#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	smb_cmd
#open	2018-02-23-14-06-36
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	command	sub_command	argument	status	rtt	version	username	tree	tree_service	referenced_file.ts	referenced_file.uid	referenced_file.id.orig_h	referenced_file.id.orig_p	referenced_file.id.resp_h	referenced_file.id.resp_p	referenced_file.fuid	referenced_file.action	referenced_file.path	referenced_file.name	referenced_file.size	referenced_file.prev_name	referenced_file.times.modified	referenced_file.times.accessed	referenced_file.times.created	referenced_file.times.changed
#types	time	string	addr	port	addr	port	string	string	string	string	interval	string	string	string	string	time	string	addr	port	addr	port	string	enum	string	string	count	string	time	time	time	time
1132371118.616015	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	DELETE	-	-	OBJECT_NAME_NOT_FOUND	0.000402	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.616015	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	-	-	-	0	-	-	-	-	-
1132371118.616918	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	NT_CREATE_ANDX	-	\\torture_qfileinfo.txt	SUCCESS	0.002294	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.616918	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	SMB::FILE_OPEN	-	\\torture_qfileinfo.txt	0	-	-	-	-	-
1132371118.619790	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	WRITE_ANDX	-	\\torture_qfileinfo.txt	SUCCESS	0.017282	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.616918	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	FIxf101tzPDfOHDM2f	SMB::FILE_WRITE	\\\\192.168.114.129\\TEST	\\torture_qfileinfo.txt	0	-	1132371118.176250	1132371118.176250	1132371118.176250	1132371118.176250
1132371118.637543	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	TRANSACTION2	SET_FILE_INFORMATION	-	SUCCESS	0.000680	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.637543	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	-	-	-	0	-	-	-	-	-
1132371118.638826	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	SET_INFORMATION2	-	-	SUCCESS	0.001036	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.638826	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	-	-	-	0	-	-	-	-	-
1132371118.640486	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	QUERY_INFORMATION2	-	-	SUCCESS	0.000368	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.640486	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	-	-	-	0	-	-	-	-	-
1132371118.673194	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	QUERY_INFORMATION	-	-	SUCCESS	0.000943	SMB1	-	\\\\192.168.114.129\\TEST	A:	1132371118.673194	CyJmiE3Q1jwSEU234e	192.168.114.1	52704	192.168.114.129	445	-	-	-	-	0	-	-	-	-	-
#close	2018-02-23-14-06-36