31.1. EVE Index

31.1.1. Top Level (object)

Name	Type	Description
alert	object
anomaly	object
app_proto	string
app_proto_expected	string
app_proto_orig	string
app_proto_tc	string
app_proto_ts	string
arp	object
bittorrent_dht	object
capture_file	string
community_id	string
dcerpc	object
dest_ip	string
dest_port	integer
dhcp	object
direction	string
dnp3	object
dns	object
drop	object
email	object
engine	object
enip	object
ether	object
event_type	string
fileinfo	object
files	array of objects
flow	object
flow_id	integer
frame	object
ftp	object
ftp_data	object
host	string	the sensor-name, if configured
http	object
icmp_code	integer
icmp_type	integer
ike	object
in_iface	string
ip_v	integer	IP version of the packet or flow
krb5	object
ldap	object
log_level	string
mdns	object	mDNS requests and responses
metadata	object
modbus	object
mqtt	object
ndpi	object	nDPI plugin, contents provided by 3rd party library
netflow	object
nfs	object
packet	string
packet_info	object
parent_id	integer
payload	string
payload_length	integer
payload_printable	string
pcap_cnt	integer
pcap_filename	string
pgsql	object
pkt_src	string
pop3	object
proto	string
quic	object
rdp	object
response_icmp_code	integer
response_icmp_type	integer
rfb	object
rpc	object
sip	object
smb	object
smtp	object
snmp	object
spi	integer
src_ip	string
src_port	integer
ssh	object
stats	object
stream	integer
stream_tcp	object
suricata_version	string
tc_progress	string
tcp	object
template	object
tftp	object
timestamp	string
tls	object
traffic	object
ts_progress	string
tunnel	object
tx_guessed	boolean	the signature that triggered this alert didn't tie to a transaction, so the transaction (and metadata) logged is a forced estimation and may not be the one you expect
tx_id	integer
verdict	object
vlan	array of numbers
websocket	object

31.1.2. websocket (object)

Name	Type	Description
fin	boolean
mask	integer
opcode	string
payload_base64	string
payload_printable	string

31.1.3. verdict (object)

Name	Type	Description
action	string
reject	array of strings
reject-target	string

31.1.4. tunnel (object)

Name	Type	Description
depth	integer
dest_ip	string
dest_port	integer
pcap_cnt	integer
pkt_src	string
proto	string
src_ip	string
src_port	integer

31.1.5. traffic (object)

Name	Type	Description
id	array of strings
label	array of strings

31.1.6. tls (object)

Name	Type	Description
certificate	string
chain	array of strings
client	object
client_alpns	array of strings	TLS client ALPN field(s)
client_handshake	object
fingerprint	string
from_proto	string
issuerdn	string
ja3	object
ja3s	object
ja4	string
notafter	string
notbefore	string
serial	string
server_alpns	array of strings	TLS server ALPN field(s)
server_handshake	object
session_resumed	boolean
sni	string
subject	string
subjectaltname	array of strings	TLS Subject Alternative Name field
version	string

31.1.7. tls.server_handshake (object)

Name	Type	Description
cipher	integer	TLS server's chosen cipher
exts	array of integers	TLS server extension(s)
version	string	TLS version in server hello

31.1.8. tls.ja3s (object)

Name	Type	Description
hash	string
string	string

31.1.9. tls.ja3 (object)

Name	Type	Description
hash	string
string	string

31.1.10. tls.client_handshake (object)

Name	Type	Description
ciphers	array of integers	TLS client cipher(s)
exts	array of integers	TLS client extension(s)
sig_algs	array of integers	TLS client signature algorithm(s)
version	string	TLS version in client hello

31.1.11. tls.client (object)

Name	Type	Description
certificate	string
chain	array of strings
fingerprint	string
issuerdn	string
notafter	string
notbefore	string
serial	string
subject	string
subjectaltname	array of strings	TLS Subject Alternative Name field

31.1.12. tftp (object)

Name	Type	Description
file	string
mode	string
packet	string

31.1.13. template (object)

Name	Type	Description
request	string
response	string

31.1.14. tcp (object)

Name	Type	Description
ack	boolean
cwr	boolean
ecn	boolean
fin	boolean
psh	boolean
rst	boolean
state	string
syn	boolean
tc_gap	boolean
tc_max_regions	integer
tc_urgent_oob_data	integer	Number of Out-of-Band bytes sent by server using TCP urgent packets
tcp_flags	string
tcp_flags_tc	string
tcp_flags_ts	string
ts_gap	boolean
ts_max_regions	integer
ts_urgent_oob_data	integer	Number of Out-of-Band bytes sent by client using TCP urgent packets
urg	boolean

31.1.15. stats (object)

Name	Type	Description
app_layer	object
capture	object
decoder	object
defrag	object
detect	object
exception_policy	object
file_store	object
flow	object
flow_bypassed	object
flow_mgr	object
ftp	object
host	object
http	object
ippair	object
ips	object
memcap	object
pcap_log	object
tcp	object
uptime	integer	Suricata engine's uptime

31.1.16. stats.tcp (object)

Name	Type	Description
ack_unseen_data	integer
active_sessions	integer
insert_data_normal_fail	integer
insert_data_overlap_fail	integer
insert_list_fail	integer
invalid_checksum	integer
memuse	integer
midstream_pickups	integer
no_flow	integer
overlap	integer
overlap_diff_data	integer
pkt_on_wrong_thread	integer
pseudo	integer
reassembly_gap	integer
reassembly_memuse	integer
rst	integer
segment_from_cache	integer
segment_from_pool	integer
segment_memcap_drop	integer
sessions	integer
ssn_from_cache	integer
ssn_from_pool	integer
ssn_memcap_drop	integer
stream_depth_reached	integer
syn	integer
synack	integer
urg	integer	Number of TCP packets with the urgent flag set
urgent_oob_data	integer	Number of OOB bytes tracked in TCP urgent handling

31.1.17. stats.pcap_log (object)

Name	Type	Description
filtered_bpf	integer	Number of packets filtered out by bpf (not written)
written	integer	Number of packets written

31.1.18. stats.memcap (object)

Name	Type	Description
pressure	integer	Percentage of memcaps used by flow, stream, stream-reassembly and app-layer-http
pressure_max	integer	Maximum pressure seen by the engine

31.1.19. stats.ips (object)

Name	Type	Description
accepted	integer	Number of accepted packets
blocked	integer	Number of blocked packets
drop_reason	object	Number of dropped packets, grouped by drop reason
rejected	integer	Number of rejected packets
replaced	integer	Number of replaced packets

31.1.20. stats.ips.drop_reason (object)

Name	Type	Description
applayer_error	integer	Number of packets dropped due to app-layer error exception policy
applayer_memcap	integer	Number of packets dropped due to applayer memcap
decode_error	integer	Number of packets dropped due to decoding errors
default_app_policy	integer	Number of packets dropped due to default app policy
default_packet_policy	integer	Number of packets dropped due to default packet policy
defrag_error	integer	Number of packets dropped due to defragmentation errors
defrag_memcap	integer	Number of packets dropped due to defrag memcap exception policy
flow_drop	integer	Number of packets dropped due to dropped flows
flow_memcap	integer	Number of packets dropped due to flow memcap exception policy
nfq_error	integer	Number of packets dropped due to no NFQ verdict
pre_flow_hook	integer	Number of packets dropped in the pre_flow hook
pre_stream_hook	integer	Number of packets dropped in the pre_stream hook
rules	integer	Number of packets dropped due to rule actions
stream_error	integer	Number of packets dropped due to invalid TCP stream
stream_memcap	integer	Number of packets dropped due to stream memcap exception policy
stream_midstream	integer	Number of packets dropped due to stream midstream exception policy
stream_reassembly	integer	Number of packets dropped due to stream reassembly exception policy
stream_urgent	integer	Number of packets dropped due to TCP urgent flag
threshold_detection_filter	integer	Number of packets dropped due to threshold detection filter
tunnel_packet_drop	integer	Number of packets dropped due to inner tunnel packet being dropped

31.1.21. stats.ippair (object)

Name	Type	Description
memcap	integer
memuse	integer

31.1.22. stats.http (object)

Name	Type	Description
byterange	object
memcap	integer
memuse	integer

31.1.23. stats.http.byterange (object)

Name	Type	Description
memcap	integer
memuse	integer

31.1.24. stats.host (object)

Name	Type	Description
memcap	integer
memuse	integer

31.1.25. stats.ftp (object)

Name	Type	Description
memcap	integer
memuse	integer

31.1.26. stats.flow_mgr (object)

Name	Type	Description
bypassed_pruned	integer
closed_pruned	integer
est_pruned	integer
flows_checked	integer
flows_notimeout	integer
flows_removed	integer
flows_timeout	integer
new_pruned	integer
rows_busy	integer
rows_checked	integer
rows_empty	integer
rows_maxlen	integer
rows_skipped	integer

31.1.27. stats.flow_bypassed (object)

Name	Type	Description
bytes	integer
closed	integer
local_bytes	integer
local_capture_bytes	integer
local_capture_pkts	integer
local_pkts	integer
pkts	integer

31.1.28. stats.flow (object)

Name	Type	Description
active	integer	Number of currently active flows
elephant	integer	Total number of elephant flows
emerg_mode_entered	integer	Number of times emergency mode was entered
emerg_mode_over	integer	Number of times recovery was made from emergency mode
end	object
get_used	integer	Number of reused flows from the hash table in case memcap was reached and spare pool was empty
get_used_eval	integer	Number of attempts at getting a flow directly from the hash
get_used_eval_busy	integer	Number of times a flow was found in the hash but the lock for hash bucket could not be obtained
get_used_eval_reject	integer	Number of flows that were evaluated but rejected from reuse as they were still alive/active
get_used_failed	integer	Number of times retrieval of flow from hash was attempted but was unsuccessful
icmpv4	integer	Number of ICMPv4 flows
icmpv6	integer	Number of ICMPv6 flows
memcap	integer	Number of times memcap was reached for flows
memuse	integer	Memory currently in use by the flows
mgr	object
recycler	object
spare	integer	Number of flows in the spare pool
tcp	integer	Number of TCP flows
tcp_reuse	integer	Number of TCP flows that were reused as they seemed to share the same flow tuple
total	integer	Total number of flows
udp	integer	Number of UDP flows
wrk	object

31.1.29. stats.flow.wrk (object)

Name	Type	Description
flows_evicted	integer
flows_evicted_needs_work	integer
flows_evicted_pkt_inject	integer
flows_injected	integer
flows_injected_max	integer
spare_sync	integer
spare_sync_avg	integer
spare_sync_empty	integer
spare_sync_incomplete	integer

31.1.30. stats.flow.recycler (object)

Name	Type	Description
queue_avg	integer	average number of recycled flows per queue
queue_max	integer	maximum number of recycled flows per queue
recycled	integer	number of recycled flows

31.1.31. stats.flow.mgr (object)

Name	Type	Description
flows_checked	integer	number of flows checked for timeout in the last pass
flows_evicted	integer	number of flows that were evicted
flows_evicted_needs_work	integer	number of TCP flows that were returned to the workers in case reassembly, detection, logging still needs work
flows_notimeout	integer	number of flows that did not time out
flows_timeout	integer	number of flows that reached the time out
full_hash_pass	integer	number of times a full pass of the hash table was done
rows_maxlen	integer	size of the biggest row in the hash table
rows_per_sec	integer	number of rows to be scanned every second by a worker

31.1.32. stats.flow.end (object)

Name	Type	Description
state	object
tcp_liberal	integer
tcp_state	object

31.1.33. stats.flow.end.tcp_state (object)

Name	Type	Description
close_wait	integer
closed	integer
closing	integer
established	integer
fin_wait1	integer
fin_wait2	integer
last_ack	integer
none	integer
syn_recv	integer
syn_sent	integer
time_wait	integer

31.1.34. stats.flow.end.state (object)

Name	Type	Description
capture_bypassed	integer
closed	integer
established	integer
local_bypassed	integer
new	integer

31.1.35. stats.file_store (object)

Name	Type	Description
fs_errors	integer
open_files	integer
open_files_max_hit	integer

31.1.36. stats.exception_policy (object)

Name	Type	Description
app_layer	object
defrag	object
flow	object
tcp	object

31.1.37. stats.detect (object)

Name	Type	Description
alert	integer
alert_queue_overflow	integer
alerts_suppressed	integer
engines	array of objects
fnonmpm_list	integer
lua	object
match_list	integer
mpm_list	integer
nonmpm_list	integer

31.1.38. stats.detect.lua (object)

Name	Type	Description
blocked_function_errors	integer	Counter for Lua scripts failing due to blocked functions being called
errors	integer	Errors encountered while running Lua scripts
instruction_limit_errors	integer	Count of Lua rules exceeding the instruction limit
memory_limit_errors	integer	Count of Lua rules exceeding the memory limit

31.1.39. stats.detect.engines (array of objects)

Name	Type	Description
id	integer
last_reload	string
rules_failed	integer
rules_loaded	integer
rules_skipped	integer

31.1.40. stats.defrag (object)

Name	Type	Description
ipv4	object
ipv6	object
max_frags_reached	integer	How many times a fragment wasn't stored due to max-frags limit being reached
max_trackers_reached	integer	How many times a packet wasn't reassembled due to max-trackers limit being reached
memuse	integer	Current memory use.
mgr	object
tracker_hard_reuse	integer	Active tracker force closed before completion and reused for new tracker
tracker_soft_reuse	integer	Finished tracker re-used from hash table before being moved to spare pool
wrk	object

31.1.41. stats.defrag.wrk (object)

Name	Type	Description
tracker_timeout	integer

31.1.42. stats.defrag.mgr (object)

Name	Type	Description
tracker_timeout	integer

31.1.43. stats.defrag.ipv6 (object)

Name	Type	Description
fragments	integer
reassembled	integer
timeouts	integer

31.1.44. stats.defrag.ipv4 (object)

Name	Type	Description
fragments	integer
reassembled	integer
timeouts	integer

31.1.45. stats.decoder (object)

Name	Type	Description
arp	integer
avg_pkt_size	integer
bytes	integer
chdlc	integer
erspan	integer
esp	integer
ethernet	integer
event	object
geneve	integer
gre	integer
icmpv4	integer
icmpv6	integer
ieee8021ah	integer
invalid	integer
ipv4	integer
ipv4_in_ipv6	integer
ipv6	integer
ipv6_in_ipv6	integer
max_mac_addrs_dst	integer
max_mac_addrs_src	integer
max_pkt_size	integer
mpls	integer
nsh	integer
null	integer
pkts	integer
ppp	integer
pppoe	integer
raw	integer
sctp	integer
sll	integer
sll2	integer	The number of SLL2 frames encountered
tcp	integer
teredo	integer
too_many_layers	integer
udp	integer
unknown_ethertype	integer
vlan	integer
vlan_qinq	integer
vlan_qinqinq	integer
vntag	integer
vxlan	integer

31.1.46. stats.decoder.event (object)

Name	Type	Description
afpacket	object
arp	object
chdlc	object
dce	object
erspan	object
esp	object
ethernet	object
geneve	object
gre	object
icmpv4	object
icmpv6	object
ieee8021ah	object
ipraw	object
ipv4	object
ipv6	object
ltnull	object
mpls	object
nsh	object
ppp	object
pppoe	object
sctp	object
sll	object
sll2	object	The number of times the SLL2 header was too small to be valid
tcp	object
udp	object
vlan	object
vntag	object
vxlan	object

31.1.47. stats.decoder.event.vxlan (object)

Name	Type	Description
unknown_payload_type	integer

31.1.48. stats.decoder.event.vntag (object)

Name	Type	Description
header_too_small	integer
unknown_type	integer

31.1.49. stats.decoder.event.vlan (object)

Name	Type	Description
header_too_small	integer
too_many_layers	integer
unknown_type	integer

31.1.50. stats.decoder.event.udp (object)

Name	Type	Description
hlen_invalid	integer
hlen_too_small	integer
len_invalid	integer
pkt_too_small	integer

31.1.51. stats.decoder.event.tcp (object)

Name	Type	Description
hlen_too_small	integer
invalid_optlen	integer
opt_duplicate	integer
opt_invalid_len	integer
pkt_too_small	integer

31.1.52. stats.decoder.event.sll2 (object)

Name	Type	Description
pkt_too_small	integer

31.1.53. stats.decoder.event.sll (object)

Name	Type	Description
pkt_too_small	integer

31.1.54. stats.decoder.event.sctp (object)

Name	Type	Description
pkt_too_small	integer

31.1.55. stats.decoder.event.pppoe (object)

Name	Type	Description
malformed_tags	integer
pkt_too_small	integer
wrong_code	integer

31.1.56. stats.decoder.event.ppp (object)

Name	Type	Description
ip4_pkt_too_small	integer
ip6_pkt_too_small	integer
pkt_too_small	integer
unsup_proto	integer
vju_pkt_too_small	integer
wrong_type	integer

31.1.57. stats.decoder.event.nsh (object)

Name	Type	Description
bad_header_length	integer
header_too_small	integer
reserved_type	integer
unknown_payload	integer
unsupported_type	integer
unsupported_version	integer

31.1.58. stats.decoder.event.mpls (object)

Name	Type	Description
bad_label_implicit_null	integer
bad_label_reserved	integer
bad_label_router_alert	integer
header_too_small	integer
pkt_too_small	integer
unknown_payload_type	integer

31.1.59. stats.decoder.event.ltnull (object)

Name	Type	Description
pkt_too_small	integer
unsupported_type	integer

31.1.60. stats.decoder.event.ipv6 (object)

Name	Type	Description
data_after_none_header	integer
dstopts_only_padding	integer
dstopts_unknown_opt	integer
exthdr_ah_res_not_null	integer
exthdr_dupl_ah	integer
exthdr_dupl_dh	integer
exthdr_dupl_eh	integer
exthdr_dupl_fh	integer
exthdr_dupl_hh	integer
exthdr_dupl_rh	integer
exthdr_invalid_optlen	integer
exthdr_useless_fh	integer
fh_non_zero_reserved_field	integer
frag_ignored	integer
frag_invalid_length	integer
frag_overlap	integer
frag_pkt_too_large	integer
hopopts_only_padding	integer
hopopts_unknown_opt	integer
icmpv4	integer
ipv4_in_ipv6_too_small	integer
ipv4_in_ipv6_wrong_version	integer
ipv6_in_ipv6_too_small	integer
ipv6_in_ipv6_wrong_version	integer
pkt_too_small	integer
rh_type_0	integer
trunc_exthdr	integer
trunc_pkt	integer
unknown_next_header	integer
wrong_ip_version	integer
zero_len_padn	integer

31.1.61. stats.decoder.event.ipv4 (object)

Name	Type	Description
frag_ignored	integer
frag_overlap	integer
frag_pkt_too_large	integer
hlen_too_small	integer
icmpv6	integer
iplen_smaller_than_hlen	integer
opt_duplicate	integer
opt_eol_required	integer
opt_invalid	integer
opt_invalid_len	integer
opt_malformed	integer
opt_pad_required	integer
opt_unknown	integer
pkt_too_small	integer
trunc_pkt	integer
wrong_ip_version	integer

31.1.62. stats.decoder.event.ipraw (object)

Name	Type	Description
invalid_ip_version	integer

31.1.63. stats.decoder.event.ieee8021ah (object)

Name	Type	Description
header_too_small	integer

31.1.64. stats.decoder.event.icmpv6 (object)

Name	Type	Description
experimentation_type	integer
ipv6_trunc_pkt	integer
ipv6_unknown_version	integer
mld_message_with_invalid_hl	integer
pkt_too_small	integer
unassigned_type	integer
unknown_code	integer
unknown_type	integer

31.1.65. stats.decoder.event.icmpv4 (object)

Name	Type	Description
ipv4_trunc_pkt	integer
ipv4_unknown_ver	integer
pkt_too_small	integer
unknown_code	integer
unknown_type	integer

31.1.66. stats.decoder.event.gre (object)

Name	Type	Description
pkt_too_small	integer
version0_flags	integer
version0_hdr_too_big	integer
version0_malformed_sre_hdr	integer
version0_recur	integer
version1_chksum	integer
version1_flags	integer
version1_hdr_too_big	integer
version1_malformed_sre_hdr	integer
version1_no_key	integer
version1_recur	integer
version1_route	integer
version1_ssr	integer
version1_wrong_protocol	integer
wrong_version	integer

31.1.67. stats.decoder.event.geneve (object)

Name	Type	Description
unknown_payload_type	integer

31.1.68. stats.decoder.event.ethernet (object)

Name	Type	Description
pkt_too_small	integer
unknown_ethertype	integer

31.1.69. stats.decoder.event.esp (object)

Name	Type	Description
pkt_too_small	integer

31.1.70. stats.decoder.event.erspan (object)

Name	Type	Description
header_too_small	integer
too_many_vlan_layers	integer
unsupported_version	integer

31.1.71. stats.decoder.event.dce (object)

Name	Type	Description
pkt_too_small	integer

31.1.72. stats.decoder.event.chdlc (object)

Name	Type	Description
pkt_too_small	integer

31.1.73. stats.decoder.event.arp (object)

Name	Type	Description
invalid_hardware_size	integer
invalid_protocol_size	integer
pkt_too_small	integer
unsupported_hardware	integer
unsupported_opcode	integer
unsupported_pkt	integer
unsupported_protocol	integer

31.1.74. stats.decoder.event.afpacket (object)

Name	Type	Description
trunc_pkt	integer	Number of packets truncated by AF_PACKET

31.1.75. stats.capture (object)

Name	Type	Description
kernel_drops	integer
kernel_ifdrops	integer
kernel_packets	integer

31.1.76. stats.app_layer (object)

Name	Type	Description
error	object
expectations	integer	Expectation (dynamic parallel flow) counter
flow	object
tx	object

31.1.77. stats.app_layer.tx (object)

Name	Type	Description
bittorrent-dht	integer	Number of transactions for BitTorrent DHT protocol
dcerpc_tcp	integer	Number of transactions for DCERPC/TCP protocol
dcerpc_udp	integer	Number of transactions for DCERPC/UDP protocol
dhcp	integer	Number of transactions for DHCP
dnp3	integer	Number of transactions for DNP3
dns_tcp	integer	Number of transactions for DNS/TCP protocol
dns_udp	integer	Number of transactions for DNS/UDP protocol
doh2	integer
enip_tcp	integer	Number of transactions for ENIP/TCP
enip_udp	integer	Number of transactions for ENIP/UDP
ftp	integer	Number of transactions for FTP
ftp-data	integer	Number of transactions for FTP data protocol
http	integer	Number of transactions for HTTP
http2	integer	Number of transactions for HTTP/2
ike	integer	Number of transactions for IKE protocol
ikev2	integer	Number of transactions for IKE v2 protocol
imap	integer	Number of transactions for IMAP
krb5_tcp	integer	Number of transactions for Kerberos v5/TCP protocol
krb5_udp	integer	Number of transactions for Kerberos v5/UDP protocol
ldap_tcp	integer	Number of transactions for LDAP/TCP protocol
ldap_udp	integer	Number of transactions for LDAP/UDP protocol
mdns	integer	Number of transactions for mDNS
modbus	integer	Number of transactions for Modbus protocol
mqtt	integer	Number of transactions for MQTT protocol
nfs_tcp	integer	Number of transactions for NFS/TCP protocol
nfs_udp	integer	Number of transactions for NFS/UDP protocol
ntp	integer	Number of transactions for NTP
pgsql	integer	Number of transactions for PostgreSQL protocol
pop3	integer
quic	integer	Number of transactions for QUIC protocol
rdp	integer	Number of transactions for RDP
rfb	integer	Number of transactions for RFB protocol
sip_tcp	integer	Number of transactions for SIP/TCP protocol
sip_udp	integer	Number of transactions for SIP/UDP protocol
smb	integer	Number of transactions for SMB protocol
smtp	integer	Number of transactions for SMTP
snmp	integer	Number of transactions for SNMP
ssh	integer	Number of transactions for SSH protocol
telnet	integer	Number of transactions for Telnet protocol
tftp	integer	Number of transactions for TFTP
tls	integer	Number of transactions for TLS protocol
websocket	integer

31.1.78. stats.app_layer.flow (object)

Name	Type	Description
bittorrent-dht	integer	Number of flows for BitTorrent DHT protocol
dcerpc_tcp	integer	Number of flows for DCERPC/TCP protocol
dcerpc_udp	integer	Number of flows for DCERPC/UDP protocol
dhcp	integer	Number of flows for DHCP
dnp3	integer	Number of flows for DNP3
dns_tcp	integer	Number of flows for DNS/TCP protocol
dns_udp	integer	Number of flows for DNS/UDP protocol
doh2	integer
enip_tcp	integer	Number of flows for ENIP/TCP
enip_udp	integer	Number of flows for ENIP/UDP
failed_tcp	integer	Number of failed flows for TCP
failed_udp	integer	Number of failed flows for UDP
ftp	integer	Number of flows for FTP
ftp-data	integer	Number of flows for FTP data protocol
http	integer	Number of flows for HTTP
http2	integer	Number of flows for HTTP/2
ike	integer	Number of flows for IKE protocol
ikev2	integer	Number of flows for IKE v2 protocol
imap	integer	Number of flows for IMAP
krb5_tcp	integer	Number of flows for Kerberos v5/TCP protocol
krb5_udp	integer	Number of flows for Kerberos v5/UDP protocol
ldap_tcp	integer	Number of flows for LDAP/TCP protocol
ldap_udp	integer	Number of flows LDAP/UDP protocol
mdns	integer	Number of flows for mDNS
modbus	integer	Number of flows for Modbus protocol
mqtt	integer	Number of flows for MQTT protocol
nfs_tcp	integer	Number of flows for NFS/TCP protocol
nfs_udp	integer	Number of flows for NFS/UDP protocol
ntp	integer	Number of flows for NTP
pgsql	integer	Number of flows for PostgreSQL protocol
pop3	integer
quic	integer	Number of flows for QUIC protocol
rdp	integer	Number of flows for RDP
rfb	integer	Number of flows for RFB protocol
sip_tcp	integer	Number of flows for SIP/TCP protocol
sip_udp	integer	Number of flows for SIP/UDP protocol
smb	integer	Number of flows for SMB protocol
smtp	integer	Number of flows for SMTP
snmp	integer	Number of flows for SNMP
ssh	integer	Number of flows for SSH protocol
telnet	integer	Number of flows for Telnet protocol
tftp	integer	Number of flows for TFTP
tls	integer	Number of flows for TLS protocol
websocket	integer

31.1.79. stats.app_layer.error (object)

Name	Type	Description
bittorrent-dht	object
dcerpc_tcp	object
dcerpc_udp	object
dhcp	object
dnp3	object
dns_tcp	object
dns_udp	object
doh2	object
enip_tcp	object
enip_udp	object
failed_tcp	object
ftp	object
ftp-data	object
http	object
http2	object
ike	object
imap	object
krb5_tcp	object
krb5_udp	object
ldap_tcp	object
ldap_udp	object
mdns	object
modbus	object
mqtt	object
nfs_tcp	object
nfs_udp	object
ntp	object
pgsql	object
pop3	object
quic	object
rdp	object
rfb	object
sip_tcp	object
sip_udp	object
smb	object
smtp	object
snmp	object
ssh	object
telnet	object
tftp	object
tls	object
websocket	object

31.1.80. stats.app_layer.error.websocket (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.81. stats.app_layer.error.websocket.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.82. stats.app_layer.error.tls (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.83. stats.app_layer.error.tls.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.84. stats.app_layer.error.tftp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.85. stats.app_layer.error.tftp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.86. stats.app_layer.error.telnet (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.87. stats.app_layer.error.telnet.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.88. stats.app_layer.error.ssh (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.89. stats.app_layer.error.ssh.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.90. stats.app_layer.error.snmp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.91. stats.app_layer.error.snmp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.92. stats.app_layer.error.smtp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.93. stats.app_layer.error.smtp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.94. stats.app_layer.error.smb (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.95. stats.app_layer.error.smb.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.96. stats.app_layer.error.sip_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.97. stats.app_layer.error.sip_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.98. stats.app_layer.error.sip_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.99. stats.app_layer.error.sip_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.100. stats.app_layer.error.rfb (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.101. stats.app_layer.error.rfb.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.102. stats.app_layer.error.rdp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.103. stats.app_layer.error.rdp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.104. stats.app_layer.error.quic (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.105. stats.app_layer.error.quic.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.106. stats.app_layer.error.pop3 (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.107. stats.app_layer.error.pop3.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.108. stats.app_layer.error.pgsql (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.109. stats.app_layer.error.pgsql.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.110. stats.app_layer.error.ntp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.111. stats.app_layer.error.ntp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.112. stats.app_layer.error.nfs_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.113. stats.app_layer.error.nfs_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.114. stats.app_layer.error.nfs_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.115. stats.app_layer.error.nfs_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.116. stats.app_layer.error.mqtt (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.117. stats.app_layer.error.mqtt.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.118. stats.app_layer.error.modbus (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.119. stats.app_layer.error.modbus.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.120. stats.app_layer.error.mdns (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.121. stats.app_layer.error.mdns.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.122. stats.app_layer.error.ldap_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.123. stats.app_layer.error.ldap_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.124. stats.app_layer.error.ldap_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.125. stats.app_layer.error.ldap_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.126. stats.app_layer.error.krb5_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.127. stats.app_layer.error.krb5_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.128. stats.app_layer.error.krb5_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.129. stats.app_layer.error.krb5_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.130. stats.app_layer.error.imap (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.131. stats.app_layer.error.imap.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.132. stats.app_layer.error.ike (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.133. stats.app_layer.error.ike.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.134. stats.app_layer.error.http2 (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.135. stats.app_layer.error.http2.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.136. stats.app_layer.error.http (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.137. stats.app_layer.error.http.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.138. stats.app_layer.error.ftp-data (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.139. stats.app_layer.error.ftp-data.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.140. stats.app_layer.error.ftp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.141. stats.app_layer.error.ftp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.142. stats.app_layer.error.failed_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.143. stats.app_layer.error.failed_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.144. stats.app_layer.error.enip_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.145. stats.app_layer.error.enip_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.146. stats.app_layer.error.enip_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.147. stats.app_layer.error.enip_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.148. stats.app_layer.error.doh2 (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.149. stats.app_layer.error.doh2.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.150. stats.app_layer.error.dns_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.151. stats.app_layer.error.dns_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.152. stats.app_layer.error.dns_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.153. stats.app_layer.error.dns_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.154. stats.app_layer.error.dnp3 (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.155. stats.app_layer.error.dnp3.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.156. stats.app_layer.error.dhcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.157. stats.app_layer.error.dhcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.158. stats.app_layer.error.dcerpc_udp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.159. stats.app_layer.error.dcerpc_udp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.160. stats.app_layer.error.dcerpc_tcp (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.161. stats.app_layer.error.dcerpc_tcp.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.162. stats.app_layer.error.bittorrent-dht (object)

Name	Type	Description
alloc	integer	Number of errors allocating memory
exception_policy	object
gap	integer	Number of errors processing gaps
internal	integer	Number of internal parser errors
parser	integer	Number of errors reported by parser

31.1.163. stats.app_layer.error.bittorrent-dht.exception_policy (object)

Name	Type	Description
bypass	integer
drop_flow	integer
drop_packet	integer
pass_flow	integer
pass_packet	integer
reject	integer

31.1.164. ssh (object)

Name	Type	Description
client	object
server	object

31.1.165. ssh.server (object)

Name	Type	Description
hassh	object
proto_version	string
software_version	string

31.1.166. ssh.server.hassh (object)

Name	Type	Description
hash	string
string	string

31.1.167. ssh.client (object)

Name	Type	Description
hassh	object
proto_version	string
software_version	string

31.1.168. ssh.client.hassh (object)

Name	Type	Description
hash	string
string	string

31.1.169. snmp (object)

Name	Type	Description
community	string
pdu_type	string
usm	string
vars	array of strings
version	integer

31.1.170. smtp (object)

Name	Type	Description
helo	string
mail_from	string
rcpt_to	array of strings

31.1.171. smb (object)

Name	Type	Description
access	string
accessed	integer
changed	integer
client_dialects	array of strings
client_guid	string
command	string
created	integer
dcerpc	object
dialect	string
directory	string
disposition	string
filename	string
fuid	string
function	string
id	integer
kerberos	object
level_of_interest	string
max_read_size	integer
max_write_size	integer
modified	integer
named_pipe	string
ntlmssp	object
rename	object
request	object
request_done	boolean
response	object
response_done	boolean
server_guid	string
service	object
session_id	integer
set_info	object
share	string
share_type	string
size	integer
status	string
status_code	string
subcmd	string
tree_id	integer

31.1.172. smb.set_info (object)

Name	Type	Description
class	string
info_level	string

31.1.173. smb.service (object)

Name	Type	Description
request	string
response	string

31.1.174. smb.response (object)

Name	Type	Description
native_lm	string
native_os	string

31.1.175. smb.request (object)

Name	Type	Description
native_lm	string
native_os	string

31.1.176. smb.rename (object)

Name	Type	Description
from	string
to	string

31.1.177. smb.ntlmssp (object)

Name	Type	Description
domain	string
host	string
user	string
version	string
warning	boolean

31.1.178. smb.kerberos (object)

Name	Type	Description
realm	string
snames	array of strings

31.1.179. smb.dcerpc (object)

Name	Type	Description
call_id	integer
interfaces	array of objects
opnum	integer
req	object
request	string
res	object
response	string

31.1.180. smb.dcerpc.res (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

31.1.181. smb.dcerpc.req (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

31.1.182. smb.dcerpc.interfaces (array of objects)

Name	Type	Description
ack_reason	integer
ack_result	integer
uuid	string
version	string

31.1.183. sip (object)

Name	Type	Description
code	string
method	string
reason	string
request_line	string
response_line	string
sdp	object	SDP message body
uri	string
version	string

31.1.184. sip.sdp (object)

Name	Type	Description
attributes	array of strings	A list of attributes to extend SDP
bandwidths	array of strings	Proposed bandwidths to be used by the session or media
connection_data	string	Connection data
email	string	Email address for the person responsible for the conference
encryption_key	string	Field used to convey encryption keys if SDP is used over a secure channel
media_descriptions	array of objects	A list of media descriptions for a session
origin	string	Owner of the session
phone_number	string	Phone number for the person responsible for the conference
session_info	string	Textual information about the session
session_name	string	Session name
time_descriptions	array of objects	A list of time descriptions for a session
timezone	string	Timezone to specify adjustments for times and offsets from the base time
uri	string	A pointer to additional information about the session
version	integer	SDP protocol version

31.1.185. sip.sdp.time_descriptions (array of objects)

Name	Type	Description
repeat_time	string	Specify repeat times for a session
time	string	Start and stop times for a session

31.1.186. sip.sdp.media_descriptions (array of objects)

Name	Type	Description
attributes	array of strings	A list of attributes specified for a media description
bandwidths	array of strings	A list of bandwidth proposed for a media
connection_data	string	Connection data per media description
encryption_key	string	Field used to convey encryption keys if SDP is used over a secure channel
media	string	Media description
media_info	string	Media information primarily intended for labelling media streams

31.1.187. rpc (object)

Name	Type	Description
auth_type	string
creds	object
status	string
xid	integer

31.1.188. rpc.creds (object)

Name	Type	Description
gid	integer
machine_name	string
uid	integer

31.1.189. rfb (object)

Name	Type	Description
authentication	object
client_protocol_version	object
framebuffer	object
screen_shared	boolean
server_protocol_version	object

31.1.190. rfb.server_protocol_version (object)

Name	Type	Description
major	string
minor	string

31.1.191. rfb.framebuffer (object)

Name	Type	Description
height	integer
name	string
pixel_format	object
width	integer

31.1.192. rfb.framebuffer.pixel_format (object)

Name	Type	Description
big_endian	boolean
bits_per_pixel	integer
blue_max	integer
blue_shift	integer
depth	integer
green_max	integer
green_shift	integer
red_max	integer
red_shift	integer
true_color	boolean

31.1.193. rfb.client_protocol_version (object)

Name	Type	Description
major	string
minor	string

31.1.194. rfb.authentication (object)

Name	Type	Description
security_result	string
security_type	integer
vnc	object

31.1.195. rfb.authentication.vnc (object)

Name	Type	Description
challenge	string
response	string

31.1.196. rdp (object)

Name	Type	Description
channels	array of strings
client	object
cookie	string
event_type	string
tx_id	integer

31.1.197. rdp.client (object)

Name	Type	Description
build	string
capabilities	array of strings
client_name	string
color_depth	integer
desktop_height	integer
desktop_width	integer
function_keys	integer
id	string
keyboard_layout	string
keyboard_type	string
product_id	integer
version	string

31.1.198. quic (object)

Name	Type	Description
cyu	array of objects	ja3-like fingerprint for versions of QUIC before standardization
extensions	array of objects	list of extensions in hello
ja3	object	ja3 from client, as in TLS
ja3s	object	ja3 from server, as in TLS
ja4	string
sni	string	Server Name Indication
ua	string	User Agent for versions of QUIC before standardization
version	string	Quic protocol version

31.1.199. quic.ja3s (object)

Name	Type	Description
hash	string	ja3s hex representation
string	string	ja3s string representation

31.1.200. quic.ja3 (object)

Name	Type	Description
hash	string	ja3 hex representation
string	string	ja3 string representation

31.1.201. quic.extensions (array of objects)

Name	Type	Description
name	string	human-friendly name of the extension
type	integer	integer identifier of the extension
values	array of strings	extension values

31.1.202. quic.cyu (array of objects)

Name	Type	Description
hash	string	cyu hash hex representation
string	string	cyu hash string representation

31.1.203. pop3 (object)

Name	Type	Description
request	object
response	object

31.1.204. pop3.response (object)

Name	Type	Description
data	array of strings
header	string	first line of response
status	string
success	boolean	response indicated positive status ie +OK

31.1.205. pop3.request (object)

Name	Type	Description
args	array of strings	pop3 request arguments
command	string	a pop3 command, for example USER or STAT

31.1.206. pgsql (object)

Name	Type	Description
request	object
response	object
tx_id	integer

31.1.207. pgsql.response (object)

Name	Type	Description
authentication_md5_password	string
authentication_sasl_final	string
code	string
command_completed	string
copy_data_out	object	CopyData message from CopyOut mode
copy_in_response	object	Backend/server response accepting CopyIn mode
copy_out_response	object	Backend/server response accepting CopyOut mode
data_rows	integer
data_size	integer
field_count	integer
file	string
line	string
message	string
parameter_status	array of objects
process_id	integer
routine	string
secret_key	integer
severity_localizable	string
severity_non_localizable	string
ssl_accepted	boolean

31.1.208. pgsql.response.parameter_status (array of objects)

Name	Type	Description
application_name	string
client_encoding	string
date_style	string
integer_datetimes	string
interval_style	string
is_superuser	string
server_encoding	string
server_version	string
session_authorization	string
standard_conforming_strings	string
time_zone	string

31.1.209. pgsql.response.copy_out_response (object)

Name	Type	Description
columns	integer	Number of columns that will be copied in the CopyData message

31.1.210. pgsql.response.copy_in_response (object)

Name	Type	Description
columns	integer	Number of columns that will be copied in the CopyData message

31.1.211. pgsql.response.copy_data_out (object)

Name	Type	Description
data_size	integer	Accumulated data size of all CopyData messages sent
row_count	integer	Number of rows sent in CopyData messages

31.1.212. pgsql.request (object)

Name	Type	Description
copy_data_in	object	CopyData message from CopyIn mode
message	string
password	string
password_redacted	boolean	indicates if a password message was received but not logged due to Suricata settings
process_id	integer
protocol_version	string
sasl_authentication_mechanism	string
sasl_param	string
sasl_response	string
secret_key	integer
simple_query	string
startup_parameters	object

31.1.213. pgsql.request.startup_parameters (object)

Name	Type	Description
optional_parameters	array of objects
user	string

31.1.214. pgsql.request.startup_parameters.optional_parameters (array of objects)

Name	Type	Description
application_name	string
client_encoding	string
database	string
datestyle	string
extra_float_digits	string
options	string
replication	string

31.1.215. pgsql.request.copy_data_in (object)

Name	Type	Description
data_size	integer	Accumulated data size of all CopyData messages sent
msg_count	integer	How many CopyData messages were sent (does not necessarily match number of rows from the query)

31.1.216. packet_info (object)

Name	Type	Description
linktype	integer
linktype_name	string	the descriptive name of the linktype

31.1.217. nfs (object)

Name	Type	Description
file_tx	boolean
filename	string
hhash	string
id	integer
procedure	string
read	object
rename	object
status	string
type	string
version	integer
write	object

31.1.218. nfs.write (object)

Name	Type	Description
chunks	integer
first	boolean
last	boolean
last_xid	integer

31.1.219. nfs.rename (object)

Name	Type	Description
from	string
to	string

31.1.220. nfs.read (object)

Name	Type	Description
chunks	integer
first	boolean
last	boolean
last_xid	integer

31.1.221. netflow (object)

Name	Type	Description
age	integer
bytes	integer
end	string
max_ttl	integer
min_ttl	integer
pkts	integer
start	string
tx_cnt	integer

31.1.222. mqtt (object)

Name	Type	Description
connack	object
connect	object
disconnect	object
pingreq	object
pingresp	object
puback	object
pubcomp	object
publish	object
pubrec	object
pubrel	object
suback	object
subscribe	object
unsuback	object
unsubscribe	object

31.1.223. mqtt.unsubscribe (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
retain	boolean
topics	array of strings

31.1.224. mqtt.unsuback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_codes	array of integers
retain	boolean

31.1.225. mqtt.subscribe (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
retain	boolean
topics	array of objects

31.1.226. mqtt.subscribe.topics (array of objects)

Name	Type	Description
qos	integer
topic	string

31.1.227. mqtt.suback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
qos_granted	array of integers
retain	boolean

31.1.228. mqtt.pubrel (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

31.1.229. mqtt.pubrec (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

31.1.230. mqtt.publish (object)

Name	Type	Description
dup	boolean
message	string
message_id	integer
properties	object
qos	integer
retain	boolean
skipped_length	integer
topic	string
truncated	boolean

31.1.231. mqtt.pubcomp (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

31.1.232. mqtt.puback (object)

Name	Type	Description
dup	boolean
message_id	integer
qos	integer
reason_code	integer
retain	boolean

31.1.233. mqtt.pingresp (object)

Name	Type	Description
dup	boolean
qos	integer
retain	boolean

31.1.234. mqtt.pingreq (object)

Name	Type	Description
dup	boolean
qos	integer
retain	boolean

31.1.235. mqtt.disconnect (object)

Name	Type	Description
dup	boolean
properties	object
qos	integer
reason_code	integer
retain	boolean

31.1.236. mqtt.connect (object)

Name	Type	Description
client_id	string
dup	boolean
flags	object
password	string
properties	object
protocol_string	string
protocol_version	integer
qos	integer
retain	boolean
username	string
will	object

31.1.237. mqtt.connect.will (object)

Name	Type	Description
message	string
properties	object
topic	string

31.1.238. mqtt.connect.flags (object)

Name	Type	Description
clean_session	boolean
password	boolean
username	boolean
will	boolean
will_retain	boolean

31.1.239. mqtt.connack (object)

Name	Type	Description
dup	boolean
properties	object
qos	integer
retain	boolean
return_code	integer
session_present	boolean

31.1.240. modbus (object)

Name	Type	Description
id	integer
request	object
response	object

31.1.241. modbus.response (object)

Name	Type	Description
access_type	string
category	string
data	string
diagnostic	object
error_flags	string
exception	object
function_code	string
function_raw	integer
protocol_id	integer
read	object
transaction_id	integer
unit_id	integer
write	object

31.1.242. modbus.response.write (object)

Name	Type	Description
address	integer
data	integer

31.1.243. modbus.response.read (object)

Name	Type	Description
data	string

31.1.244. modbus.response.exception (object)

Name	Type	Description
code	string
raw	integer

31.1.245. modbus.response.diagnostic (object)

Name	Type	Description
code	string
data	string
raw	integer

31.1.246. modbus.request (object)

Name	Type	Description
access_type	string
category	string
data	string
diagnostic	object
error_flags	string
function_code	string
function_raw	integer
mei	object
protocol_id	integer
read	object
transaction_id	integer
unit_id	integer
write	object

31.1.247. modbus.request.write (object)

Name	Type	Description
address	integer
data	integer

31.1.248. modbus.request.read (object)

Name	Type	Description
address	integer
quantity	integer

31.1.249. modbus.request.mei (object)

Name	Type	Description
code	string
data	string
raw	integer

31.1.250. modbus.request.diagnostic (object)

Name	Type	Description
code	string
data	string
raw	integer

31.1.251. metadata (object)

Name	Type	Description
entropy	object
flowbits	array of strings
flowints	object
flowvars	array of objects
pktvars	array of objects

31.1.252. metadata.pktvars (array of objects)

Name	Type	Description
uid	string
username	string

31.1.253. metadata.flowvars (array of objects)

Name	Type	Description
gid	string
key	string
value	string

31.1.254. mdns (object)

Name	Type	Description
additionals	array of unknowns	mDNS additional records
answers	array of objects	mDNS answer records
authorities	array of unknowns	mDNS authority records
flags	array of unknowns	mDNS message flags
id	integer	mDNS transaction ID
opcode	integer	mDNS opcode value
queries	array of objects	mDNS query records
rcode	integer	mDNS reply (error) code
type	string	Type of message, either a request or response

31.1.255. mdns.queries (array of objects)

Name	Type	Description
rrname	string
rrtype	string

31.1.256. mdns.answers (array of objects)

Name	Type	Description
ptr	string
rrname	string
txt	array of unknowns

31.1.257. ldap (object)

Name	Type	Description
request	object
responses	array of objects

31.1.258. ldap.responses (array of objects)

Name	Type	Description
add_response	object
bind_response	object
compare_response	object
del_response	object
extended_response	object
intermediate_response	object
mod_dn_response	object
modify_response	object
search_result_done	object

31.1.259. ldap.responses.search_result_done (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.260. ldap.responses.modify_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.261. ldap.responses.mod_dn_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.262. ldap.responses.intermediate_response (object)

Name	Type	Description
name	string
value	string

31.1.263. ldap.responses.extended_response (object)

Name	Type	Description
matched_dn	string
message	string
name	string
result_code	string
value	string

31.1.264. ldap.responses.del_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.265. ldap.responses.compare_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.266. ldap.responses.bind_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string
server_sasl_creds	string

31.1.267. ldap.responses.add_response (object)

Name	Type	Description
matched_dn	string
message	string
result_code	string

31.1.268. ldap.request (object)

Name	Type	Description
abandon_request	object
add_request	object
bind_request	object
compare_request	object
del_request	object
extended_request	object
message_id	integer
mod_dn_request	object
modify_request	object
operation	string
search_request	object

31.1.269. ldap.request.search_request (object)

Name	Type	Description
attributes	array of strings
base_object	string
deref_alias	integer
scope	integer
size_limit	integer
time_limit	integer
types_online	boolean

31.1.270. ldap.request.modify_request (object)

Name	Type	Description
changes	array of objects
object	string

31.1.271. ldap.request.modify_request.changes (array of objects)

Name	Type	Description
modification	object
operation	string

31.1.272. ldap.request.modify_request.changes.modification (object)

Name	Type	Description
attribute_type	string
attribute_values	array of strings

31.1.273. ldap.request.mod_dn_request (object)

Name	Type	Description
delete_old_rdn	boolean
entry	string
new_rdn	string
new_superior	string

31.1.274. ldap.request.extended_request (object)

Name	Type	Description
name	string
value	string

31.1.275. ldap.request.del_request (object)

Name	Type	Description
dn	string

31.1.276. ldap.request.compare_request (object)

Name	Type	Description
attribute_value_assertion	object
entry	string

31.1.277. ldap.request.compare_request.attribute_value_assertion (object)

Name	Type	Description
description	string
value	string

31.1.278. ldap.request.bind_request (object)

Name	Type	Description
name	string
sasl	object
version	integer

31.1.279. ldap.request.bind_request.sasl (object)

Name	Type	Description
credentials	string
mechanism	string

31.1.280. ldap.request.add_request (object)

Name	Type	Description
attributes	array of objects
entry	string

31.1.281. ldap.request.add_request.attributes (array of objects)

Name	Type	Description
name	string
values	array of strings

31.1.282. ldap.request.abandon_request (object)

Name	Type	Description
message_id	integer

31.1.283. krb5 (object)

Name	Type	Description
cname	string
encryption	string
error_code	string
failed_request	string
msg_type	string
realm	string
sname	string
ticket_encryption	string
ticket_weak_encryption	boolean
weak_encryption	boolean

31.1.284. ike (object)

Name	Type	Description
alg_auth	string
alg_auth_raw	integer
alg_dh	string
alg_dh_raw	integer
alg_enc	string
alg_enc_raw	integer
alg_hash	string
alg_hash_raw	integer
exchange_type	integer
exchange_type_verbose	string
ikev1	object
ikev2	object
init_spi	string
message_id	integer
payload	array of strings
resp_spi	string
role	string
sa_key_length	string
sa_key_length_raw	integer
sa_life_duration	string
sa_life_duration_raw	integer
sa_life_type	string
sa_life_type_raw	integer
version_major	integer
version_minor	integer

31.1.285. ike.ikev2 (object)

Name	Type	Description
errors	integer
notify	array of unknowns

31.1.286. ike.ikev1 (object)

Name	Type	Description
client	object
doi	integer
encrypted_payloads	boolean
server	object
vendor_ids	array of strings

31.1.287. ike.ikev1.server (object)

Name	Type	Description
key_exchange_payload	string
key_exchange_payload_length	integer
nonce_payload	string
nonce_payload_length	integer

31.1.288. ike.ikev1.client (object)

Name	Type	Description
key_exchange_payload	string
key_exchange_payload_length	integer
nonce_payload	string
nonce_payload_length	integer
proposals	array of objects

31.1.289. ike.ikev1.client.proposals (array of objects)

Name	Type	Description
alg_auth	string
alg_auth_raw	integer
alg_dh	string
alg_dh_raw	integer
alg_enc	string
alg_enc_raw	integer
alg_hash	string
alg_hash_raw	integer
sa_key_length	string
sa_key_length_raw	integer
sa_life_duration	string
sa_life_duration_raw	integer
sa_life_type	string
sa_life_type_raw	integer

31.1.290. http (object)

Name	Type	Description
content_range	object
hostname	string
http2	object
http_content_type	string
http_method	string
http_port	integer
http_refer	string
http_response_body	string
http_response_body_printable	string
http_user_agent	string
length	integer
org_src_ip	string
protocol	string
redirect	string
request_headers	array of objects
response_headers	array of objects
status	integer
status_string	string	status string when it is not a valid integer (like 2XX)
true_client_ip	string
url	string
version	string
x_bluecoat_via	string
xff	string

31.1.291. http.response_headers (array of objects)

Name	Type	Description
name	string
table_size_update	integer
value	string

31.1.292. http.request_headers (array of objects)

Name	Type	Description
name	string
table_size_update	integer
value	string

31.1.293. http.http2 (object)

Name	Type	Description
request	object
response	object
stream_id	integer

31.1.294. http.http2.response (object)

Name	Type	Description
error_code	string
has_multiple	string
settings	array of objects

31.1.295. http.http2.response.settings (array of objects)

Name	Type	Description
settings_id	string
settings_value	integer

31.1.296. http.http2.request (object)

Name	Type	Description
error_code	string
has_multiple	string
priority	integer
settings	array of objects

31.1.297. http.http2.request.settings (array of objects)

Name	Type	Description
settings_id	string
settings_value	integer

31.1.298. http.content_range (object)

Name	Type	Description
end	integer
raw	string
size	integer
start	integer

31.1.299. ftp_data (object)

Name	Type	Description
command	string
filename	string

31.1.300. ftp (object)

Name	Type	Description
command	string
command_data	string
command_truncated	boolean
completion_code	array of strings
dynamic_port	integer
mode	string
reply	array of strings
reply_received	string
reply_truncated	boolean

31.1.301. frame (object)

Name	Type	Description
complete	boolean
direction	string
id	integer
length	integer
payload	string
payload_printable	string
stream_offset	integer
tx_id	integer
type	string

31.1.302. flow (object)

Name	Type	Description
action	string
age	integer
alerted	boolean
bypass	string
bypassed	object
bytes_toclient	integer
bytes_toserver	integer
dest_ip	string
dest_port	integer
elephant	boolean
emergency	boolean
end	string
exception_policy	array of unknowns	The exception policy(ies) triggered by the flow. Not logged if none was triggered
pkts_toclient	integer
pkts_toserver	integer
reason	string
src_ip	string
src_port	integer
start	string
state	string
tx_cnt	integer
wrong_thread	boolean

31.1.303. flow.bypassed (object)

Name	Type	Description
bytes_toclient	integer
bytes_toserver	integer
pkts_toclient	integer
pkts_toserver	integer

31.1.304. files (array of objects)

Name	Type	Description
end	integer
file_id	integer
filename	string
gaps	boolean
magic	string
md5	string
sha1	string
sha256	string
sid	array of integers
size	integer
start	integer
state	string
stored	boolean
storing	boolean	the file is set to be stored when completed
tx_id	integer

31.1.305. fileinfo (object)

Name	Type	Description
end	integer
file_id	integer
filename	string
gaps	boolean
magic	string
md5	string
sha1	string
sha256	string
sid	array of integers
size	integer
start	integer
state	string
stored	boolean
storing	boolean	the file is set to be stored when completed
tx_id	integer

31.1.306. ether (object)

Name	Type	Description
dest_mac	string
dest_macs	array of strings
ether_type	integer	Ethernet type value
src_mac	string
src_macs	array of strings

31.1.307. enip (object)

Name	Type	Description
request	object
response	object

31.1.308. enip.response (object)

Name	Type	Description
cip	object
command	string
identity	object
list_services	object
register_session	object
status	string

31.1.309. enip.response.register_session (object)

Name	Type	Description
options	integer
protocol_version	integer

31.1.310. enip.response.list_services (object)

Name	Type	Description
capabilities	integer
protocol_version	integer
service_name	string

31.1.311. enip.response.identity (object)

Name	Type	Description
device_type	string
product_code	integer
product_name	string
protocol_version	integer
revision	string
serial	integer
state	integer
status	integer
vendor_id	string

31.1.312. enip.response.cip (object)

Name	Type	Description
multiple	array of objects
service	string
status	string
status_extended	string
status_extended_meaning	string

31.1.313. enip.response.cip.multiple (array of objects)

Name	Type	Description
service	string
status	string
status_extended	string
status_extended_meaning	string

31.1.314. enip.request (object)

Name	Type	Description
cip	object
command	string
register_session	object
status	string

31.1.315. enip.request.register_session (object)

Name	Type	Description
options	integer
protocol_version	integer

31.1.316. enip.request.cip (object)

Name	Type	Description
class_name	string
multiple	array of objects
path	array of objects
service	string

31.1.317. enip.request.cip.path (array of objects)

Name	Type	Description
segment_type	string
value	integer

31.1.318. enip.request.cip.multiple (array of objects)

Name	Type	Description
class_name	string
path	array of objects
service	string

31.1.319. enip.request.cip.multiple.path (array of objects)

Name	Type	Description
segment_type	string
value	integer

31.1.320. engine (object)

Name	Type	Description
error	string
error_code	integer
message	string
module	string
thread_name	string

31.1.321. email (object)

Name	Type	Description
attachment	array of strings
body_md5	string
cc	array of strings
date	string
from	string
has_exe_url	boolean
has_ipv4_url	boolean
has_ipv6_url	boolean
message_id	string
received	array of strings
status	string
subject	string
subject_md5	string
to	array of strings
url	array of strings
x_mailer	string

31.1.322. drop (object)

Name	Type	Description
ack	boolean
fin	boolean
flowlbl	integer
hoplimit	integer
icmp_id	integer
icmp_seq	integer
ipid	integer
len	integer
psh	boolean
reason	string
rst	boolean
syn	boolean
tc	integer
tcpack	integer
tcpres	integer
tcpseq	integer
tcpurgp	integer
tcpwin	integer
tos	integer
ttl	integer
udplen	integer
urg	boolean
verdict	object

31.1.323. drop.verdict (object)

Name	Type	Description
action	string
reject	array of strings
reject-target	string

31.1.324. dns (object)

Name	Type	Description
aa	boolean
additionals	array of objects
answer	object
answers	array of objects
authorities	array of objects
flags	string
grouped	object
id	integer
opcode	integer	DNS opcode as an integer
qr	boolean
queries	array of objects
query	array of objects
ra	boolean
rcode	string
rd	boolean
rrname	string
rrtype	string
tc	boolean	DNS truncation flag
tx_id	integer
type	string
version	integer	The version of this EVE DNS event
z	boolean

31.1.325. dns.query (array of objects)

Name	Type	Description
id	integer
opcode	integer	DNS opcode as an integer
rrname	string
rrtype	string
tx_id	integer
type	string
z	boolean

31.1.326. dns.queries (array of objects)

Name	Type	Description
id	integer
opcode	integer	DNS opcode as an integer
rrname	string
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata
rrtype	string
tx_id	integer
type	string
z	boolean

31.1.327. dns.grouped (object)

Name	Type	Description
A	array of strings
AAAA	array of strings
CNAME	array of strings
MX	array of strings
NS	array of strings
NULL	array of strings
PTR	array of strings
SOA	array of unknowns
SRV	array of objects
SSHFP	array of objects	A Secure Shell fingerprint is used to verify the system’s authenticity
TXT	array of strings

31.1.328. dns.grouped.SSHFP (array of objects)

Name	Type	Description
algo	integer
fingerprint	string
type	integer

31.1.329. dns.grouped.SRV (array of objects)

Name	Type	Description
name	string
port	integer
priority	integer
weight	integer

31.1.330. dns.authorities (array of objects)

Name	Type	Description
rdata	string
rdata_truncated	boolean	Set to true if the rdata was too long and truncated by Suricata
rrname	string
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata
rrtype	string
soa	object
ttl	integer

31.1.331. dns.authorities.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata
refresh	integer
retry	integer
rname	string
serial	integer

31.1.332. dns.answers (array of objects)

Name	Type	Description
rdata	string
rrname	string
rrtype	string
soa	object
srv	object
sshfp	object	A Secure Shell fingerprint, used to verify the system’s authenticity
ttl	integer

31.1.333. dns.answers.sshfp (object)

Name	Type	Description
algo	integer
fingerprint	string
type	integer

31.1.334. dns.answers.srv (object)

Name	Type	Description
name	string
port	integer
priority	integer
weight	integer

31.1.335. dns.answers.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata
refresh	integer
retry	integer
rname	string
serial	integer

31.1.336. dns.answer (object)

Name	Type	Description
additionals	array of objects
authorities	array of objects
flags	string
id	integer
opcode	integer	DNS opcode as an integer
qr	boolean
ra	boolean
rcode	string
rd	boolean
rrname	string
rrtype	string
type	string
version	integer

31.1.337. dns.answer.authorities (array of objects)

Name	Type	Description
rdata	string
rdata_truncated	boolean	Set to true if the rdata was too long and truncated by Suricata
rrname	string
rrname_truncated	boolean	Set to true if the rrname was too long and truncated by Suricata
rrtype	string
soa	object
ttl	integer

31.1.338. dns.answer.authorities.soa (object)

Name	Type	Description
expire	integer
minimum	integer
mname	string
mname_truncated	boolean	Set to true if the mname was too long and truncated by Suricata
refresh	integer
retry	integer
rname	string
serial	integer

31.1.339. dns.answer.additionals (array of objects)

Name	Type	Description
opt	array of objects
rdata	string
rrname	string
rrtype	string
ttl	integer

31.1.340. dns.answer.additionals.opt (array of objects)

Name	Type	Description
code	integer
data	string

31.1.341. dns.additionals (array of objects)

Name	Type	Description
opt	array of objects
rdata	string
rrname	string
rrtype	string
ttl	integer

31.1.342. dns.additionals.opt (array of objects)

Name	Type	Description
code	integer
data	string

31.1.343. dnp3 (object)

Name	Type	Description
application	object
control	object
dst	integer
iin	object
request	object
response	object
src	integer
type	string

31.1.344. dnp3.response (object)

Name	Type	Description
application	object
control	object
dst	integer
iin	object
src	integer
type	string

31.1.345. dnp3.response.iin (object)

Name	Type	Description
indicators	array of strings

31.1.346. dnp3.response.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

31.1.347. dnp3.response.application (object)

Name	Type	Description
complete	boolean
control	object
function_code	integer
objects	array of objects

31.1.348. dnp3.response.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
points	array of objects
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer

31.1.349. dnp3.response.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

31.1.350. dnp3.request (object)

Name	Type	Description
application	object
control	object
dst	integer
src	integer
type	string

31.1.351. dnp3.request.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

31.1.352. dnp3.request.application (object)

Name	Type	Description
complete	boolean
control	object
function_code	integer
objects	array of objects

31.1.353. dnp3.request.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
points	array of objects
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer

31.1.354. dnp3.request.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

31.1.355. dnp3.iin (object)

Name	Type	Description
indicators	array of strings

31.1.356. dnp3.control (object)

Name	Type	Description
dir	boolean
fcb	boolean
fcv	boolean
function_code	integer
pri	boolean

31.1.357. dnp3.application (object)

Name	Type	Description
complete	boolean
control	object
function_code	integer
objects	array of objects

31.1.358. dnp3.application.objects (array of objects)

Name	Type	Description
count	integer
group	integer
points	array of objects
prefix_code	integer
qualifier	integer
range_code	integer
start	integer
stop	integer
variation	integer

31.1.359. dnp3.application.control (object)

Name	Type	Description
con	boolean
fin	boolean
fir	boolean
sequence	integer
uns	boolean

31.1.360. dhcp (object)

Name	Type	Description
assigned_ip	string
client_id	string
client_ip	string
client_mac	string
dhcp_type	string
dns_servers	array of strings
hostname	string
id	integer
lease_time	integer
next_server_ip	string
params	array of strings
rebinding_time	integer
relay_ip	string
renewal_time	integer
requested_ip	string
routers	array of strings
subnet_mask	string
type	string
vendor_class_identifier	string

31.1.361. dcerpc (object)

Name	Type	Description
activityuuid	string
call_id	integer
interfaces	array of objects
req	object
request	string
res	object
response	string
rpc_version	string
seqnum	integer

31.1.362. dcerpc.res (object)

Name	Type	Description
frag_cnt	integer
stub_data_size	integer

31.1.363. dcerpc.req (object)

Name	Type	Description
frag_cnt	integer
opnum	integer
stub_data_size	integer

31.1.364. dcerpc.interfaces (array of objects)

Name	Type	Description
ack_result	integer
uuid	string
version	string

31.1.365. bittorrent_dht (object)

Name	Type	Description
client_version	string
error	object
request	object
request_type	string
response	object
transaction_id	string

31.1.366. bittorrent_dht.response (object)

Name	Type	Description
id	string
nodes	array of objects
nodes6	array of objects
token	string
values	array of objects

31.1.367. bittorrent_dht.response.nodes6 (array of objects)

Name	Type	Description
id	string
ip	string
port	number

31.1.368. bittorrent_dht.request (object)

Name	Type	Description
id	string
implied_port	integer
info_hash	string
port	integer
target	string
token	string

31.1.369. bittorrent_dht.error (object)

Name	Type	Description
msg	string
num	integer

31.1.370. arp (object)

Name	Type	Description
dest_ip	string	Logical address of the intended receiver
dest_mac	string	Physical address of the intended receiver
hw_type	string	Network link protocol type
opcode	string	Specifies the operation that the sender is performing
proto_type	string	Internetwork protocol for which the ARP request is intended
src_ip	string	Logical address of the sender
src_mac	string	Physical address of the sender

31.1.371. anomaly (object)

Name	Type	Description
app_proto	string
code	integer
event	string
layer	string
type	string

31.1.372. alert (object)

Name	Type	Description
action	string
category	string
context	object	Extra context data created by keywords such as dataset with JSON
gid	integer
metadata	object
references	array of strings
rev	integer
rule	string
severity	integer
signature	string
signature_id	integer
source	object
target	object
xff	string

31.1.373. alert.target (object)

Name	Type	Description
ip	string
port	integer

31.1.374. alert.source (object)

Name	Type	Description
ip	string
port	integer

31.1.375. alert.metadata (object)

Name	Type	Description
affected_product	array of strings
attack_target	array of strings
created_at	array of strings
deployment	array of strings
former_category	array of strings
malware_family	array of strings
policy	array of strings
signature_severity	array of strings
tag	array of strings
updated_at	array of strings