Microsoft-Windows-Kernel-Network
22 events across 1 channel
Event ID 10 — TCPv4: size bytes transmitted from saddr:sport to daddr:dport.
Description
TCPv4: size bytes transmitted from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
startime UInt32 | — |
endtime UInt32 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "10",
"version": "0",
"level": "4",
"task": "10",
"opcode": "10",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:36.423105900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4168",
"thread_id": "6844"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4168",
"size": " 1007",
"daddr": "10.2.20.41",
"saddr": "10.2.10.21",
"dport": "5044",
"sport": "50993",
"startime": " 5775532",
"endtime": " 5775532",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 11 — TCPv4: size bytes received from saddr:sport to daddr:dport.
Description
TCPv4: size bytes received from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "11",
"version": "0",
"level": "4",
"task": "10",
"opcode": "11",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:36.423344200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4168",
"thread_id": "6844"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4168",
"size": " 6",
"daddr": "10.2.20.41",
"saddr": "10.2.10.21",
"dport": "5044",
"sport": "50993",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 12 — TCPv4: Connection attempted between saddr:sport and daddr:dport.
Description
TCPv4: Connection attempted between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
mss UInt16 | — |
sackopt UInt16 | — |
tsopt UInt16 | — |
wsopt UInt16 | — |
rcvwin UInt32 | — |
rcvwinscale UInt16 | — |
sndwinscale UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "12",
"version": "0",
"level": "4",
"task": "10",
"opcode": "12",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:40.246626600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "0",
"thread_id": "0"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 3688",
"size": " 0",
"daddr": "13.89.179.13",
"saddr": "10.2.10.21",
"dport": "443",
"sport": "52999",
"mss": "1440",
"sackopt": "1",
"tsopt": "0",
"wsopt": "1",
"rcvwin": " 263520",
"rcvwinscale": "8",
"sndwinscale": "8",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 13 — TCPv4: Connection closed between saddr:sport and daddr:dport.
Description
TCPv4: Connection closed between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "13",
"version": "0",
"level": "4",
"task": "10",
"opcode": "13",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:38.733385600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4",
"thread_id": "7444"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4",
"size": " 0",
"daddr": "10.2.10.11",
"saddr": "10.2.10.21",
"dport": "51201",
"sport": "5985",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 14 — TCPv4: size bytes retransmitted from saddr:sport to daddr:dport.
Event ID 15 — TCPv4: Connection established between saddr:sport and daddr:dport.
Description
TCPv4: Connection established between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
mss UInt16 | — |
sackopt UInt16 | — |
tsopt UInt16 | — |
wsopt UInt16 | — |
rcvwin UInt32 | — |
rcvwinscale UInt16 | — |
sndwinscale UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "15",
"version": "0",
"level": "4",
"task": "10",
"opcode": "15",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:38.720184400+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "0",
"thread_id": "0"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4",
"size": " 0",
"daddr": "10.2.10.11",
"saddr": "10.2.10.21",
"dport": "51201",
"sport": "5985",
"mss": "1460",
"sackopt": "1",
"tsopt": "0",
"wsopt": "1",
"rcvwin": " 2098020",
"rcvwinscale": "8",
"sndwinscale": "8",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 16 — TCPv4: Reconnect attempt between saddr:sport and daddr:dport.
Description
TCPv4: Reconnect attempt between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "16",
"version": "0",
"level": "4",
"task": "10",
"opcode": "16",
"keywords": 9223372036854775824,
"time_created": "2026-03-15T23:31:42.718082500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "0",
"thread_id": "0"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 10852",
"size": " 0",
"daddr": "10.2.10.21",
"saddr": "10.2.10.11",
"dport": "389",
"sport": "51269",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 17 — TCPv4: Connection attempt failed with error code FailureCode.
Description
TCPv4: Connection attempt failed with error code FailureCode.
Message #
Fields #
| Name | Description |
|---|---|
Proto UInt16 | — |
FailureCode UInt16 | — NTSTATUS reference |
Event ID 18 — TCPv4: size bytes copied in protocol on behalf of user for connection between saddr:sport and daddr:dport.
Description
TCPv4: size bytes copied in protocol on behalf of user for connection between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "18",
"version": "0",
"level": "4",
"task": "10",
"opcode": "18",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:36.423184700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4168",
"thread_id": "6844"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4168",
"size": " 6",
"daddr": "10.2.20.41",
"saddr": "10.2.10.21",
"dport": "5044",
"sport": "50993",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 26 — TCPv6: size bytes transmitted from saddr:sport to daddr:dport.
Description
TCPv6: size bytes transmitted from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
startime UInt32 | — |
endtime UInt32 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "26",
"version": "0",
"level": "4",
"task": "10",
"opcode": "10",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:28:22.399794900+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4",
"thread_id": "272"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4",
"size": " 73",
"daddr": "::1",
"saddr": "::1",
"dport": "445",
"sport": "51218",
"startime": " 6703694",
"endtime": " 6703694",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 27 — TCPv6: size bytes received from saddr:sport to daddr:dport.
Description
TCPv6: size bytes received from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "27",
"version": "0",
"level": "4",
"task": "10",
"opcode": "11",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:27:51.302752300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "7780",
"thread_id": "14004"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 7780",
"size": " 0",
"daddr": "::1",
"saddr": "::1",
"dport": "51180",
"sport": "1500",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 28 — TCPv6: Connection attempted between saddr:sport and daddr:dport.
Description
TCPv6: Connection attempted between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
mss UInt16 | — |
sackopt UInt16 | — |
tsopt UInt16 | — |
wsopt UInt16 | — |
rcvwin UInt32 | — |
rcvwinscale UInt16 | — |
sndwinscale UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "28",
"version": "0",
"level": "4",
"task": "10",
"opcode": "12",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:28:22.399638500+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4",
"thread_id": "11356"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4",
"size": " 0",
"daddr": "::1",
"saddr": "::1",
"dport": "445",
"sport": "51218",
"mss": "65475",
"sackopt": "1",
"tsopt": "0",
"wsopt": "1",
"rcvwin": " 2160675",
"rcvwinscale": "8",
"sndwinscale": "8",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 29 — TCPv6: Connection closed between saddr:sport and daddr:dport.
Description
TCPv6: Connection closed between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "29",
"version": "0",
"level": "4",
"task": "10",
"opcode": "13",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:27:51.302774600+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "7780",
"thread_id": "14004"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 7780",
"size": " 0",
"daddr": "::1",
"saddr": "::1",
"dport": "51180",
"sport": "1500",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 30 — TCPv6: size bytes retransmitted from saddr:sport to daddr:dport.
Event ID 31 — TCPv6: Connection established between saddr:sport and daddr:dport.
Description
TCPv6: Connection established between saddr:sport and daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
mss UInt16 | — |
sackopt UInt16 | — |
tsopt UInt16 | — |
wsopt UInt16 | — |
rcvwin UInt32 | — |
rcvwinscale UInt16 | — |
sndwinscale UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "31",
"version": "0",
"level": "4",
"task": "10",
"opcode": "15",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:28:22.399678700+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "4",
"thread_id": "11356"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 4",
"size": " 0",
"daddr": "::1",
"saddr": "::1",
"dport": "51218",
"sport": "445",
"mss": "65475",
"sackopt": "1",
"tsopt": "0",
"wsopt": "1",
"rcvwin": " 2160675",
"rcvwinscale": "8",
"sndwinscale": "8",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 32 — TCPv6: Reconnect attempt between saddr:sport and daddr:dport.
Event ID 34 — TCPv6: size bytes copied in protocol on behalf of user for connection between saddr:sport and daddr:dport.
Event ID 42 — UDPv4: size bytes transmitted from saddr:sport to daddr:dport.
Description
UDPv4: size bytes transmitted from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "42",
"version": "0",
"level": "4",
"task": "11",
"opcode": "42",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:40.078247000+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "228",
"thread_id": "8220"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 228",
"size": " 63",
"daddr": "10.2.10.11",
"saddr": "10.2.10.21",
"dport": "53",
"sport": "53893",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 43 — UDPv4: size bytes received from saddr:sport to daddr:dport.
Description
UDPv4: size bytes received from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr UInt32 | — |
saddr UInt32 | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "43",
"version": "0",
"level": "4",
"task": "11",
"opcode": "43",
"keywords": 9223372036854775824,
"time_created": "2026-03-16T00:21:40.117095100+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "0",
"thread_id": "0"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 228",
"size": " 186",
"daddr": "10.2.10.21",
"saddr": "10.2.10.11",
"dport": "53893",
"sport": "53",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 49 — UDPv4: Connection attempt failed with error code FailureCode.
Description
UDPv4: Connection attempt failed with error code FailureCode.
Message #
Fields #
| Name | Description |
|---|---|
Proto UInt16 | — |
FailureCode UInt16 | — NTSTATUS reference |
Event ID 58 — UDPv6: size bytes transmitted from saddr:sport to daddr:dport.
Description
UDPv6: size bytes transmitted from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "58",
"version": "0",
"level": "4",
"task": "11",
"opcode": "42",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:32:35.808545200+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "11184",
"thread_id": "1192"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 11184",
"size": " 90",
"daddr": "::1",
"saddr": "::1",
"dport": "53",
"sport": "52668",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}
Event ID 59 — UDPv6: size bytes received from saddr:sport to daddr:dport.
Description
UDPv6: size bytes received from saddr:sport to daddr:dport.
Message #
Fields #
| Name | Description |
|---|---|
PID UInt32 | — |
size UInt32 | — |
daddr Binary | — |
saddr Binary | — |
dport UInt16 | — |
sport UInt16 | — |
seqnum UInt32 | — |
connid UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-Kernel-Network",
"guid": "{7dd42a49-5329-4832-8dfd-43d979153a88}",
"event_source_name": "",
"event_id": "59",
"version": "0",
"level": "4",
"task": "11",
"opcode": "43",
"keywords": 9223372036854775840,
"time_created": "2026-03-15T23:32:35.808665300+00:00",
"event_record_id": 0,
"correlation": {
"ActivityID": "{00000000-0000-0000-0000-000000000000}"
},
"execution": {
"process_id": "11184",
"thread_id": "1192"
},
"channel": "Microsoft-Windows-Kernel-Network/Analytic",
"computer": "",
"security": {
"user_id": ""
}
},
"event_data": {
"PID": " 2680",
"size": " 90",
"daddr": "::1",
"saddr": "::1",
"dport": "53",
"sport": "52668",
"seqnum": " 0",
"connid": " 0"
},
"message": ""
}