Difference between revisions of "Khika Data Format"
(Created page with "KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every...") |
|||
Line 1: | Line 1: | ||
− | KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every message must have event_str key and value. | + | KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every message must have one event_str key and value. Other key-value pairs are optional |
+ | |||
+ | KHIKA Data Format | ||
+ | EPOCH_TIME : key1 value1 key2 value2 key3 value3.............keyn valuen event_str "value of event_str" | ||
Example: | Example: |
Revision as of 04:18, 31 May 2019
KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every message must have one event_str key and value. Other key-value pairs are optional
KHIKA Data Format EPOCH_TIME : key1 value1 key2 value2 key3 value3.............keyn valuen event_str "value of event_str"
Example: 1559126565 : tl_src_host my_laptop src_ip 192.168.1.100 dst_ip 8.8.8.8 src_port 176532 dst_port 53 event_str firewall_message
Though it is not compulsory, we HIGHLY recommend to enclose every key and value in double quotes. This is to take care of any space characters within key or value.
So, above message is better formatted as below
1559126565 : "tl_src_host" "my_laptop" "src_ip" "192.168.1.100" "dst_ip" "8.8.8.8" "src_port" "176532" "dst_port" "53" "event_str "firewall_message"