, QUEUE!, REJECT, REJECT!, REDIRECT, + REDIRECT-, TARPIT, ULOG. See http://shorewall.net/manpages/shorewall-rules.html + - name: precedence + type: keyword + description: > + Type Of Service, and it's increasingly being replaced by DS and ECN. + - name: res + type: keyword + description: > + Reserved bits. The ECN flags "CWR" and "ECNE" will show up in the two + least significant bits of this field. + - name: time1 + type: integer + - name: time2 + type: integer + - name: ttl + type: integer + description: > + The remaining Time To Live. + - name: urgp + type: integer + description: > + The Urgent Pointer allows for urgent, "out of band" data transfer. + Unfortunately not all protocol implementations agree, so this facility + is hardly ever used. + - name: window + type: integer + description: > + The TCP Receive Window size. This may be scaled by bit-shifting left + by a number of bits specified in the "Window Scale" TCP option. + If the host supports ECN, then the TCP Receive Window size will also + be controlled by that. + - name: zone + type: group + description: > + Shorewal Zone fields + fields: + - name: device + type: keyword + description: > + Name of the device for the zone + - name: name + type: keywork + description: > + Name of the zone \ No newline at end of file diff --git a/x-pack/filebeat/module/shorewall/fields.go b/x-pack/filebeat/module/shorewall/fields.go new file mode 100644 index 000000000000..23b926940dde --- /dev/null +++ b/x-pack/filebeat/module/shorewall/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package shorewall + +import ( + "github.com/elastic/beats/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "shorewall", asset.ModuleFieldsPri, AssetShorewall); err != nil { + panic(err) + } +} + +// AssetShorewall returns asset data. +// This is the base64 encoded gzipped contents of module/shorewall. +func AssetShorewall() string { + return "eJy0Vl2P4jYUfZ9fcYaXVmqGVauqD/PQikJ2S8sEyoBW6gsyyU1i4dipfQNif31lh7BkmJ1dzah+wdzY55xr3w/fYUfHe7jSWDoIpW4AlqzoHoOzbXADZORSK2uWRt/j1xsAeDBZowi5saiFdVIXeOy2QJkCuVTkhjdALkll7j7suoMWFfUZ/eBjTfcorGnqk+UZSj/eBzDk1lR9vkDlxyXdJaUmPhi7O9ufI32B2I+O8LN/F5+f8l5yS90zd9Q7Oj6R9BUBfiSiIpgcXBKkrhvuPIPUTDYXKT2rwTT8gojs9SJMwy+r6BTkVlS08axXl3At4gUBq1K69rghnY8+7qQ8jMYQWWbJOUgdTMoUQ0wZUmcyFUwOh5K4JNuD9CuDVRO3OpEKayVlEBrTxf5nZIJFYUUFY6END6/cq0W6I96I1Gv+goe7bwy0mlKZS3JBWIsINtgSWOxIQ7b+pkZrar9a+rchx6gEp2UvMFvvbKNoCBa2IEbVOPZgRp9vMTdKmYNP471QDTl8PxqP48UqQvv7Q9SDbI23EUaTSYTRejL1KzfnPZtu13nq124my/mi+719grhZxn/G47C5nd1G+G08f3iIk1WE8Tx5GC3/CpPVNFnHn2e3frr2iybxrA86SUbenIxWdxFa8pYaf8SzRbyMME1m0ySOMF2sRr/P4kc/+6WbzuYfIh9Uy3kftlWSvA/fk/d/r2OvJ5kHttO/8HMbofPq7NMynkyX3tSD7Kx3EVaj5cIf53o2/zDEIxFK5vr+3btz1Rxq4neV0LUoyH023/lLdsOSK3UdnZZSykinb02+Y02Y53gku5cpRRA6g+TvfMKlloTvBOqILflQslQrkVKG7RGTx7A0HifXqWN7AfsKVUtyZPeeSLIbYlWSJ0KuROEwGH9cDgL5IB4n8QAHqZRvQQc0dVcn+GB6iIqEYzhZaJnLVGgO0G22dOXn2hGWFf145YovicVFxblc/dO3r2b11bVfqZsES5WQ2t/NSlaElcFM7unakcYW9dvZ1rYgzViY0BQgfIlx4c3QhC8RBqYJ1XsrdDYINRZshXY52WEPbq1zY7nRgkkdfQH2aKitYZMaBVnViirSLLwWB1FYogjOnK5LpFJJPvYgpUMpbKaOoD1ZNI6eudGD1Jk5vP0oVuMFlpSS3BM+Bkw4+YmGbTerhE8ZuFSoNlu2ku9cKXP2V6Uo7/fu7RECuqm2ZMPh+ch0p56RdRE9ONE8etBBEGCCvP7BTtv6Xxof7k1dG8vOJ0/kzS3SF7S3eSSU62fONvQltkadfOFSPNMuPxl9XYpe8xj7x3ex9vX1jc+xjHzp+n9eQy12iHH/94mXF89RUb2k4A2PwkD5XwAAAP//kCpJIg==" +} diff --git a/x-pack/filebeat/module/shorewall/log/config/log.yml b/x-pack/filebeat/module/shorewall/log/config/log.yml new file mode 100644 index 000000000000..0afd17317d4f --- /dev/null +++ b/x-pack/filebeat/module/shorewall/log/config/log.yml @@ -0,0 +1,6 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] diff --git a/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json b/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json new file mode 100644 index 000000000000..a3fdd4c058c7 --- /dev/null +++ b/x-pack/filebeat/module/shorewall/log/ingest/pipeline.json @@ -0,0 +1,36 @@ +{ + "description": "Pipeline for parsing Shorewall firewall. Requires the geoip plugin.", + "processors": [ + { + "grok": { + "field": "message", + "patterns": [ + "(%{SYSLOGTIMESTAMP:timestamp}).*(%{WORD:host.hostname}).*kernel:.*\\[(%{INT:shorewall.time1:int}).(%{INT:shorewall.time2:int})\\].*Shorewall:(%{USERNAME:shorewall.zone.name}):(%{WORD:shorewall.packet_action}):(%{WORD:shorewall.zone.device})=(%{USERNAME:shorewall.network.in}).*OUT=.*MAC=(%{MAC:destination.mac})?:(%{MAC:source.mac})?:(%{NOTSPACE:shorewall.frame_type})?.*SRC=(%{IPV4:source.ip})?.*DST=(%{IPV4:destination.ip})?.*LEN=(%{INT:network.packets:int})?.*TOS=(%{WORD:service.type})?.*PREC=(%{WORD:shorewall.precedence})?.*TTL=(%{INT:shorewall.ttl:int})?.*ID=(%{INT:event.id:int})?.*PROTO=(%{WORD:network.protocol})?.*SPT=(%{INT:source.port:int})?.*DPT=(%{INT:destination.port:int})?.*(WINDOW=(%{NUMBER:shorewall.window:int}))?.*(RES=(%{WORD:shorewall.res})?)?.*(SYN)?.*(URGP=(%{INT:shorewall.urgp:int})?)?" + ], + "ignore_missing": false + } + }, + { + "date": { + "field": "timestamp", + "target_field": "@timestamp", + "formats": ["MMM dd HH:mm:ss"], + "timezone": "UTC", + "ignore_failure": false + } + }, + { + "remove": { + "field": "timestamp" + } + } + ], + "on_failure": [ + { + "set": { + "field": "error.message", + "value": "{{ _ingest.on_failure_message }}" + } + } + ] +} diff --git a/x-pack/filebeat/module/shorewall/log/manifest.yml b/x-pack/filebeat/module/shorewall/log/manifest.yml new file mode 100644 index 000000000000..75798d386aea --- /dev/null +++ b/x-pack/filebeat/module/shorewall/log/manifest.yml @@ -0,0 +1,9 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/shorewall.log + +ingest_pipeline: ingest/pipeline.json +input: config/log.yml diff --git a/x-pack/filebeat/module/shorewall/log/test/default.log b/x-pack/filebeat/module/shorewall/log/test/default.log new file mode 100644 index 000000000000..3528c092fd60 --- /dev/null +++ b/x-pack/filebeat/module/shorewall/log/test/default.log @@ -0,0 +1,189 @@ +May 20 06:25:04 myHost kernel: [5665774.433812] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8108 PROTO=TCP SPT=50371 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:07 myHost kernel: [5665777.620517] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=56740 PROTO=UDP SPT=58761 DPT=443 LEN=1358 +May 20 06:25:07 myHost kernel: [5665777.621095] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=411 TOS=0x00 PREC=0x00 TTL=63 ID=1452 PROTO=UDP SPT=58761 DPT=443 LEN=391 +May 20 06:25:10 myHost kernel: [5665780.629574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13568 PROTO=TCP SPT=55651 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:14 myHost kernel: [5665784.796963] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3097 DF PROTO=TCP SPT=60391 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 +May 20 06:25:14 myHost kernel: [5665784.807881] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=12465 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:25:15 myHost kernel: [5665785.711972] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9741 PROTO=TCP SPT=46896 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:22 myHost kernel: [5665792.533866] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29417 PROTO=TCP SPT=41131 DPT=60561 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:25 myHost kernel: [5665795.346806] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4615 PROTO=TCP SPT=60423 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:25:25 myHost kernel: [5665795.391942] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19852 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:25:27 myHost kernel: [5665797.609158] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62477 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:25:27 myHost kernel: [5665797.609464] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62478 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:25:27 myHost kernel: [5665797.801696] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62479 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:25:28 myHost kernel: [5665798.736156] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54649 PROTO=TCP SPT=41131 DPT=61929 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:29 myHost kernel: [5665799.665870] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=60378 DF PROTO=TCP SPT=61113 DPT=8291 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:32 myHost kernel: [5665802.156520] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=101 TOS=0x00 PREC=0x00 TTL=116 ID=24468 PROTO=UDP SPT=7718 DPT=18377 LEN=81 MARK=0x3 +May 20 06:25:34 myHost kernel: [5665804.111364] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8832 PROTO=TCP SPT=39229 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:25:38 myHost kernel: [5665808.647159] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61638 PROTO=TCP SPT=8080 DPT=33396 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:40 myHost kernel: [5665810.425471] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28391 DF PROTO=TCP SPT=56642 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:40 myHost kernel: [5665810.466469] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28398 DF PROTO=TCP SPT=56643 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:40 myHost kernel: [5665810.492512] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28402 DF PROTO=TCP SPT=56644 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:40 myHost kernel: [5665810.517875] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28409 DF PROTO=TCP SPT=56645 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:41 myHost kernel: [5665811.550988] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8119 PROTO=TCP SPT=50372 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:42 myHost kernel: [5665812.814869] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15595 DF PROTO=UDP SPT=58973 DPT=443 LEN=1358 +May 20 06:25:42 myHost kernel: [5665812.814907] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15596 DF PROTO=UDP SPT=58973 DPT=443 LEN=366 +May 20 06:25:43 myHost kernel: [5665813.094960] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=2832 PROTO=TCP SPT=41131 DPT=58772 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:25:48 myHost kernel: [5665818.708387] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13578 PROTO=TCP SPT=35540 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:53 myHost kernel: [5665823.838331] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=170 DF PROTO=UDP SPT=37876 DPT=123 LEN=56 +May 20 06:25:55 myHost kernel: [5665825.551009] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19854 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:25:55 myHost kernel: [5665825.808201] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9751 PROTO=TCP SPT=46897 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:25:59 myHost kernel: [5665829.270149] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=63893 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK PSH URGP=0 +May 20 06:25:59 myHost kernel: [5665829.275316] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=63894 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK FIN URGP=0 +May 20 06:25:59 myHost kernel: [5665829.282743] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48586 DF PROTO=TCP SPT=59914 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:26:03 myHost kernel: [5665833.634545] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4628 PROTO=TCP SPT=60424 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:26:06 myHost kernel: [5665836.622479] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43325 PROTO=TCP SPT=8080 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:26:07 myHost kernel: [5665837.859827] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=36238 PROTO=UDP SPT=61330 DPT=443 LEN=1358 +May 20 06:26:07 myHost kernel: [5665837.860199] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=442 TOS=0x00 PREC=0x00 TTL=63 ID=22277 PROTO=UDP SPT=61330 DPT=443 LEN=422 +May 20 06:26:07 myHost kernel: [5665837.860223] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=150 TOS=0x00 PREC=0x00 TTL=63 ID=8101 PROTO=UDP SPT=61330 DPT=443 LEN=130 +May 20 06:26:09 myHost kernel: [5665839.818545] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7051 DF PROTO=TCP SPT=60526 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:26:12 myHost kernel: [5665842.372077] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8844 PROTO=TCP SPT=39230 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:26:13 myHost kernel: [5665843.902992] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=32586 DF PROTO=UDP SPT=64806 DPT=443 LEN=1358 +May 20 06:26:17 myHost kernel: [5665847.730485] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8129 PROTO=TCP SPT=50373 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:26:22 myHost kernel: [5665852.790852] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13588 PROTO=TCP SPT=35541 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:26:25 myHost kernel: [5665855.713411] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19856 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:26:30 myHost kernel: [5665860.305453] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31944 PROTO=TCP SPT=48293 DPT=49495 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:26:30 myHost kernel: [5665860.904274] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9761 PROTO=TCP SPT=60773 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:26:38 myHost kernel: [5665868.905177] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4641 PROTO=TCP SPT=60425 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:26:44 myHost kernel: [5665874.640128] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8856 PROTO=TCP SPT=39231 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:26:50 myHost kernel: [5665880.272050] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1224 DF PROTO=TCP SPT=38769 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:26:50 myHost kernel: [5665880.916295] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31010 PROTO=TCP SPT=41131 DPT=59830 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:26:52 myHost kernel: [5665882.101246] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8140 PROTO=TCP SPT=50374 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:26:55 myHost kernel: [5665885.867369] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19858 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:26:56 myHost kernel: [5665886.872870] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13598 PROTO=TCP SPT=35542 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:26:58 myHost kernel: [5665888.837986] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34778 PROTO=TCP SPT=49514 DPT=3291 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:26:59 myHost kernel: [5665889.708842] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60038 DF PROTO=TCP SPT=57121 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:27:00 myHost kernel: [5665890.633270] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=44244 PROTO=TCP SPT=48293 DPT=46462 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:27:04 myHost kernel: [5665895.011208] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9771 PROTO=TCP SPT=60774 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:27:05 myHost kernel: [5665895.443186] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62480 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:27:07 myHost kernel: [5665897.853344] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=2997 DF PROTO=UDP SPT=61074 DPT=443 LEN=1358 +May 20 06:27:07 myHost kernel: [5665897.853903] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=533 TOS=0x00 PREC=0x00 TTL=127 ID=2998 DF PROTO=UDP SPT=61074 DPT=443 LEN=513 +May 20 06:27:07 myHost kernel: [5665897.853924] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=177 TOS=0x00 PREC=0x00 TTL=127 ID=2999 DF PROTO=UDP SPT=61074 DPT=443 LEN=157 +May 20 06:27:08 myHost kernel: [5665898.619970] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=42012 PROTO=UDP SPT=54438 DPT=443 LEN=1358 +May 20 06:27:08 myHost kernel: [5665898.620495] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=412 TOS=0x00 PREC=0x00 TTL=63 ID=25900 PROTO=UDP SPT=54438 DPT=443 LEN=392 +May 20 06:27:13 myHost kernel: [5665903.167952] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4654 PROTO=TCP SPT=60426 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:27:15 myHost kernel: [5665905.929948] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=54364 DF PROTO=UDP SPT=45541 DPT=123 LEN=56 +May 20 06:27:16 myHost kernel: [5665906.191334] Shorewall:net_dnat:DNAT:IN=eth3 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=100 ID=14934 PROTO=TCP SPT=46284 DPT=80 WINDOW=62920 RES=0x00 SYN URGP=0 MARK=0x2 +May 20 06:27:19 myHost kernel: [5665909.755990] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38606 DF PROTO=TCP SPT=38240 DPT=443 WINDOW=431 RES=0x00 ACK RST URGP=0 +May 20 06:27:19 myHost kernel: [5665909.911069] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8868 PROTO=TCP SPT=39232 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:27:21 myHost kernel: [5665911.686689] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=47360 PROTO=UDP SPT=59192 DPT=443 LEN=1358 +May 20 06:27:21 myHost kernel: [5665911.687076] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=446 TOS=0x00 PREC=0x00 TTL=63 ID=30044 PROTO=UDP SPT=59192 DPT=443 LEN=426 +May 20 06:27:21 myHost kernel: [5665911.806450] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=26478 PROTO=UDP SPT=123 DPT=123 LEN=56 +May 20 06:27:21 myHost kernel: [5665911.840839] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=60981 PROTO=UDP SPT=123 DPT=123 LEN=56 +May 20 06:27:21 myHost kernel: [5665911.881137] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=44073 PROTO=UDP SPT=123 DPT=123 LEN=56 +May 20 06:27:25 myHost kernel: [5665916.048593] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19860 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:27:27 myHost kernel: [5665917.377574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8150 PROTO=TCP SPT=50375 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:27:27 myHost kernel: [5665917.611542] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62481 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:27:28 myHost kernel: [5665918.663884] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6888 DF PROTO=TCP SPT=60527 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:27:36 myHost kernel: [5665926.954899] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13608 PROTO=TCP SPT=35543 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:27:41 myHost kernel: [5665931.409341] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7064 DF PROTO=TCP SPT=60528 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:27:43 myHost kernel: [5665933.108273] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9781 PROTO=TCP SPT=60775 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:27:43 myHost kernel: [5665933.843105] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15608 DF PROTO=UDP SPT=49618 DPT=443 LEN=1358 +May 20 06:27:43 myHost kernel: [5665933.843134] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15609 DF PROTO=UDP SPT=49618 DPT=443 LEN=366 +May 20 06:27:50 myHost kernel: [5665940.288037] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=41776 PROTO=UDP SPT=63129 DPT=443 LEN=1358 +May 20 06:27:50 myHost kernel: [5665940.391265] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=33504 PROTO=UDP SPT=58864 DPT=443 LEN=1358 +May 20 06:27:50 myHost kernel: [5665940.421000] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=24133 PROTO=UDP SPT=58864 DPT=443 LEN=1358 +May 20 06:27:50 myHost kernel: [5665940.444005] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4667 PROTO=TCP SPT=60427 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:27:53 myHost kernel: [5665943.272863] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=17727 DF PROTO=TCP SPT=1991 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:53 myHost kernel: [5665943.643038] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=27195 DF PROTO=TCP SPT=711 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:53 myHost kernel: [5665943.787828] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=19622 DF PROTO=TCP SPT=1372 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:54 myHost kernel: [5665944.317910] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=12474 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 +May 20 06:27:54 myHost kernel: [5665944.345621] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=3098 DF PROTO=TCP SPT=60529 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:27:55 myHost kernel: [5665945.223595] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37429 DF PROTO=TCP SPT=45640 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:27:56 myHost kernel: [5665946.204223] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19862 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:27:56 myHost kernel: [5665946.518251] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=23222 DF PROTO=TCP SPT=2017 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:57 myHost kernel: [5665947.744034] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=25280 DF PROTO=TCP SPT=803 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:57 myHost kernel: [5665948.054796] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=1220 DF PROTO=TCP SPT=2264 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:58 myHost kernel: [5665949.033645] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=8559 DF PROTO=TCP SPT=2111 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 +May 20 06:27:59 myHost kernel: [5665949.184901] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8880 PROTO=TCP SPT=39233 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:28:02 myHost kernel: [5665952.767539] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=22426 DF PROTO=TCP SPT=60530 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:28:06 myHost kernel: [5665956.741703] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40105 PROTO=TCP SPT=43212 DPT=1081 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:28:07 myHost kernel: [5665958.021665] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8161 PROTO=TCP SPT=51764 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:08 myHost kernel: [5665958.821724] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=55182 DF PROTO=UDP SPT=60697 DPT=123 LEN=56 +May 20 06:28:08 myHost kernel: [5665958.832244] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=11972 PROTO=UDP SPT=58074 DPT=443 LEN=1358 +May 20 06:28:08 myHost kernel: [5665958.833527] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=409 TOS=0x00 PREC=0x00 TTL=63 ID=44039 PROTO=UDP SPT=58074 DPT=443 LEN=389 +May 20 06:28:09 myHost kernel: [5665959.912607] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=8726 DF PROTO=TCP SPT=37157 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:28:11 myHost kernel: [5665961.822969] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=131 TOS=0x00 PREC=0x00 TTL=118 ID=20754 PROTO=UDP SPT=55056 DPT=26085 LEN=111 MARK=0x3 +May 20 06:28:14 myHost kernel: [5665964.096590] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13618 PROTO=TCP SPT=35544 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:14 myHost kernel: [5665964.588937] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=5568 DF PROTO=TCP SPT=60531 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:28:16 myHost kernel: [5665966.475560] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=40745 DF PROTO=TCP SPT=57381 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:28:19 myHost kernel: [5665969.204330] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9791 PROTO=TCP SPT=60776 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:26 myHost kernel: [5665976.359216] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19864 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:28:28 myHost kernel: [5665978.719782] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4680 PROTO=TCP SPT=60428 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:28:30 myHost kernel: [5665980.282111] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=16798 DF PROTO=UDP SPT=58596 DPT=443 LEN=1358 +May 20 06:28:30 myHost kernel: [5665980.297709] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=16799 DF PROTO=UDP SPT=58596 DPT=443 LEN=1358 +May 20 06:28:30 myHost kernel: [5665980.472382] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=16805 DF PROTO=UDP SPT=58597 DPT=443 LEN=1358 +May 20 06:28:30 myHost kernel: [5665980.487481] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=16806 DF PROTO=UDP SPT=58597 DPT=443 LEN=1358 +May 20 06:28:32 myHost kernel: [5665982.131274] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=408 TOS=0x00 PREC=0x00 TTL=246 ID=28624 PROTO=UDP SPT=500 DPT=500 LEN=388 MARK=0x3 +May 20 06:28:34 myHost kernel: [5665984.448439] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8892 PROTO=TCP SPT=39234 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:28:34 myHost kernel: [5665984.768815] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=132 TOS=0x00 PREC=0x00 TTL=119 ID=51569 PROTO=UDP SPT=50978 DPT=26085 LEN=112 MARK=0x3 +May 20 06:28:38 myHost kernel: [5665989.026605] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=35290 PROTO=TCP SPT=47034 DPT=47833 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:28:40 myHost kernel: [5665990.125563] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=408 TOS=0x00 PREC=0x00 TTL=246 ID=24734 PROTO=UDP SPT=500 DPT=500 LEN=388 MARK=0x3 +May 20 06:28:44 myHost kernel: [5665994.319700] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8172 PROTO=TCP SPT=51765 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:48 myHost kernel: [5665998.125453] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=408 TOS=0x00 PREC=0x00 TTL=246 ID=5789 PROTO=UDP SPT=500 DPT=500 LEN=388 MARK=0x3 +May 20 06:28:49 myHost kernel: [5665999.245161] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13628 PROTO=TCP SPT=35545 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:49 myHost kernel: [5665999.605456] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62482 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:28:51 myHost kernel: [5666001.814177] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62467 DPT=443 WINDOW=2047 RES=0x00 ACK RST URGP=0 +May 20 06:28:51 myHost kernel: [5666001.822228] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62483 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:28:52 myHost kernel: [5666002.873806] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=27728 PROTO=TCP SPT=29767 DPT=23 WINDOW=25685 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:28:53 myHost kernel: [5666004.042304] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=171 DF PROTO=UDP SPT=37876 DPT=123 LEN=56 +May 20 06:28:56 myHost kernel: [5666006.125378] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=408 TOS=0x00 PREC=0x00 TTL=246 ID=187 PROTO=UDP SPT=500 DPT=500 LEN=388 MARK=0x3 +May 20 06:28:56 myHost kernel: [5666006.523417] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19866 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:28:58 myHost kernel: [5666008.363330] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9801 PROTO=TCP SPT=60777 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:28:59 myHost kernel: [5666009.710130] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=81.22.45.242 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18392 PROTO=TCP SPT=48367 DPT=19191 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:01 myHost kernel: [5666011.685919] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=92.119.160.40 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3709 PROTO=TCP SPT=53999 DPT=14002 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:05 myHost kernel: [5666015.104436] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4693 PROTO=TCP SPT=60429 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:29:07 myHost kernel: [5666017.815304] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=3007 DF PROTO=UDP SPT=58603 DPT=443 LEN=1358 +May 20 06:29:07 myHost kernel: [5666017.815340] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=533 TOS=0x00 PREC=0x00 TTL=127 ID=3008 DF PROTO=UDP SPT=58603 DPT=443 LEN=513 +May 20 06:29:08 myHost kernel: [5666018.766308] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=53802 PROTO=UDP SPT=58665 DPT=443 LEN=1358 +May 20 06:29:08 myHost kernel: [5666018.766498] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=411 TOS=0x00 PREC=0x00 TTL=63 ID=43390 PROTO=UDP SPT=58665 DPT=443 LEN=391 +May 20 06:29:08 myHost kernel: [5666018.880332] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=25115 DF PROTO=TCP SPT=60532 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.081571] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=2910 DF PROTO=TCP SPT=60533 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.125443] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24786 DF PROTO=TCP SPT=60534 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.246934] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24792 DF PROTO=TCP SPT=60535 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.246971] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24793 DF PROTO=TCP SPT=60536 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.247018] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24794 DF PROTO=TCP SPT=60537 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.252537] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=24796 DF PROTO=TCP SPT=60538 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:09 myHost kernel: [5666019.281282] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=32180 DF PROTO=TCP SPT=60539 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 +May 20 06:29:13 myHost kernel: [5666023.714730] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8904 PROTO=TCP SPT=39235 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:29:18 myHost kernel: [5666028.908405] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=35326 PROTO=TCP SPT=8080 DPT=200 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:19 myHost kernel: [5666029.546288] Shorewall:net_dnat:DNAT:IN=eth3 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=32057 DF PROTO=TCP SPT=2400 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x2 +May 20 06:29:19 myHost kernel: [5666029.658824] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8182 PROTO=TCP SPT=51766 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:29:24 myHost kernel: [5666034.324746] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13638 PROTO=TCP SPT=35546 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:29:26 myHost kernel: [5666036.640711] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62484 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:29:26 myHost kernel: [5666036.678298] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19868 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:29:26 myHost kernel: [5666036.861859] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62485 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:29:29 myHost kernel: [5666039.521037] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9811 PROTO=TCP SPT=60778 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:29:34 myHost kernel: [5666044.864142] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=22716 DF PROTO=TCP SPT=48498 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 +May 20 06:29:36 myHost kernel: [5666046.469015] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4706 PROTO=TCP SPT=60430 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:29:39 myHost kernel: [5666049.297110] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40292 PROTO=TCP SPT=8080 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:42 myHost kernel: [5666052.560708] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=3253 DF PROTO=TCP SPT=56676 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:42 myHost kernel: [5666052.629096] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=3261 DF PROTO=TCP SPT=56677 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:42 myHost kernel: [5666052.655066] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=3265 DF PROTO=TCP SPT=56678 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:42 myHost kernel: [5666052.680180] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=3270 DF PROTO=TCP SPT=56679 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:42 myHost kernel: [5666052.986365] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8916 PROTO=TCP SPT=39236 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:29:43 myHost kernel: [5666053.655642] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1291 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:43 myHost kernel: [5666053.850317] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1292 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:43 myHost kernel: [5666054.075775] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1293 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:44 myHost kernel: [5666054.496438] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1294 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:44 myHost kernel: [5666054.814710] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15620 DF PROTO=UDP SPT=60042 DPT=443 LEN=1358 +May 20 06:29:44 myHost kernel: [5666054.815126] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15621 DF PROTO=UDP SPT=60042 DPT=443 LEN=366 +May 20 06:29:45 myHost kernel: [5666055.334196] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1295 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:46 myHost kernel: [5666056.933812] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=27355 DF PROTO=UDP SPT=50126 DPT=123 LEN=56 +May 20 06:29:46 myHost kernel: [5666057.017490] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=75 TOS=0x00 PREC=0x00 TTL=63 ID=1296 DF PROTO=TCP SPT=55869 DPT=443 WINDOW=398 RES=0x00 ACK PSH URGP=0 +May 20 06:29:51 myHost kernel: [5666061.856579] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8192 PROTO=TCP SPT=51767 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:29:53 myHost kernel: [5666063.836217] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=20756 DF PROTO=TCP SPT=54115 DPT=26085 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:53 myHost kernel: [5666063.840364] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=20755 PROTO=UDP SPT=55056 DPT=26085 LEN=28 MARK=0x3 +May 20 06:29:56 myHost kernel: [5666066.407621] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13648 PROTO=TCP SPT=35547 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:29:56 myHost kernel: [5666066.835583] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19870 PROTO=UDP SPT=62976 DPT=62976 LEN=325 +May 20 06:29:56 myHost kernel: [5666066.838645] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=20757 DF PROTO=TCP SPT=54115 DPT=26085 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:29:57 myHost kernel: [5666067.116760] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=20758 PROTO=UDP SPT=55056 DPT=26085 LEN=28 MARK=0x3 +May 20 06:30:02 myHost kernel: [5666072.676962] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9821 PROTO=TCP SPT=60779 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 +May 20 06:30:02 myHost kernel: [5666072.835857] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=20759 DF PROTO=TCP SPT=54115 DPT=26085 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x3 +May 20 06:30:03 myHost kernel: [5666073.174044] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=20760 PROTO=UDP SPT=55056 DPT=26085 LEN=28 MARK=0x3 +May 20 06:30:07 myHost kernel: [5666077.823948] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=32593 DF PROTO=UDP SPT=58876 DPT=443 LEN=1358 +May 20 06:30:09 myHost kernel: [5666079.712144] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=8453 PROTO=UDP SPT=63790 DPT=443 LEN=1358 +May 20 06:30:09 myHost kernel: [5666079.712648] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=408 TOS=0x00 PREC=0x00 TTL=63 ID=49685 PROTO=UDP SPT=63790 DPT=443 LEN=388 +May 20 06:30:09 myHost kernel: [5666079.712677] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=183 TOS=0x00 PREC=0x00 TTL=63 ID=48705 PROTO=UDP SPT=63790 DPT=443 LEN=163 +May 20 06:30:11 myHost kernel: [5666081.798880] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4719 PROTO=TCP SPT=60431 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 +May 20 06:30:12 myHost kernel: [5666082.413104] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=35821 DF PROTO=TCP SPT=51742 DPT=443 WINDOW=1052 RES=0x00 ACK FIN URGP=0 \ No newline at end of file diff --git a/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json b/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json new file mode 100644 index 000000000000..539735a66ead --- /dev/null +++ b/x-pack/filebeat/module/shorewall/log/test/default.log-expected.json @@ -0,0 +1,3002 @@ +[ + { + "@timestamp": "2019-05-20T06:25:04.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8108, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 0, + "message": "May 20 06:25:04 myHost kernel: [5665774.433812] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8108 PROTO=TCP SPT=50371 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665774, + "shorewall.time2": 433812, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:62:a7:46", + "source.port": 50371 + }, + { + "@timestamp": "2019-05-20T06:25:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 56740, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 258, + "message": "May 20 06:25:07 myHost kernel: [5665777.620517] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=56740 PROTO=UDP SPT=58761 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665777, + "shorewall.time2": 620517, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 58761 + }, + { + "@timestamp": "2019-05-20T06:25:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 1452, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 502, + "message": "May 20 06:25:07 myHost kernel: [5665777.621095] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=411 TOS=0x00 PREC=0x00 TTL=63 ID=1452 PROTO=UDP SPT=58761 DPT=443 LEN=391 ", + "network.packets": 411, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665777, + "shorewall.time2": 621095, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 58761 + }, + { + "@timestamp": "2019-05-20T06:25:10.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 13568, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 743, + "message": "May 20 06:25:10 myHost kernel: [5665780.629574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13568 PROTO=TCP SPT=55651 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665780, + "shorewall.time2": 629574, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:3e:72", + "source.port": 55651 + }, + { + "@timestamp": "2019-05-20T06:25:14.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 3097, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 1002, + "message": "May 20 06:25:14 myHost kernel: [5665784.796963] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=3097 DF PROTO=TCP SPT=60391 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665784, + "shorewall.time2": 796963, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60391 + }, + { + "@timestamp": "2019-05-20T06:25:14.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 12465, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 1271, + "message": "May 20 06:25:14 myHost kernel: [5665784.807881] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=12465 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665784, + "shorewall.time2": 807881, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60525 + }, + { + "@timestamp": "2019-05-20T06:25:15.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 9741, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 1541, + "message": "May 20 06:25:15 myHost kernel: [5665785.711972] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9741 PROTO=TCP SPT=46896 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665785, + "shorewall.time2": 711972, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:30:1a", + "source.port": 46896 + }, + { + "@timestamp": "2019-05-20T06:25:22.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 60561, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 29417, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 1799, + "message": "May 20 06:25:22 myHost kernel: [5665792.533866] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29417 PROTO=TCP SPT=41131 DPT=60561 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665792, + "shorewall.time2": 533866, + "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 41131 + }, + { + "@timestamp": "2019-05-20T06:25:25.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 4615, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 2067, + "message": "May 20 06:25:25 myHost kernel: [5665795.346806] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4615 PROTO=TCP SPT=60423 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665795, + "shorewall.time2": 346806, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:c9:bc:f0", + "source.port": 60423 + }, + { + "@timestamp": "2019-05-20T06:25:25.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19852, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 2326, + "message": "May 20 06:25:25 myHost kernel: [5665795.391942] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19852 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665795, + "shorewall.time2": 391942, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:25:27.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 0, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 2564, + "message": "May 20 06:25:27 myHost kernel: [5665797.609158] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62477 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 64, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665797, + "shorewall.time2": 609158, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 62477 + }, + { + "@timestamp": "2019-05-20T06:25:27.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 0, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 2829, + "message": "May 20 06:25:27 myHost kernel: [5665797.609464] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62478 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 64, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665797, + "shorewall.time2": 609464, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 62478 + }, + { + "@timestamp": "2019-05-20T06:25:27.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 0, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 3094, + "message": "May 20 06:25:27 myHost kernel: [5665797.801696] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62479 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 64, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665797, + "shorewall.time2": 801696, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 62479 + }, + { + "@timestamp": "2019-05-20T06:25:28.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 61929, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 54649, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 3359, + "message": "May 20 06:25:28 myHost kernel: [5665798.736156] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54649 PROTO=TCP SPT=41131 DPT=61929 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665798, + "shorewall.time2": 736156, + "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 41131 + }, + { + "@timestamp": "2019-05-20T06:25:29.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 8291, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 60378, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 3627, + "message": "May 20 06:25:29 myHost kernel: [5665799.665870] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=60378 DF PROTO=TCP SPT=61113 DPT=8291 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665799, + "shorewall.time2": 665870, + "shorewall.ttl": 252, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 61113 + }, + { + "@timestamp": "2019-05-20T06:25:32.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 18377, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 24468, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 3898, + "message": "May 20 06:25:32 myHost kernel: [5665802.156520] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=101 TOS=0x00 PREC=0x00 TTL=116 ID=24468 PROTO=UDP SPT=7718 DPT=18377 LEN=81 MARK=0x3 ", + "network.packets": 101, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665802, + "shorewall.time2": 156520, + "shorewall.ttl": 116, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 7718 + }, + { + "@timestamp": "2019-05-20T06:25:34.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8832, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 4141, + "message": "May 20 06:25:34 myHost kernel: [5665804.111364] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8832 PROTO=TCP SPT=39229 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665804, + "shorewall.time2": 111364, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:50:b6:3d", + "source.port": 39229 + }, + { + "@timestamp": "2019-05-20T06:25:38.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 33396, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 61638, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 4400, + "message": "May 20 06:25:38 myHost kernel: [5665808.647159] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61638 PROTO=TCP SPT=8080 DPT=33396 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665808, + "shorewall.time2": 647159, + "shorewall.ttl": 248, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 8080 + }, + { + "@timestamp": "2019-05-20T06:25:40.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 28391, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 4667, + "message": "May 20 06:25:40 myHost kernel: [5665810.425471] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28391 DF PROTO=TCP SPT=56642 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665810, + "shorewall.time2": 425471, + "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 56642 + }, + { + "@timestamp": "2019-05-20T06:25:40.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 80, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 28398, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 4938, + "message": "May 20 06:25:40 myHost kernel: [5665810.466469] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28398 DF PROTO=TCP SPT=56643 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665810, + "shorewall.time2": 466469, + "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 56643 + }, + { + "@timestamp": "2019-05-20T06:25:40.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 28402, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 5208, + "message": "May 20 06:25:40 myHost kernel: [5665810.492512] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28402 DF PROTO=TCP SPT=56644 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665810, + "shorewall.time2": 492512, + "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 56644 + }, + { + "@timestamp": "2019-05-20T06:25:40.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 80, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 28409, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 5479, + "message": "May 20 06:25:40 myHost kernel: [5665810.517875] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=28409 DF PROTO=TCP SPT=56645 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665810, + "shorewall.time2": 517875, + "shorewall.ttl": 121, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 56645 + }, + { + "@timestamp": "2019-05-20T06:25:41.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8119, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 5749, + "message": "May 20 06:25:41 myHost kernel: [5665811.550988] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8119 PROTO=TCP SPT=50372 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665811, + "shorewall.time2": 550988, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:62:a7:46", + "source.port": 50372 + }, + { + "@timestamp": "2019-05-20T06:25:42.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 15595, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 6007, + "message": "May 20 06:25:42 myHost kernel: [5665812.814869] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15595 DF PROTO=UDP SPT=58973 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665812, + "shorewall.time2": 814869, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 58973 + }, + { + "@timestamp": "2019-05-20T06:25:42.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 15596, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 6255, + "message": "May 20 06:25:42 myHost kernel: [5665812.814907] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15596 DF PROTO=UDP SPT=58973 DPT=443 LEN=366 ", + "network.packets": 386, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665812, + "shorewall.time2": 814907, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 58973 + }, + { + "@timestamp": "2019-05-20T06:25:43.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 58772, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 2832, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 6501, + "message": "May 20 06:25:43 myHost kernel: [5665813.094960] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=2832 PROTO=TCP SPT=41131 DPT=58772 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665813, + "shorewall.time2": 94960, + "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 41131 + }, + { + "@timestamp": "2019-05-20T06:25:48.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 13578, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 6768, + "message": "May 20 06:25:48 myHost kernel: [5665818.708387] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13578 PROTO=TCP SPT=35540 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665818, + "shorewall.time2": 708387, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:3e:72", + "source.port": 35540 + }, + { + "@timestamp": "2019-05-20T06:25:53.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 123, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 170, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 7027, + "message": "May 20 06:25:53 myHost kernel: [5665823.838331] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:ac:cc:8e:59:43:c4:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=170 DF PROTO=UDP SPT=37876 DPT=123 LEN=56 ", + "network.packets": 76, + "network.protocol": "UDP", + "service.type": "0x10", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665823, + "shorewall.time2": 838331, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "ac:cc:8e:59:43:c4", + "source.port": 37876 + }, + { + "@timestamp": "2019-05-20T06:25:55.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19854, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 7268, + "message": "May 20 06:25:55 myHost kernel: [5665825.551009] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19854 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665825, + "shorewall.time2": 551009, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:25:55.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 9751, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 7506, + "message": "May 20 06:25:55 myHost kernel: [5665825.808201] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9751 PROTO=TCP SPT=46897 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665825, + "shorewall.time2": 808201, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:30:1a", + "source.port": 46897 + }, + { + "@timestamp": "2019-05-20T06:25:59.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 63893, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 7764, + "message": "May 20 06:25:59 myHost kernel: [5665829.270149] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=63893 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK PSH URGP=0 ", + "network.packets": 83, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665829, + "shorewall.time2": 270149, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f8:32:e4:e3:ae:c5", + "source.port": 48338 + }, + { + "@timestamp": "2019-05-20T06:25:59.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 63894, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 8036, + "message": "May 20 06:25:59 myHost kernel: [5665829.275316] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=63894 DF PROTO=TCP SPT=48338 DPT=443 WINDOW=1453 RES=0x00 ACK FIN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665829, + "shorewall.time2": 275316, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f8:32:e4:e3:ae:c5", + "source.port": 48338 + }, + { + "@timestamp": "2019-05-20T06:25:59.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 48586, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 8308, + "message": "May 20 06:25:59 myHost kernel: [5665829.282743] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f8:32:e4:e3:ae:c5:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48586 DF PROTO=TCP SPT=59914 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665829, + "shorewall.time2": 282743, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f8:32:e4:e3:ae:c5", + "source.port": 59914 + }, + { + "@timestamp": "2019-05-20T06:26:03.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 4628, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 8577, + "message": "May 20 06:26:03 myHost kernel: [5665833.634545] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4628 PROTO=TCP SPT=60424 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665833, + "shorewall.time2": 634545, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:c9:bc:f0", + "source.port": 60424 + }, + { + "@timestamp": "2019-05-20T06:26:06.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 4000, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 43325, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 8836, + "message": "May 20 06:26:06 myHost kernel: [5665836.622479] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43325 PROTO=TCP SPT=8080 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665836, + "shorewall.time2": 622479, + "shorewall.ttl": 248, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 8080 + }, + { + "@timestamp": "2019-05-20T06:26:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 36238, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 9102, + "message": "May 20 06:26:07 myHost kernel: [5665837.859827] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=36238 PROTO=UDP SPT=61330 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665837, + "shorewall.time2": 859827, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 61330 + }, + { + "@timestamp": "2019-05-20T06:26:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 22277, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 9346, + "message": "May 20 06:26:07 myHost kernel: [5665837.860199] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=442 TOS=0x00 PREC=0x00 TTL=63 ID=22277 PROTO=UDP SPT=61330 DPT=443 LEN=422 ", + "network.packets": 442, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665837, + "shorewall.time2": 860199, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 61330 + }, + { + "@timestamp": "2019-05-20T06:26:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8101, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 9588, + "message": "May 20 06:26:07 myHost kernel: [5665837.860223] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=150 TOS=0x00 PREC=0x00 TTL=63 ID=8101 PROTO=UDP SPT=61330 DPT=443 LEN=130 ", + "network.packets": 150, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665837, + "shorewall.time2": 860223, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 61330 + }, + { + "@timestamp": "2019-05-20T06:26:09.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 7051, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 9829, + "message": "May 20 06:26:09 myHost kernel: [5665839.818545] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7051 DF PROTO=TCP SPT=60526 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665839, + "shorewall.time2": 818545, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60526 + }, + { + "@timestamp": "2019-05-20T06:26:12.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8844, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 10098, + "message": "May 20 06:26:12 myHost kernel: [5665842.372077] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8844 PROTO=TCP SPT=39230 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665842, + "shorewall.time2": 372077, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:50:b6:3d", + "source.port": 39230 + }, + { + "@timestamp": "2019-05-20T06:26:13.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 32586, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 10357, + "message": "May 20 06:26:13 myHost kernel: [5665843.902992] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=32586 DF PROTO=UDP SPT=64806 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665843, + "shorewall.time2": 902992, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 64806 + }, + { + "@timestamp": "2019-05-20T06:26:17.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8129, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 10605, + "message": "May 20 06:26:17 myHost kernel: [5665847.730485] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8129 PROTO=TCP SPT=50373 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665847, + "shorewall.time2": 730485, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:62:a7:46", + "source.port": 50373 + }, + { + "@timestamp": "2019-05-20T06:26:22.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 13588, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 10863, + "message": "May 20 06:26:22 myHost kernel: [5665852.790852] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13588 PROTO=TCP SPT=35541 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665852, + "shorewall.time2": 790852, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:3e:72", + "source.port": 35541 + }, + { + "@timestamp": "2019-05-20T06:26:25.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19856, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 11122, + "message": "May 20 06:26:25 myHost kernel: [5665855.713411] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19856 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665855, + "shorewall.time2": 713411, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:26:30.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 49495, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 31944, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 11360, + "message": "May 20 06:26:30 myHost kernel: [5665860.305453] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31944 PROTO=TCP SPT=48293 DPT=49495 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665860, + "shorewall.time2": 305453, + "shorewall.ttl": 246, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 48293 + }, + { + "@timestamp": "2019-05-20T06:26:30.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 9761, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 11628, + "message": "May 20 06:26:30 myHost kernel: [5665860.904274] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9761 PROTO=TCP SPT=60773 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665860, + "shorewall.time2": 904274, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:30:1a", + "source.port": 60773 + }, + { + "@timestamp": "2019-05-20T06:26:38.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 4641, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 11886, + "message": "May 20 06:26:38 myHost kernel: [5665868.905177] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4641 PROTO=TCP SPT=60425 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665868, + "shorewall.time2": 905177, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:c9:bc:f0", + "source.port": 60425 + }, + { + "@timestamp": "2019-05-20T06:26:44.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8856, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 12145, + "message": "May 20 06:26:44 myHost kernel: [5665874.640128] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8856 PROTO=TCP SPT=39231 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665874, + "shorewall.time2": 640128, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:50:b6:3d", + "source.port": 39231 + }, + { + "@timestamp": "2019-05-20T06:26:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 1224, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 12404, + "message": "May 20 06:26:50 myHost kernel: [5665880.272050] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:c4:9f:4c:e8:ca:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=1224 DF PROTO=TCP SPT=38769 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665880, + "shorewall.time2": 272050, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "c4:9f:4c:e8:ca:1a", + "source.port": 38769 + }, + { + "@timestamp": "2019-05-20T06:26:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 59830, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 31010, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 12672, + "message": "May 20 06:26:50 myHost kernel: [5665880.916295] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31010 PROTO=TCP SPT=41131 DPT=59830 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665880, + "shorewall.time2": 916295, + "shorewall.ttl": 251, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 41131 + }, + { + "@timestamp": "2019-05-20T06:26:52.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8140, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 12940, + "message": "May 20 06:26:52 myHost kernel: [5665882.101246] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8140 PROTO=TCP SPT=50374 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665882, + "shorewall.time2": 101246, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:62:a7:46", + "source.port": 50374 + }, + { + "@timestamp": "2019-05-20T06:26:55.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19858, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 13198, + "message": "May 20 06:26:55 myHost kernel: [5665885.867369] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19858 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665885, + "shorewall.time2": 867369, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:26:56.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 13598, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 13436, + "message": "May 20 06:26:56 myHost kernel: [5665886.872870] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13598 PROTO=TCP SPT=35542 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665886, + "shorewall.time2": 872870, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:3e:72", + "source.port": 35542 + }, + { + "@timestamp": "2019-05-20T06:26:58.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 3291, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 34778, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 13695, + "message": "May 20 06:26:58 myHost kernel: [5665888.837986] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34778 PROTO=TCP SPT=49514 DPT=3291 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665888, + "shorewall.time2": 837986, + "shorewall.ttl": 249, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 49514 + }, + { + "@timestamp": "2019-05-20T06:26:59.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 80, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 60038, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 13962, + "message": "May 20 06:26:59 myHost kernel: [5665889.708842] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:94:0e:6b:6f:4d:5b:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=60038 DF PROTO=TCP SPT=57121 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665889, + "shorewall.time2": 708842, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "94:0e:6b:6f:4d:5b", + "source.port": 57121 + }, + { + "@timestamp": "2019-05-20T06:27:00.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 46462, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 44244, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 14230, + "message": "May 20 06:27:00 myHost kernel: [5665890.633270] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=44244 PROTO=TCP SPT=48293 DPT=46462 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665890, + "shorewall.time2": 633270, + "shorewall.ttl": 246, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 48293 + }, + { + "@timestamp": "2019-05-20T06:27:04.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 9771, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 14498, + "message": "May 20 06:27:04 myHost kernel: [5665895.011208] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9771 PROTO=TCP SPT=60774 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665895, + "shorewall.time2": 11208, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:30:1a", + "source.port": 60774 + }, + { + "@timestamp": "2019-05-20T06:27:05.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 0, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 14756, + "message": "May 20 06:27:05 myHost kernel: [5665895.443186] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62480 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 64, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665895, + "shorewall.time2": 443186, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 62480 + }, + { + "@timestamp": "2019-05-20T06:27:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 2997, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 15021, + "message": "May 20 06:27:07 myHost kernel: [5665897.853344] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=2997 DF PROTO=UDP SPT=61074 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665897, + "shorewall.time2": 853344, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 61074 + }, + { + "@timestamp": "2019-05-20T06:27:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 2998, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 15268, + "message": "May 20 06:27:07 myHost kernel: [5665897.853903] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=533 TOS=0x00 PREC=0x00 TTL=127 ID=2998 DF PROTO=UDP SPT=61074 DPT=443 LEN=513 ", + "network.packets": 533, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665897, + "shorewall.time2": 853903, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 61074 + }, + { + "@timestamp": "2019-05-20T06:27:07.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 2999, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 15513, + "message": "May 20 06:27:07 myHost kernel: [5665897.853924] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=177 TOS=0x00 PREC=0x00 TTL=127 ID=2999 DF PROTO=UDP SPT=61074 DPT=443 LEN=157 ", + "network.packets": 177, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665897, + "shorewall.time2": 853924, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 61074 + }, + { + "@timestamp": "2019-05-20T06:27:08.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 42012, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 15758, + "message": "May 20 06:27:08 myHost kernel: [5665898.619970] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=42012 PROTO=UDP SPT=54438 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665898, + "shorewall.time2": 619970, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 54438 + }, + { + "@timestamp": "2019-05-20T06:27:08.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 25900, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 16002, + "message": "May 20 06:27:08 myHost kernel: [5665898.620495] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=412 TOS=0x00 PREC=0x00 TTL=63 ID=25900 PROTO=UDP SPT=54438 DPT=443 LEN=392 ", + "network.packets": 412, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665898, + "shorewall.time2": 620495, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 54438 + }, + { + "@timestamp": "2019-05-20T06:27:13.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 4654, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 16244, + "message": "May 20 06:27:13 myHost kernel: [5665903.167952] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4654 PROTO=TCP SPT=60426 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665903, + "shorewall.time2": 167952, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:c9:bc:f0", + "source.port": 60426 + }, + { + "@timestamp": "2019-05-20T06:27:15.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 123, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 54364, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 16503, + "message": "May 20 06:27:15 myHost kernel: [5665905.929948] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:ac:cc:8e:59:43:c4:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x10 PREC=0x00 TTL=63 ID=54364 DF PROTO=UDP SPT=45541 DPT=123 LEN=56 ", + "network.packets": 76, + "network.protocol": "UDP", + "service.type": "0x10", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665905, + "shorewall.time2": 929948, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "ac:cc:8e:59:43:c4", + "source.port": 45541 + }, + { + "@timestamp": "2019-05-20T06:27:16.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:08:4a:a2", + "destination.port": 80, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 14934, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 16746, + "message": "May 20 06:27:16 myHost kernel: [5665906.191334] Shorewall:net_dnat:DNAT:IN=eth3 OUT= MAC=68:05:ca:08:4a:a2:34:b3:54:dd:cd:92:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=100 ID=14934 PROTO=TCP SPT=46284 DPT=80 WINDOW=62920 RES=0x00 SYN URGP=0 MARK=0x2 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth3", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665906, + "shorewall.time2": 191334, + "shorewall.ttl": 100, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "34:b3:54:dd:cd:92", + "source.port": 46284 + }, + { + "@timestamp": "2019-05-20T06:27:19.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 38606, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 17014, + "message": "May 20 06:27:19 myHost kernel: [5665909.755990] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f8:95:c7:c2:49:5f:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38606 DF PROTO=TCP SPT=38240 DPT=443 WINDOW=431 RES=0x00 ACK RST URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665909, + "shorewall.time2": 755990, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f8:95:c7:c2:49:5f", + "source.port": 38240 + }, + { + "@timestamp": "2019-05-20T06:27:19.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8868, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 17285, + "message": "May 20 06:27:19 myHost kernel: [5665909.911069] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8868 PROTO=TCP SPT=39232 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665909, + "shorewall.time2": 911069, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:50:b6:3d", + "source.port": 39232 + }, + { + "@timestamp": "2019-05-20T06:27:21.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 47360, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 17544, + "message": "May 20 06:27:21 myHost kernel: [5665911.686689] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=47360 PROTO=UDP SPT=59192 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665911, + "shorewall.time2": 686689, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 59192 + }, + { + "@timestamp": "2019-05-20T06:27:21.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 30044, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 17788, + "message": "May 20 06:27:21 myHost kernel: [5665911.687076] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=446 TOS=0x00 PREC=0x00 TTL=63 ID=30044 PROTO=UDP SPT=59192 DPT=443 LEN=426 ", + "network.packets": 446, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665911, + "shorewall.time2": 687076, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 59192 + }, + { + "@timestamp": "2019-05-20T06:27:21.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 123, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 26478, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 18030, + "message": "May 20 06:27:21 myHost kernel: [5665911.806450] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=26478 PROTO=UDP SPT=123 DPT=123 LEN=56 ", + "network.packets": 76, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665911, + "shorewall.time2": 806450, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 123 + }, + { + "@timestamp": "2019-05-20T06:27:21.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 123, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 60981, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 18268, + "message": "May 20 06:27:21 myHost kernel: [5665911.840839] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=60981 PROTO=UDP SPT=123 DPT=123 LEN=56 ", + "network.packets": 76, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665911, + "shorewall.time2": 840839, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 123 + }, + { + "@timestamp": "2019-05-20T06:27:21.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 123, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 44073, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 18506, + "message": "May 20 06:27:21 myHost kernel: [5665911.881137] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=44073 PROTO=UDP SPT=123 DPT=123 LEN=56 ", + "network.packets": 76, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665911, + "shorewall.time2": 881137, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 123 + }, + { + "@timestamp": "2019-05-20T06:27:25.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19860, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 18744, + "message": "May 20 06:27:25 myHost kernel: [5665916.048593] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19860 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665916, + "shorewall.time2": 48593, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:27:27.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8150, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 18982, + "message": "May 20 06:27:27 myHost kernel: [5665917.377574] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:62:a7:46:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8150 PROTO=TCP SPT=50375 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665917, + "shorewall.time2": 377574, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:62:a7:46", + "source.port": 50375 + }, + { + "@timestamp": "2019-05-20T06:27:27.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 0, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 19240, + "message": "May 20 06:27:27 myHost kernel: [5665917.611542] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=62481 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 64, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665917, + "shorewall.time2": 611542, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 62481 + }, + { + "@timestamp": "2019-05-20T06:27:28.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 6888, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 19505, + "message": "May 20 06:27:28 myHost kernel: [5665918.663884] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=6888 DF PROTO=TCP SPT=60527 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665918, + "shorewall.time2": 663884, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60527 + }, + { + "@timestamp": "2019-05-20T06:27:36.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 13608, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 19774, + "message": "May 20 06:27:36 myHost kernel: [5665926.954899] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:3e:72:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13608 PROTO=TCP SPT=35543 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665926, + "shorewall.time2": 954899, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:3e:72", + "source.port": 35543 + }, + { + "@timestamp": "2019-05-20T06:27:41.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 7064, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 20033, + "message": "May 20 06:27:41 myHost kernel: [5665931.409341] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=7064 DF PROTO=TCP SPT=60528 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665931, + "shorewall.time2": 409341, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60528 + }, + { + "@timestamp": "2019-05-20T06:27:43.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 9781, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 20302, + "message": "May 20 06:27:43 myHost kernel: [5665933.108273] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:44:d9:e7:68:30:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9781 PROTO=TCP SPT=60775 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665933, + "shorewall.time2": 108273, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "44:d9:e7:68:30:1a", + "source.port": 60775 + }, + { + "@timestamp": "2019-05-20T06:27:43.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 15608, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 20560, + "message": "May 20 06:27:43 myHost kernel: [5665933.843105] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=127 ID=15608 DF PROTO=UDP SPT=49618 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665933, + "shorewall.time2": 843105, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 49618 + }, + { + "@timestamp": "2019-05-20T06:27:43.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 15609, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 20808, + "message": "May 20 06:27:43 myHost kernel: [5665933.843134] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=386 TOS=0x00 PREC=0x00 TTL=127 ID=15609 DF PROTO=UDP SPT=49618 DPT=443 LEN=366 ", + "network.packets": 386, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665933, + "shorewall.time2": 843134, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 49618 + }, + { + "@timestamp": "2019-05-20T06:27:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 41776, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 21054, + "message": "May 20 06:27:50 myHost kernel: [5665940.288037] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=41776 PROTO=UDP SPT=63129 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665940, + "shorewall.time2": 288037, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 63129 + }, + { + "@timestamp": "2019-05-20T06:27:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 33504, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 21298, + "message": "May 20 06:27:50 myHost kernel: [5665940.391265] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=33504 PROTO=UDP SPT=58864 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665940, + "shorewall.time2": 391265, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 58864 + }, + { + "@timestamp": "2019-05-20T06:27:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 24133, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 21542, + "message": "May 20 06:27:50 myHost kernel: [5665940.421000] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:f4:0f:24:2f:71:df:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=1378 TOS=0x00 PREC=0x00 TTL=63 ID=24133 PROTO=UDP SPT=58864 DPT=443 LEN=1358 ", + "network.packets": 1378, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665940, + "shorewall.time2": 421000, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "f4:0f:24:2f:71:df", + "source.port": 58864 + }, + { + "@timestamp": "2019-05-20T06:27:50.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 4667, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 21786, + "message": "May 20 06:27:50 myHost kernel: [5665940.444005] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:c9:bc:f0:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4667 PROTO=TCP SPT=60427 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665940, + "shorewall.time2": 444005, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:c9:bc:f0", + "source.port": 60427 + }, + { + "@timestamp": "2019-05-20T06:27:53.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 17727, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 22045, + "message": "May 20 06:27:53 myHost kernel: [5665943.272863] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=17727 DF PROTO=TCP SPT=1991 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665943, + "shorewall.time2": 272863, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 1991 + }, + { + "@timestamp": "2019-05-20T06:27:53.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 27195, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 22322, + "message": "May 20 06:27:53 myHost kernel: [5665943.643038] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=27195 DF PROTO=TCP SPT=711 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665943, + "shorewall.time2": 643038, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 711 + }, + { + "@timestamp": "2019-05-20T06:27:53.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19622, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 22598, + "message": "May 20 06:27:53 myHost kernel: [5665943.787828] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=19622 DF PROTO=TCP SPT=1372 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665943, + "shorewall.time2": 787828, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 1372 + }, + { + "@timestamp": "2019-05-20T06:27:54.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 12474, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 22875, + "message": "May 20 06:27:54 myHost kernel: [5665944.317910] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=12474 DF PROTO=TCP SPT=60525 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665944, + "shorewall.time2": 317910, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60525 + }, + { + "@timestamp": "2019-05-20T06:27:54.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 3098, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 23145, + "message": "May 20 06:27:54 myHost kernel: [5665944.345621] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=3098 DF PROTO=TCP SPT=60529 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665944, + "shorewall.time2": 345621, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60529 + }, + { + "@timestamp": "2019-05-20T06:27:55.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 37429, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 23414, + "message": "May 20 06:27:55 myHost kernel: [5665945.223595] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth3 MAC=68:05:ca:42:25:0c:c4:9f:4c:e8:c9:bc:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=37429 DF PROTO=TCP SPT=45640 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665945, + "shorewall.time2": 223595, + "shorewall.ttl": 63, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "c4:9f:4c:e8:c9:bc", + "source.port": 45640 + }, + { + "@timestamp": "2019-05-20T06:27:56.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "ff:ff:ff:ff:ff:ff", + "destination.port": 62976, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 19862, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 23683, + "message": "May 20 06:27:56 myHost kernel: [5665946.204223] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=ff:ff:ff:ff:ff:ff:ec:22:80:c0:b6:40:08:00 SRC=1.2.3.44 DST=1.2.3.4 LEN=345 TOS=0x00 PREC=0x00 TTL=30 ID=19862 PROTO=UDP SPT=62976 DPT=62976 LEN=325 ", + "network.packets": 345, + "network.protocol": "UDP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665946, + "shorewall.time2": 204223, + "shorewall.ttl": 30, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.44", + "source.mac": "ec:22:80:c0:b6:40", + "source.port": 62976 + }, + { + "@timestamp": "2019-05-20T06:27:56.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 23222, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 23921, + "message": "May 20 06:27:56 myHost kernel: [5665946.518251] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=23222 DF PROTO=TCP SPT=2017 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665946, + "shorewall.time2": 518251, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 2017 + }, + { + "@timestamp": "2019-05-20T06:27:57.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 25280, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 24198, + "message": "May 20 06:27:57 myHost kernel: [5665947.744034] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=25280 DF PROTO=TCP SPT=803 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665947, + "shorewall.time2": 744034, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 803 + }, + { + "@timestamp": "2019-05-20T06:27:57.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 1220, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 24474, + "message": "May 20 06:27:57 myHost kernel: [5665948.054796] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=1220 DF PROTO=TCP SPT=2264 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665948, + "shorewall.time2": 54796, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 2264 + }, + { + "@timestamp": "2019-05-20T06:27:58.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8559, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 24750, + "message": "May 20 06:27:58 myHost kernel: [5665949.033645] Shorewall:net_dnat:DNAT:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=8559 DF PROTO=TCP SPT=2111 DPT=443 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 MARK=0x3 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x02", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DNAT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665949, + "shorewall.time2": 33645, + "shorewall.ttl": 122, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net_dnat", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 2111 + }, + { + "@timestamp": "2019-05-20T06:27:59.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 8080, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 8880, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 25026, + "message": "May 20 06:27:59 myHost kernel: [5665949.184901] Shorewall:lan-fw:ACCEPT:IN=eth2 OUT= MAC=68:05:ca:42:25:0c:80:2a:a8:50:b6:3d:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=8880 PROTO=TCP SPT=39233 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ", + "network.packets": 60, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth2", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665949, + "shorewall.time2": 184901, + "shorewall.ttl": 64, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "lan-fw", + "source.ip": "1.2.3.4", + "source.mac": "80:2a:a8:50:b6:3d", + "source.port": 39233 + }, + { + "@timestamp": "2019-05-20T06:28:02.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "68:05:ca:42:25:0c", + "destination.port": 443, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 22426, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 25285, + "message": "May 20 06:28:02 myHost kernel: [5665952.767539] Shorewall:wif-net:ACCEPT:IN=vlan1 OUT=eth5 MAC=68:05:ca:42:25:0c:e4:b3:18:44:92:1a:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=22426 DF PROTO=TCP SPT=60530 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ", + "network.packets": 52, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "vlan1", + "shorewall.packet_action": "ACCEPT", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665952, + "shorewall.time2": 767539, + "shorewall.ttl": 127, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "wif-net", + "source.ip": "1.2.3.4", + "source.mac": "e4:b3:18:44:92:1a", + "source.port": 60530 + }, + { + "@timestamp": "2019-05-20T06:28:06.000Z", + "destination.ip": "1.2.3.4", + "destination.mac": "6c:b3:11:1b:d9:7a", + "destination.port": 1081, + "ecs.version": "1.0.0", + "event.dataset": "shorewall.log", + "event.id": 40105, + "event.module": "shorewall", + "fileset.name": "log", + "host.hostname": "myHost", + "input.type": "log", + "log.offset": 25555, + "message": "May 20 06:28:06 myHost kernel: [5665956.741703] Shorewall:net-fw:DROP:IN=eth5 OUT= MAC=6c:b3:11:1b:d9:7a:28:c0:da:b7:eb:3e:08:00 SRC=1.2.3.4 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40105 PROTO=TCP SPT=43212 DPT=1081 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3 ", + "network.packets": 40, + "network.protocol": "TCP", + "service.type": "0x00", + "shorewall.frame_type": "08:00", + "shorewall.network.in": "eth5", + "shorewall.packet_action": "DROP", + "shorewall.precedence": "0x00", + "shorewall.time1": 5665956, + "shorewall.time2": 741703, + "shorewall.ttl": 244, + "shorewall.zone.device": "IN", + "shorewall.zone.name": "net-fw", + "source.ip": "1.2.3.4", + "source.mac": "28:c0:da:b7:eb:3e", + "source.port": 43212 + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/shorewall/module.yml b/x-pack/filebeat/module/shorewall/module.yml new file mode 100644 index 000000000000..d29140862d1e --- /dev/null +++ b/x-pack/filebeat/module/shorewall/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: Filebeat-shorewall-log-Dashboard + file: Filebeat-shorewall-log.json diff --git a/x-pack/filebeat/modules.d/shorewall.yml.disabled b/x-pack/filebeat/modules.d/shorewall.yml.disabled new file mode 100644 index 000000000000..9e661ee6598e --- /dev/null +++ b/x-pack/filebeat/modules.d/shorewall.yml.disabled @@ -0,0 +1,11 @@ +# Module: shorewall +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-shorewall.html + +- module: shorewall + # All logs + {fileset}: + enabled: true + + # Set custom paths for the log files. If left empty, + # Filebeat will choose the paths depending on your OS. + #var.paths: