Merge pull request #19 from chrissanders/flowbat/v1.5.0

Flowbat/v1.5.0
chrissanders · Mar 2, 2016 · bd28cb3 · bd28cb3
2 parents 1853588 + 9cd60b1
commit bd28cb3
Show file tree

Hide file tree

Showing 34 changed files with 911 additions and 111 deletions.
diff --git a/README.md b/README.md
@@ -6,4 +6,4 @@ Installation: http://www.flowbat.com/installation.html<br/>
 User Manual: http://www.flowbat.com/user-manual.html<br/>
 Support: [email protected]
 
-v1.3.2
+v1.5.0
diff --git a/client/helpers.coffee b/client/helpers.coffee
@@ -2,6 +2,10 @@ UI.registerHelper("fieldI18nString", ->
   "rwcut.fields." + @.trim()
 )
 
+UI.registerHelper("fieldDefinitions", ->
+  "field.definitions." + @.trim()
+)
+
 UI.registerHelper("fieldIsSelected", (query, property) ->
   @.toString() in query[property]
 )

diff --git a/client/i18n/en.coffee b/client/i18n/en.coffee
@@ -119,7 +119,7 @@ i18n.addResourceBundle("en",
       "initialFlags": "Initial flags"
       "sessionFlags": "Session flags"
       "application": "Application"
-      "type": "Sensor type"
+      "type": "Flow type"
       "sTime+msec": "starting time of flow including milliseconds (milliseconds are always displayed)"
       "eTime+msec": "end time of flow including milliseconds (milliseconds are always displayed)"
       "dur+msec": "duration of flow including milliseconds (milliseconds are always displayed)"
@@ -132,6 +132,44 @@ i18n.addResourceBundle("en",
       "Bytes": "Bytes"
       "cumul_%": "% Cumulative"
       "Date": "Bin date and time"
+  field:
+    definitions:
+      "sIP": "Source IP address. These can be specified during input as IP addresses or CIDR notation."
+      "dIP": "Destination IP address. These can be specified during input as IP addresses or CIDR notation."
+      "aIP": "Matches source or destination IP address. These can be specified during input as IP addresses or CIDR notation." # proxy
+      "sPort": "Source ports can be specified during input as individual ports or hypenated ranges (IE: 0-1024)"
+      "dPort": "Destination ports can be specified during input as individual ports or hypenated ranges (IE: 0-1024)"
+      "aPort": "This will match against records with a source or destination port matching this value or range (IE: 0-1024)." # proxy
+      "protocol": "Pass the record if its IP Suite Protocol is in this INTEGER_LIST, possible values are 0-255."
+      "pro": "$t(rwcut.fields.protocol)"
+      "packets": "Pass the record if its packet count is in this INTEGER_RANGE or value."
+      "bytes": "Pass the record if its average bytes per packet count (bytes/packet) is in this DECIMAL_RANGE."
+      "flags": "Pass the record if any of the HIGH_SET/MASK_SET pairs is true when looking at the bitwise OR of the TCP flags across all packets in the flow."
+      "sTime": "Starting time of flow (seconds resolution)."
+      "duration": "Duration of flow (seconds resolution)."
+      "dur": "$t(rwcut.fields.duration)"
+      "eTime": "End time of the flow (seconds resolution)."
+      "sensor": "Name or ID of the sensor where the flow was collected."
+      "sen": "$t(rwcut.fields.sensor)"
+      "class": "Binning by class and/or type equates to binning by the integer value used internally to represent the class/type pair. See the rwflowpack configuration."
+      "scc": "This is filtering or grouping by source country code. The source country code refers to the country code associated with the source address per flow record."
+      "dcc": "This is filtering or grouping by destination country code. The destination country code refers to the country code associated with the destination address per flow record."
+      "initialFlags": "Pass the record if the initial HIGH_SET/MASK_SET pairs is true when looking at the bitwise OR of the TCP flags across the FIRST packet in the flow."
+      "sessionFlags": "Pass the record if any of the HIGH_SET/MASK_SET pairs is true when looking at the bitwise OR of the TCP flags across all packets in the flow, excluding the first."
+      "application": "The application value is the port number that is traditionally used for that type of traffic but is based on packet inspection by the generator. If the application cannot be determined, a 0 is used. Not all flow generators will inspect data to this level."
+      "type": "Flow type. Types are defined in silk.conf, they typically refer to the direction of the flow. Examples include; int2"
+      "sTime+msec": "starting time of flow including milliseconds (milliseconds are always displayed)"
+      "eTime+msec": "end time of flow including milliseconds (milliseconds are always displayed)"
+      "dur+msec": "duration of flow including milliseconds (milliseconds are always displayed)"
+      "iType": "Pass the record if its ICMP (or ICMPv6) type is in this INTEGER_LIST; possible values 0-255."
+      "iCode": "Pass the record if its ICMP (or ICMPv6) code is in this INTEGER_LIST; possible values 0-255."
+      "icmpTypeCode": "ICMP type & code."
+      # rwstats values
+      "Records": "In rwstats, count the number of flow records that mapped to each bin."
+      "Packets": "In rwstats, sum the number of packets across all records that mapped to each bin."
+      "Bytes": "In rwstats, sum the number of bytes across all records that mapped to each bin."
+      "cumul_%": "Cumulative-percentage"
+      "Date": "Bin date and time"
   users:
     fields:
       username: "Username"