next up previous contents
Next: 5.3 Packet Modifications Up: 5 Interface Description Previous: 5.1 NETLOG File Format   Contents

Subsections


5.2 STREAMSLOG File Format

To speed up the initial loading of log files, it has been chosen to keep as a separate file, a list of all TCP streams which occur within a log file. Such a file will consists of one line per TCP stream that occurs within the related NETLOG file. This also reduces NETLOG file sizes by removing the redundancy of repeating full stream information for every single data point. There is no requirement on the ordering of the streams. Typically when creating a log file, streams would be added as the first occurrence of the stream is written to the log file. Also, the first line of a STREAMSLOG file is a version identifier, which is STREAMSLOG1.0 for the format described here.

A STREAMSLOG file will contain the following fields, which are sufficient to identify a TCP stream for our purposes.

  1. An integer unique to the the stream, by which the stream is referred to in the NETLOG file
  2. The destination IP address, saved as four decimal values ranging from 0 to 255 each separated by a `.'
  3. The destination TCP port, as a decimal integer
  4. The source IP address, saved as four decimal values ranging from 0 to 255 separated by a `.'
  5. The source TCP port, as a decimal integer

Each record within the file refers to a single TCP stream. It contains the fields mentioned above, in the given order, each separated by a space. A newline character is placed at the end of every record except the last within a file.

5.2.1 STREAMSLOG Example 

STREAMSLOG1.0
0 192.168.1.2 80 192.168.1.1 6322
1 192.168.1.4 21 192.168.1.1 6325
2 128.250.74.133 80 192.168.1.1 6326

5.2.2 STREAMSLOG Grammar 

file -> version, (newline, stream)*
version -> 'STREAMSLOG1.0'
stream -> id, sp, destad, sp, destport, sp, sourcead, sp, sourceport
sp -> ' '
id -> integer
destad -> integer, dot, integer, dot, integer, dot, integer
sourcead -> integer, dot, integer, dot, integer, dot, integer
dot -> '.'
destport -> integer
sourceport -> integer
integer -> digit+
digit -> '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9'
newline -> '\n'

next up previous contents
Next: 5.3 Packet Modifications Up: 5 Interface Description Previous: 5.1 NETLOG File Format   Contents