Right now src_ip and dest_ip contain sub fields:

"src_ip":{"IP":"127.0.0.1","Port":54660,"Zone":""}
"dest_ip":"127.0.0.1:3333"

We should have a src_ip, src_port, and dst_ip, dst_port. We may actually consider not having dst_ip at all since it'll be the same for the sinkhole. Instead we should probably include a sinkhole instance name / ID in the json so that if we're running more than one sinkhole we can tell them apart in the logs.

dest_name is the "Host:" header provided by the client