|
| Form | Field name | Field meaning | Relevant description |
|
| Login.csv | Time | Log generation time | |
| user | User name | Login user name |
| proto | Applied protocol | SSH, mysql, and so on |
| dip | Destination IP | Logged in IP |
| dport | Destination port | Logged in port |
| sip | Source IP | Login initiation IP |
| Sport | Source port | Login initiation port |
| State | Login results | Success or failure |
|
| Weblog.csv | Time | Log generation time | |
| sip | Source IP | Client IP |
| sport | Source port | Client application port |
| dip | Destination IP | Server IP |
| dport | Destination port | Server application port |
| Host | Requested domain name | Host field of HTTP header |
|
| TcpLog.csv | stime | TCP data flow start time | The start time of the TCP stream, that is, the time when the first syn packet of the stream is received |
| dtime | End time of TCP data flow | The end time of TCP flow, that is, the time when the last packet of the flow is received |
| proto | Agreement | Protocol field value in IP packet header |
| dip | Destination IP | Server IP of destination iptcp data stream |
| dport | Destination port | Server application port of TCP data flow |
| sip | Source IP | Client initiated IP of TCP data stream |
| Sport | Source port | Client application port of TCP data stream |
| uplink_length | Uplink bytes | The total number of bytes of application layer data sent from the client to the server from the establishment of the TCP stream to the end of the stream |
| downlink_length | Downlink bytes | The total number of bytes of application layer data sent from the server to the client from the establishment of the TCP stream to the end of the stream |
|
| Email.csv | Time | Mail sending/receiving time | Sending/receiving time of mail in the header |
| proto | Application protocol | SMTP |
| sip | Source IP | IP header source IP address |
| Sport | Source port | TCP header source application port |
| dip | Destination IP | IP header destination IP address |
| dport | Destination port | TCP header destination application port |
| from | Mail sender | From the corresponding field in the message header |
| to | Mail recipient | It comes from the corresponding field in the mail header. When multiple recipients appear, they are separated by semicolons. |
| Subject | Theme | From the corresponding field in the message header |
|
| Checking.csv | id | Employee ID | |
| Day | Date |
| checkin | Check in time |
| checkout | Off duty sign off time |
|
