1 The darkstat export format was designed by Ben Stewart.
2 Note that all integers are stored in network order (big-endian).
4 FILE HEADER 0xDA314159 darkstat export format
5 SECTION HEADER 0xDA 'H' 'S' 0x01 hosts_db ver1
6 HOST COUNT 0x00000001 1 host follows
8 HOST HEADER 'H' 'S' 'T' 0x03 host ver3
9 ADDRESS FAMILY 0x04 Either 4 or 6.
10 IPv4 ADDR 0x0A010101 IPv4 10.1.1.1
12 IPv6 ADDR 0x0000 0000 0000 0000 0000 0000 0000 0001
14 MACADDR 0x001122334455 00:11:22:33:44:55
15 LASTSEEN 0x0000000048000123 (time_t) 2008-04-12 00:24:03 UTC
16 HOSTNAME 0x09 "localhost" 9 is the string length
17 IN 0x0000000000123456 Bytes in: 1193046
18 OUT 0x0000000000789ABC Bytes out: 7903932
19 PROTOS DATA 'P' start ip proto data
20 IP PROTO COUNT 0x03 3 ip_proto entries
22 IN 0x0000000000123456 Bytes in: 1193046
23 OUT 0x0000000000789ABC Bytes out: 7903932
25 IN 0x0000000000000444 Bytes in: 1092
26 OUT 0x0000000000000555 Bytes out: 1365
28 IN 0x0000000000000001 Bytes in: 1
29 OUT 0x0000000000000002 Bytes out: 2
30 TCP DATA 'T' start tcp proto data
31 TCP PROTO COUNT 0x0001 1 tcp_proto entry
32 PORT 0x0050 http (port 80)
33 SYN COUNT 0x0000000000000003 SYNs: 3
34 IN 0x0000000000000001 Bytes in: 1
35 OUT 0x0000000000000002 Bytes out: 2
36 UDP DATA 'U' start udp proto data
37 UDP PROTO COUNT 0x0001 1 udp_proto entry
38 PORT 0x0045 tftp (port 69)
39 IN 0x0000000000000001 Bytes in: 1
40 OUT 0x0000000000000002 Bytes out: 2
41 SECTION HEADER 0xDA 'G' 'R' 0x01 graph_db ver1
42 LAST_TIME (time_t as 64-bit uint)
43 For each of 4 graphs: (60 seconds, 60 minutes, 24 hours, 31 days)
44 8 bits - number of bars in this graph
45 8 bits - index of last_time bar, in the range [0:n_bars)
50 Host header version 1 is just version 2 without the lastseen time.
52 Host header version 2 is just version 3 without the address family
53 byte (or the possibility of an IPv6 address).
projects / darkstat-debian / blob