Zeek's conn.log provides foundational data about every connection on your network — the who, what, when, and where of your packets. It allows network and security teams to find things like unusual flows, unexpected protocols, and policy-prohibited connections, and comes with a UID that lets analysts pivot straight into the Layer 7 details for deeper investigation.
uid
A unique identifier created on a per-connection basis that serves as a pivot key directly into all associated Layer 7 logs
service
The Layer 7 protocol detected on the connection — based on packet payload instead of port mappings
orig_bytes/resp_bytes
How much data was sent and received on the connection
duration
How long the connection remained alive