Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
Client¶
A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| address | Keyword | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the .address field. | Optional | None |
| bytes | Integer | Bytes sent from the client to the server. | Optional | None |
| domain | Domain | The domain name of the client system. | Optional | None |
| geo | Geo | Geo fields can carry data about a specific location related to an event. | Optional | None |
| ip | IP | IP address of the client (IPv4 or IPv6). | Optional | None |
| mac | MAC | MAC address of the client. | Optional | None |
| nat | Nat | Translated NAT sessions (e.g. internal client to internet). | Optional | None |
| packets | Integer | Packets sent from the destination to the source. | Optional | None |
| port | Integer | Port of the client. | Optional | None |