Filename: pcap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.8609230518 seconds
Hash: 0f0adbae5bcd51f66d489fc47ab4b586
Uploaded: 1557306856

Logfiles


packet_stats.log - (15429 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1         69706773       69706773      69706773         69.7m    1.02
 IPv4       2            14          3633136       66147847      24298407        340.2m    5.00
 IPv4       6            38          2203777       74332059      54878980          2.1b   30.62
 IPv4      17           120          4168503       70258463      35954499          4.3b   63.36
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1            91216          91216         91216         91.2k    0.13
TMM_FLOWWORKER              IPv4       2            14            90356         166037        104233          1.5m    2.12
TMM_FLOWWORKER              IPv4       6            38            83483        1519648        320993         12.2m   17.71
TMM_FLOWWORKER              IPv4      17           120           119576       10069803        450952         54.1m   78.55
TMM_RECEIVEPCAPFILE         IPv4       1             1             3443           3443          3443          3.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            14             2547           2879          2782         39.0k    0.06
TMM_RECEIVEPCAPFILE         IPv4       6            36             2541           3660          2932        105.6k    0.15
TMM_RECEIVEPCAPFILE         IPv4      17           120             2538           3635          2797        335.7k    0.49
TMM_DECODEPCAPFILE          IPv4       1             1            20373          20373         20373         20.4k    0.03
TMM_DECODEPCAPFILE          IPv4       2            14             2656          10815          3393         47.5k    0.07
TMM_DECODEPCAPFILE          IPv4       6            36             2653          17010          3266        117.6k    0.17
TMM_DECODEPCAPFILE          IPv4      17           120             2660          18643          2981        357.7k    0.52

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            36             2833          16155          3707        133.5k  0.22  
flow                    IPv4      17           120             2802          33083          4278        513.5k  0.83  
stream                  IPv4       6            38             2614        1210436         47129          1.8m  2.89  
app-layer               IPv4      17           120             2521         429720         10253          1.2m  1.99  
detect                  IPv4       1             1            85602          85602         85602         85.6k  0.14  
detect                  IPv4       2            14            84694         160420         98398          1.4m  2.22  
detect                  IPv4       6            38            45749        1307243        241677          9.2m  14.83 
detect                  IPv4      17           120           103061       10045091        395850         47.5m  76.70 
tcp-prune               IPv4       6            38             2554           9330          3087        117.3k  0.19  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             3402          28442         15922         31.8k  14.52 
dns                     IPv4      17            35             3508          19696          5356        187.5k  85.48 
Proto detect            IPv4      17            43             3071          30404          5507        236.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            34            28479         873637         64353          2.2m  84.80 
LOGGER_JSON_HTTP            IPv4       6             2            62720         102569         82644        165.3k  6.41  
LOGGER_JSON_FILE            IPv4       6             3            60110         103927         75636        226.9k  8.79  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1             8973           8973          8973         9.0k  0.28  
payload                           IPv4       6            18             2630          93675         25319       455.8k  14.39 
payload                           IPv4      17           120             3152          50339          9193         1.1m  34.83 
stream                            IPv4       6            18             2544         444317         53482       962.7k  30.39 
http_uri                          IPv4       6             2             8009          19120         13564        27.1k  0.86  
http_request_line                 IPv4       6             2             6257           7612          6934        13.9k  0.44  
http_client_body                  IPv4       6             3             3090          37094         14603        43.8k  1.38  
http_header (request)             IPv4       6             2            31115          46617         38866        77.7k  2.45  
http_header (request trailer)     IPv4       6             2             2875           3323          3099         6.2k  0.20  
http_header_names (request)       IPv4       6             2            12072          13326         12699        25.4k  0.80  
http_accept (request)             IPv4       6             2             3216           5056          4136         8.3k  0.26  
http_referer (request)            IPv4       6             2             2862           3608          3235         6.5k  0.20  
http_content_len (request)        IPv4       6             2             3968           4894          4431         8.9k  0.28  
http_content_type (request)       IPv4       6             2             3413          12763          8088        16.2k  0.51  
http_protocol (request)           IPv4       6             2             4638           5883          5260        10.5k  0.33  
http_start (request)              IPv4       6             2             8929          13963         11446        22.9k  0.72  
http_raw_header (request)         IPv4       6             3             5373          10329          7633        22.9k  0.72  
http_method                       IPv4       6             2             6299           7611          6955        13.9k  0.44  
http_cookie (request)             IPv4       6             2             3116           3908          3512         7.0k  0.22  
http_raw_uri                      IPv4       6             2             3919           5899          4909         9.8k  0.31  
http_user_agent                   IPv4       6             2             3235          17938         10586        21.2k  0.67  
http_host                         IPv4       6             2             4280           4741          4510         9.0k  0.28  
dns_query                         IPv4      17            17             3459          13225          6006       102.1k  3.22  
http_response_line                IPv4       6             3             5935           9424          8124        24.4k  0.77  
http_header (response)            IPv4       6             2            28699          47700         38199        76.4k  2.41  
http_header (response trailer)    IPv4       6             2             2651           3005          2828         5.7k  0.18  
http_content_type (response)      IPv4       6             2             3491          10196          6843        13.7k  0.43  
http_raw_header (response)        IPv4       6             6             4091           9152          6154        36.9k  1.17  
http_cookie (response)            IPv4       6             2             3041           3210          3125         6.3k  0.20  
http_stat_code                    IPv4       6             2             3383           4544          3963         7.9k  0.25  
file_data (http response)         IPv4       6             4             2604           4470          3092        12.4k  0.39  
Total                             IPv4                   235                                         13478         3.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             1            21489          21489         21489         21.5k  0.04  
PROF_DETECT_IPONLY          IPv4       2            14            36663         101730         45749        640.5k  1.05  
PROF_DETECT_IPONLY          IPv4       6             6            17157          46239         37565        225.4k  0.37  
PROF_DETECT_IPONLY          IPv4      17            43            37092        9829345        279449         12.0m  19.72 
PROF_DETECT_RULES           IPv4       1             1             2564           2564          2564          2.6k  0.00  
PROF_DETECT_RULES           IPv4       2            14             2544           2920          2655         37.2k  0.06  
PROF_DETECT_RULES           IPv4       6            38             2792        1020277        108428          4.1m  6.76  
PROF_DETECT_RULES           IPv4      17           120            44289         691482        127093         15.3m  25.03 
PROF_DETECT_STATEFUL_START    IPv4       6            10             5141         510341        144866          1.4m  2.38  
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             2548           2548          2548          2.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2514           3369          2715         38.0k  0.06  
PROF_DETECT_STATEFUL_CONT    IPv4       6            38             2520          19997          6222        236.4k  0.39  
PROF_DETECT_STATEFUL_CONT    IPv4      17           120             2510          49812          4425        531.0k  0.87  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            23             2574           3195          2726         62.7k  0.10  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            34             2600           3886          2865         97.4k  0.16  
PROF_DETECT_PREFILTER       IPv4       1             1            24615          24615         24615         24.6k  0.04  
PROF_DETECT_PREFILTER       IPv4       2            14             7782          17205          9605        134.5k  0.22  
PROF_DETECT_PREFILTER       IPv4       6            38             7878         630727         77151          2.9m  4.81  
PROF_DETECT_PREFILTER       IPv4      17           120            23681        9923741        119898         14.4m  23.61 
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            14245          14245         14245         14.2k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv4       6            18            23916         496793         86574          1.6m  2.56  
PROF_DETECT_PF_PAYLOAD      IPv4      17           120             8263          55743         14459          1.7m  2.85  
PROF_DETECT_PF_TX           IPv4       6            23             2566         203302         34415        791.6k  1.30  
PROF_DETECT_PF_TX           IPv4      17            17             8644         393000         34127        580.2k  0.95  
PROF_DETECT_PF_SORT1        IPv4       6            18             2577          16499          3874         69.7k  0.11  
PROF_DETECT_PF_SORT1        IPv4      17           120             2577           8279          3461        415.4k  0.68  
PROF_DETECT_PF_SORT2        IPv4       1             1             2538           2538          2538          2.5k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            14             2528           3373          2740         38.4k  0.06  
PROF_DETECT_PF_SORT2        IPv4       6            38             2544           6043          3041        115.6k  0.19  
PROF_DETECT_PF_SORT2        IPv4      17           120             2542          23681          3083        370.0k  0.61  
PROF_DETECT_NONMPMLIST      IPv4       1             1             2610           2610          2610          2.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2529           3919          2815         39.4k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       6            38             2560           4049          2880        109.5k  0.18  
PROF_DETECT_NONMPMLIST      IPv4      17           120             2523          16236          2895        347.5k  0.57  
PROF_DETECT_ALERT           IPv4       1             1             2764           2764          2764          2.8k  0.00  
PROF_DETECT_ALERT           IPv4       2            14             2536           3107          2702         37.8k  0.06  
PROF_DETECT_ALERT           IPv4       6            38             2517          29752          5173        196.6k  0.32  
PROF_DETECT_ALERT           IPv4      17           120             2529           3949          2658        319.0k  0.52  
PROF_DETECT_CLEANUP         IPv4       1             1             2560           2560          2560          2.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            14             2514           3544          2639         36.9k  0.06  
PROF_DETECT_CLEANUP         IPv4       6            38             2575          12355          3166        120.3k  0.20  
PROF_DETECT_CLEANUP         IPv4      17           120             2518           6452          2845        341.4k  0.56  
PROF_DETECT_GETSGH          IPv4       1             1             2770           2770          2770          2.8k  0.00  
PROF_DETECT_GETSGH          IPv4       2            14             2533           3491          2790         39.1k  0.06  
PROF_DETECT_GETSGH          IPv4       6            38             2529           6746          3251        123.5k  0.20  
PROF_DETECT_GETSGH          IPv4      17           120             2523         390254         10918          1.3m  2.15  


suricata-report-2019-05-08-T-09-14-38-05082019.0914-pcap.pcap.txt - (17429 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0f0adbae5bcd51f66d489fc47ab4b58656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05082019.0914-pcap.pcap -vvv -k none
elapsedtime:20.882668
stderr:
stdout:
8/5/2019 -- 09:14:17 - <Info> - Configuration node 'rule-files' redefined.
8/5/2019 -- 09:14:17 - <Notice> - This is Suricata version 4.0.0 RELEASE
8/5/2019 -- 09:14:17 - <Info> - CPUs/cores online: 1
8/5/2019 -- 09:14:17 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31441 and 'request-body-inspect-window' set to 15960 after randomization.
8/5/2019 -- 09:14:17 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33149 and 'response-body-inspect-window' set to 16854 after randomization.
8/5/2019 -- 09:14:17 - <Config> - DNS request flood protection level: 500
8/5/2019 -- 09:14:17 - <Config> - DNS per flow memcap (state-memcap): 524288
8/5/2019 -- 09:14:17 - <Config> - DNS global memcap: 16777216
8/5/2019 -- 09:14:17 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
8/5/2019 -- 09:14:17 - <Config> - preallocated 1000 hosts of size 136
8/5/2019 -- 09:14:17 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
8/5/2019 -- 09:14:17 - <Config> - using magic-file /usr/share/file/magic
8/5/2019 -- 09:14:17 - <Config> - Core dump size is unlimited.
8/5/2019 -- 09:14:17 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
8/5/2019 -- 09:14:17 - <Config> - preallocated 1000 defrag trackers of size 168
8/5/2019 -- 09:14:17 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
8/5/2019 -- 09:14:17 - <Config> - stream "prealloc-sessions": 2048 (per thread)
8/5/2019 -- 09:14:17 - <Config> - stream "memcap": 33554432
8/5/2019 -- 09:14:17 - <Config> - stream "midstream" session pickups: disabled
8/5/2019 -- 09:14:17 - <Config> - stream "async-oneside": disabled
8/5/2019 -- 09:14:17 - <Config> - stream "checksum-validation": disabled
8/5/2019 -- 09:14:17 - <Config> - stream."inline": disabled
8/5/2019 -- 09:14:17 - <Config> - stream "bypass": disabled
8/5/2019 -- 09:14:17 - <Config> - stream "max-synack-queued": 5
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly "memcap": 134217728
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly "depth": 0
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly "toserver-chunk-size": 2477
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly "toclient-chunk-size": 2483
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly.raw: enabled
8/5/2019 -- 09:14:17 - <Config> - stream.reassembly "segment-prealloc": 2048
8/5/2019 -- 09:14:17 - <Config> - Delayed detect disabled
8/5/2019 -- 09:14:17 - <Config> - pattern matchers: MPM: ac, SPM: bm
8/5/2019 -- 09:14:17 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
8/5/2019 -- 09:14:17 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
8/5/2019 -- 09:14:17 - <Config> - prefilter engines: MPM
8/5/2019 -- 09:14:17 - <Config> - IP reputation disabled
8/5/2019 -- 09:14:17 - <Perf> - Registered 148 keyword profiling counters.
8/5/2019 -- 09:14:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
8/5/2019 -- 09:14:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
8/5/2019 -- 09:14:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
8/5/2019 -- 09:14:22 - <Config> - No rules loaded from ET-icmp.rules.
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
8/5/2019 -- 09:14:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
8/5/2019 -- 09:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
8/5/2019 -- 09:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
8/5/2019 -- 09:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
8/5/2019 -- 09:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
8/5/2019 -- 09:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
8/5/2019 -- 09:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
8/5/2019 -- 09:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
8/5/2019 -- 09:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
8/5/2019 -- 09:14:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
8/5/2019 -- 09:14:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
8/5/2019 -- 09:14:29 - <Config> - No rules loaded from local.rules.
8/5/2019 -- 09:14:29 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
8/5/2019 -- 09:14:30 - <Info> - Threshold config parsed: 0 rule(s) found
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tcp-packet
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tcp-stream
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for udp-packet
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for other-ip
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_uri
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_request_line
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_client_body
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_response_line
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_header
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_header
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_header_names
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_header_names
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_accept
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_accept_enc
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_accept_lang
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_referer
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_connection
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_content_len
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_content_len
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_content_type
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_content_type
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_protocol
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_protocol
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_start
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_start
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_raw_header
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_raw_header
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_method
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_cookie
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_cookie
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_raw_uri
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_user_agent
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_host
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_raw_host
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_stat_msg
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_stat_code
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for dns_query
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tls_sni
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tls_cert_issuer
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tls_cert_subject
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for tls_cert_serial
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for dce_stub_data
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for dce_stub_data
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for ssh_protocol
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for ssh_protocol
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for ssh_software
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for ssh_software
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for file_data
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for file_data
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_request_line
8/5/2019 -- 09:14:30 - <Perf> - using shared mpm ctx' for http_response_line
8/5/2019 -- 09:14:30 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
8/5/2019 -- 09:14:30 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
8/5/2019 -- 09:14:30 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
8/5/2019 -- 09:14:30 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
8/5/2019 -- 09:14:30 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
8/5/2019 -- 09:14:30 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
8/5/2019 -- 09:14:30 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
8/5/2019 -- 09:14:30 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
8/5/2019 -- 09:14:34 - <Perf> - Unique rule groups: 104
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toserver TCP packet": 35
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toclient TCP packet": 17
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toserver TCP stream": 33
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toclient TCP stream": 19
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toserver UDP packet": 27
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "toclient UDP packet": 17
8/5/2019 -- 09:14:34 - <Perf> - Builtin MPM "other IP packet": 3
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_uri": 14
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_request_line": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_client_body": 6
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_response_line": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_header": 10
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_header": 6
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_header_names": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_accept": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_referer": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_content_len": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_content_type": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_content_type": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_protocol": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_start": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_method": 5
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_cookie": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_cookie": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver http_host": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver dns_query": 4
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver tls_sni": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toserver file_data": 1
8/5/2019 -- 09:14:34 - <Perf> - AppLayer MPM "toclient file_data": 7
8/5/2019 -- 09:14:37 - <Perf> - Registered 39590 rule profiling counters.
8/5/2019 -- 09:14:37 - <Info> - fast output device (regular) initialized: alert
8/5/2019 -- 09:14:37 - <Info> - eve-log output device (regular) initialized: eve.json
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'alert'
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'http'
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'dns'
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'tls'
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'files'
8/5/2019 -- 09:14:37 - <Config> - enabling 'eve-log' module 'ssh'
8/5/2019 -- 09:14:37 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
8/5/2019 -- 09:14:37 - <Info> - stats output device (regular) initialized: stats.log
8/5/2019 -- 09:14:37 - <Config> - AutoFP mode using "Hash" flow load balancer
8/5/2019 -- 09:14:37 - <Info> - reading pcap file /var/pcap/05082019.0914-pcap.pcap
8/5/2019 -- 09:14:37 - <Config> - using 1 flow manager threads
8/5/2019 -- 09:14:37 - <Config> - using 1 flow recycler threads
8/5/2019 -- 09:14:37 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
8/5/2019 -- 09:14:37 - <Info> - pcap file end of file

This file has been truncated. Go here to download in full.


stats.log - (2837 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 5/8/2019 -- 09:14:38 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 192
decoder.bytes                              | Total                     | 28988
decoder.ipv4                               | Total                     | 171
decoder.ethernet                           | Total                     | 192
decoder.tcp                                | Total                     | 36
decoder.udp                                | Total                     | 120
decoder.icmpv4                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 150
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 26
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 12
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 10
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 12
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 17
app_layer.tx.dns_udp                       | Total                     | 17
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 9994
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075744


eve.json - (13719 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{"timestamp":"2019-05-07T08:58:18.226768+0000","flow_id":324962739713488,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.56.107","src_port":64426,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":25001,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:18.455038+0000","flow_id":324962739713488,"pcap_cnt":95,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":64426,"proto":"UDP","dns":{"type":"answer","id":25001,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:20.052648+0000","flow_id":664941613600168,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.56.107","src_port":60940,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42948,"rrname":"c.9.a.3.7.d.4.2.d.4.2.4.c.a.8.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:20.098050+0000","flow_id":1222473465757442,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.56.107","src_port":65327,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39725,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:20.295598+0000","flow_id":664941613600168,"pcap_cnt":98,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":60940,"proto":"UDP","dns":{"type":"answer","id":42948,"rcode":"NOERROR","rrname":"c.9.a.3.7.d.4.2.d.4.2.4.c.a.8.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:20.327100+0000","flow_id":1222473465757442,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":65327,"proto":"UDP","dns":{"type":"answer","id":39725,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:21.139869+0000","flow_id":147367989682781,"pcap_cnt":100,"event_type":"dns","src_ip":"192.168.56.107","src_port":65137,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13711,"rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:21.392557+0000","flow_id":147367989682781,"pcap_cnt":101,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":65137,"proto":"UDP","dns":{"type":"answer","id":13711,"rcode":"NOERROR","rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:28.359110+0000","flow_id":1924221730323142,"pcap_cnt":102,"event_type":"dns","src_ip":"192.168.56.107","src_port":59778,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42261,"rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:28.360169+0000","flow_id":1509765976194793,"pcap_cnt":103,"event_type":"dns","src_ip":"192.168.56.107","src_port":60498,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33930,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:28.590141+0000","flow_id":1509765976194793,"pcap_cnt":104,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":60498,"proto":"UDP","dns":{"type":"answer","id":33930,"rcode":"NOERROR","rrname":"110.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:28.608596+0000","flow_id":1924221730323142,"pcap_cnt":105,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":59778,"proto":"UDP","dns":{"type":"answer","id":42261,"rcode":"NOERROR","rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:28.616947+0000","flow_id":781775461968371,"pcap_cnt":106,"event_type":"dns","src_ip":"192.168.56.107","src_port":53328,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7701,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:28.867189+0000","flow_id":781775461968371,"pcap_cnt":107,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":53328,"proto":"UDP","dns":{"type":"answer","id":7701,"rcode":"NOERROR","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:36.801694+0000","flow_id":1952480468155294,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.56.107","src_port":58682,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55820,"rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:36.802307+0000","flow_id":2138156199329283,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.56.107","src_port":64832,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56778,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:37.031009+0000","flow_id":2138156199329283,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":64832,"proto":"UDP","dns":{"type":"answer","id":56778,"rcode":"NOERROR","rrname":"102.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:37.041149+0000","flow_id":1952480468155294,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":58682,"proto":"UDP","dns":{"type":"answer","id":55820,"rcode":"NOERROR","rrname":"2.b.3.e.7.4.f.3.7.5.d.0.a.d.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:39.565554+0000","flow_id":1476744120882332,"pcap_cnt":139,"event_type":"http","src_ip":"192.168.56.107","src_port":49176,"dest_ip":"217.163.23.19","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"217.163.23.19","url":"\/file\/ms17-010.ps1"}}
{"timestamp":"2019-05-07T08:58:39.817064+0000","flow_id":1598770584188840,"pcap_cnt":140,"event_type":"dns","src_ip":"192.168.56.107","src_port":55642,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14428,"rrname":"19.23.163.217.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:40.164896+0000","flow_id":1598770584188840,"pcap_cnt":141,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":55642,"proto":"UDP","dns":{"type":"answer","id":14428,"rcode":"NOERROR","rrname":"19.23.163.217.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:41.461476+0000","flow_id":1476744120882332,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"217.163.23.19","src_port":80,"dest_ip":"192.168.56.107","dest_port":49176,"proto":"TCP","http":{"hostname":"217.163.23.19","url":"\/file\/ms17-010.ps1","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":10671},"app_proto":"http","fileinfo":{"filename":"\/file\/ms17-010.ps1","gaps":false,"state":"CLOSED","stored":false,"size":10671,"tx_id":0}}
{"timestamp":"2019-05-07T08:58:41.737276+0000","flow_id":1476744120882332,"pcap_cnt":147,"event_type":"http","src_ip":"192.168.56.107","src_port":49176,"dest_ip":"217.163.23.19","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"217.163.23.19","url":"\/test\/","http_content_type":"text\/html"}}
{"timestamp":"2019-05-07T08:58:41.737276+0000","flow_id":1476744120882332,"pcap_cnt":147,"event_type":"fileinfo","src_ip":"192.168.56.107","src_port":49176,"dest_ip":"217.163.23.19","dest_port":80,"proto":"TCP","http":{"hostname":"217.163.23.19","url":"\/test\/","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":7},"app_proto":"http","fileinfo":{"filename":"\/test\/","gaps":false,"state":"CLOSED","stored":false,"size":112,"tx_id":1}}
{"timestamp":"2019-05-07T08:58:45.817342+0000","flow_id":2011806852020414,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.107","src_port":61724,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46452,"rrname":"8.2.d.2.a.8.6.8.b.e.0.4.c.9.c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:45.817779+0000","flow_id":1352739825482355,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.56.107","src_port":56345,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9403,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:46.047687+0000","flow_id":1352739825482355,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":56345,"proto":"UDP","dns":{"type":"answer","id":9403,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:46.062250+0000","flow_id":2011806852020414,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":61724,"proto":"UDP","dns":{"type":"answer","id":46452,"rcode":"NOERROR","rrname":"8.2.d.2.a.8.6.8.b.e.0.4.c.9.c.7.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:46.543099+0000","flow_id":1476744120882332,"pcap_cnt":153,"event_type":"fileinfo","src_ip":"217.163.23.19","src_port":80,"dest_ip":"192.168.56.107","dest_port":49176,"proto":"TCP","http":{"hostname":"217.163.23.19","url":"\/test\/","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":7},"app_proto":"http","fileinfo":{"filename":"\/test\/","gaps":false,"state":"CLOSED","stored":false,"size":7,"tx_id":1}}
{"timestamp":"2019-05-07T08:58:58.802862+0000","flow_id":1172832236224558,"pcap_cnt":156,"event_type":"dns","src_ip":"192.168.56.107","src_port":59152,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37557,"rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:58.803252+0000","flow_id":1108888763122100,"pcap_cnt":157,"event_type":"dns","src_ip":"192.168.56.107","src_port":55472,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7245,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:58:59.033708+0000","flow_id":1108888763122100,"pcap_cnt":158,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":55472,"proto":"UDP","dns":{"type":"answer","id":7245,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:58:59.049960+0000","flow_id":1172832236224558,"pcap_cnt":159,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":59152,"proto":"UDP","dns":{"type":"answer","id":37557,"rcode":"NOERROR","rrname":"7.3.f.a.1.6.1.d.7.6.0.1.9.2.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:59:22.812032+0000","flow_id":832020140418048,"pcap_cnt":169,"event_type":"dns","src_ip":"192.168.56.107","src_port":62074,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59719,"rrname":"250.255.255.239.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:59:23.042563+0000","flow_id":832020140418048,"pcap_cnt":172,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":62074,"proto":"UDP","dns":{"type":"answer","id":59719,"rcode":"NOERROR","rrname":"250.255.255.239.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:59:29.833162+0000","flow_id":1294753474918026,"pcap_cnt":182,"event_type":"dns","src_ip":"192.168.56.107","src_port":61603,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44929,"rrname":"105.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:59:29.834144+0000","flow_id":2136272859675232,"pcap_cnt":183,"event_type":"dns","src_ip":"192.168.56.107","src_port":62589,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62352,"rrname":"c.6.7.2.0.d.f.5.d.0.e.a.1.c.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-05-07T08:59:30.061213+0000","flow_id":1294753474918026,"pcap_cnt":184,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":61603,"proto":"UDP","dns":{"type":"answer","id":44929,"rcode":"NOERROR","rrname":"105.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-05-07T08:59:30.076375+0000","flow_id":2136272859675232,"pcap_cnt":185,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":62589,"proto":"UDP","dns":{"type":"answer","id":62352,"rcode":"NOERROR","rrname":"c.6.7.2.0.d.f.5.d.0.e.a.1.c.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}


keyword_perf.log - (11940 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/8/2019 -- 09:14:38
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            31552           11              11              3826            2868.00         2868.00         0.00           
  flow             294132          87              87              10525           3380.00         3380.00         0.00           
  threshold        51514           11              0               14978           4683.00         0.00            4683.00        
  content          1264404         355             229             32696           3561.00         3458.00         3749.00        
  pcre             312082          28              2               43587           11145.00        12685.00        11027.00       
  byte_test        512839          149             69              77746           3441.00         4254.00         2740.00        
  byte_jump        18637           6               6               4308            3106.00         3106.00         0.00           
  flowbits         39541           9               4               14354           4393.00         6216.00         2935.00        
  urilen           7213            2               0               4397            3606.00         0.00            3606.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            31552           11              11              3826            2868.00         2868.00         0.00           
  flow             294132          87              87              10525           3380.00         3380.00         0.00           
  flowbits         17740           6               1               3536            2956.00         3065.00         2935.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          758243          226             143             24833           3355.00         3098.00         3797.00        
  pcre             124569          14              0               43587           8897.00         0.00            8897.00        
  byte_test        512839          149             69              77746           3441.00         4254.00         2740.00        
  byte_jump        18637           6               6               4308            3106.00         3106.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         21801           3               3               14354           7267.00         7267.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        51514           11              0               14978           4683.00         0.00            4683.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          64477           18              2               4500            3582.00         4077.00         3520.00        
  pcre             32174           3               0               11031           10724.00        0.00            10724.00       
  urilen           7213            2               0               4397            3606.00         0.00            3606.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          107393          27              17              5464            3977.00         3828.00         4231.00        
  pcre             100164          7               0               27130           14309.00        0.00            14309.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6131            2               0               3245            3065.00         0.00            3065.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3387            1               0               3387            3387.00         0.00            3387.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          222522          61              51              4857            3647.00         3698.00         3391.00        
  pcre             55175           4               2               20596           13793.00        12685.00        14902.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          71020           11              10              32696           6456.00         6535.00         5662.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10911           3               3               4126            3637.00         3637.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9836            3               2               3892            3278.00         3383.00         3069.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10484           3               1               3973            3494.00         3973.00         3255.00        


suricata-4.0.0-etpro-all-perf.txt-2019-05-08-T-09-14-38-05082019.0914-pcap.pcap.txt - (18389 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/8/2019 -- 09:14:38. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        811587       6.38   6        0        504606      135264.50   0.00        135264.50  
  2        2014703      1        9        691490       5.44   34       0        396323      20337.94    0.00        20337.94   
  3        2019017      1        3        408015       3.21   6        0        393917      68002.50    0.00        68002.50   
  4        2023617      1        3        473994       3.73   36       0        384597      13166.50    0.00        13166.50   
  5        2013075      1        8        328683       2.59   17       0        284881      19334.29    0.00        19334.29   
  6        2009702      1        5        457359       3.60   34       0        93848       13451.74    0.00        13451.74   
  7        2821615      1        2        72843        0.57   1        0        72843       72843.00    0.00        72843.00   
  8        2016537      1        2        229809       1.81   8        1        72208       28726.12    72208.00    22514.43   
  9        2810991      1        4        62469        0.49   1        0        62469       62469.00    0.00        62469.00   
  10       2816165      1        5        113768       0.89   2        0        61312       56884.00    0.00        56884.00   
  11       2829644      1        1        57358        0.45   1        0        57358       57358.00    0.00        57358.00   
  12       2820186      1        2        53188        0.42   1        0        53188       53188.00    0.00        53188.00   
  13       2021068      1        2        87978        0.69   2        2        50868       43989.00    43989.00    0.00       
  14       2011912      1        7        48302        0.38   1        0        48302       48302.00    0.00        48302.00   
  15       2826256      1        2        85202        0.67   2        0        47521       42601.00    0.00        42601.00   
  16       2010140      1        7        609428       4.79   108      0        47103       5642.85     0.00        5642.85    
  17       2829607      1        1        46342        0.36   1        0        46342       46342.00    0.00        46342.00   
  18       2830124      1        1        46202        0.36   1        0        46202       46202.00    0.00        46202.00   
  19       2819785      1        2        52645        0.41   2        0        42656       26322.50    0.00        26322.50   
  20       2810982      1        3        41803        0.33   1        0        41803       41803.00    0.00        41803.00   
  21       2816055      1        2        41272        0.32   1        0        41272       41272.00    0.00        41272.00   
  22       2829335      1        2        40459        0.32   1        0        40459       40459.00    0.00        40459.00   
  23       2820889      1        2        38776        0.30   1        0        38776       38776.00    0.00        38776.00   
  24       2809636      1        6        38595        0.30   1        0        38595       38595.00    0.00        38595.00   
  25       2024771      1        1        84615        0.67   6        0        38164       14102.50    0.00        14102.50   
  26       2808681      1        4        38037        0.30   1        0        38037       38037.00    0.00        38037.00   
  27       2008117      1        3        96514        0.76   22       0        37935       4387.00     0.00        4387.00    
  28       2001569      1        15       185473       1.46   11       11       37166       16861.18    16861.18    0.00       
  29       2823521      1        2        37025        0.29   1        0        37025       37025.00    0.00        37025.00   
  30       2023083      1        2        36801        0.29   1        0        36801       36801.00    0.00        36801.00   
  31       2828317      1        1        36790        0.29   1        0        36790       36790.00    0.00        36790.00   
  32       2828060      1        4        36679        0.29   1        0        36679       36679.00    0.00        36679.00   
  33       2022504      1        6        35460        0.28   1        0        35460       35460.00    0.00        35460.00   
  34       2814883      1        3        34624        0.27   1        0        34624       34624.00    0.00        34624.00   
  35       2830035      1        2        34270        0.27   1        0        34270       34270.00    0.00        34270.00   
  36       2825196      1        1        34172        0.27   1        0        34172       34172.00    0.00        34172.00   
  37       2816726      1        2        32777        0.26   1        0        32777       32777.00    0.00        32777.00   
  38       2816672      1        2        32482        0.26   1        0        32482       32482.00    0.00        32482.00   
  39       2012627      1        3        32375        0.25   1        0        32375       32375.00    0.00        32375.00   
  40       2023618      1        3        113837       0.90   32       0        32089       3557.41     0.00        3557.41    
  41       2024513      1        5        31913        0.25   1        0        31913       31913.00    0.00        31913.00   
  42       2802881      1        3        31092        0.24   1        0        31092       31092.00    0.00        31092.00   
  43       2811474      1        2        30992        0.24   1        0        30992       30992.00    0.00        30992.00   
  44       2802880      1        3        59688        0.47   2        0        30417       29844.00    0.00        29844.00   
  45       2024848      1        2        30231        0.24   1        0        30231       30231.00    0.00        30231.00   
  46       2828986      1        2        29852        0.23   1        0        29852       29852.00    0.00        29852.00   
  47       2008120      1        4        351108       2.76   108      0        29553       3251.00     0.00        3251.00    
  48       2828877      1        1        62542        0.49   12       0        29387       5211.83     0.00        5211.83    
  49       2017259      1        12       29188        0.23   1        0        29188       29188.00    0.00        29188.00   
  50       2025162      1        2        29093        0.23   1        0        29093       29093.00    0.00        29093.00   
  51       2021038      1        4        28650        0.23   1        0        28650       28650.00    0.00        28650.00   
  52       2022198      1        2        55603        0.44   2        0        28542       27801.50    0.00        27801.50   
  53       2014133      1        4        28430        0.22   1        0        28430       28430.00    0.00        28430.00   
  54       2806132      1        3        28030        0.22   1        0        28030       28030.00    0.00        28030.00   
  55       2822100      1        2        27936        0.22   1        0        27936       27936.00    0.00        27936.00   
  56       2809850      1        2        135777       1.07   8        0        27907       16972.12    0.00        16972.12   
  57       2809267      1        8        27875        0.22   1        0        27875       27875.00    0.00        27875.00   
  58       2803760      1        3        267224       2.10   17       0        27754       15719.06    0.00        15719.06   
  59       2819993      1        2        27690        0.22   1        0        27690       27690.00    0.00        27690.00   
  60       2806310      1        3        27536        0.22   1        0        27536       27536.00    0.00        27536.00   
  61       2816713      1        2        27438        0.22   1        0        27438       27438.00    0.00        27438.00   
  62       2829848      1        2        26991        0.21   1        0        26991       26991.00    0.00        26991.00   
  63       2811711      1        2        25916        0.20   1        0        25916       25916.00    0.00        25916.00   
  64       2826281      1        2        251279       1.98   17       0        24882       14781.12    0.00        14781.12   
  65       2012707      1        5        43846        0.34   2        0        23543       21923.00    0.00        21923.00   
  66       2827580      1        7        23248        0.18   1        0        23248       23248.00    0.00        23248.00   
  67       2009243      1        2        186267       1.47   57       0        22696       3267.84     0.00        3267.84    
  68       2017552      1        6        129068       1.02   8        0        22550       16133.50    0.00        16133.50   
  69       2014701      1        12       372190       2.93   34       0        22541       10946.76    0.00        10946.76   
  70       2801224      1        6        22447        0.18   1        0        22447       22447.00    0.00        22447.00   
  71       2014380      1        4        38462        0.30   2        0        22441       19231.00    0.00        19231.00   
  72       2806959      1        2        21913        0.17   1        0        21913       21913.00    0.00        21913.00   
  73       2023316      1        2        21395        0.17   1        0        21395       21395.00    0.00        21395.00   
  74       2806921      1        3        20990        0.17   1        0        20990       20990.00    0.00        20990.00   
  75       2023612      1        4        132093       1.04   44       0        20075       3002.11     0.00        3002.11    
  76       2023615      1        3        94839        0.75   30       0        18562       3161.30     0.00        3161.30    
  77       2805141      1        4        44609        0.35   11       0        17395       4055.36     0.00        4055.36    
  78       2023621      1        4        112818       0.89   38       0        16932       2968.89     0.00        2968.89    
  79       2014702      1        9        277308       2.18   34       0        16489       8156.12     0.00        8156.12    
  80       2012236      1        2        30050        0.24   6        0        16432       5008.33     0.00        5008.33    
  81       2819882      1        2        14829        0.12   1        0        14829       14829.00    0.00        14829.00   
  82       2823937      1        13       14744        0.12   1        0        14744       14744.00    0.00        14744.00   
  83       2023623      1        3        93850        0.74   32       0        13560       2932.81     0.00        2932.81    
  84       2010143      1        3        395547       3.11   108      0        13088       3662.47     0.00        3662.47    
  85       2023613      1        3        107977       0.85   38       0        12878       2841.50     0.00        2841.50    
  86       2022914      1        1        50799        0.40   6        0        9771        8466.50     0.00        8466.50    
  87       2805211      1        1        49544        0.39   6        0        9666        8257.33     0.00        8257.33    
  88       2810793      1        5        7715         0.06   2        0        4444        3857.50     0.00        3857.50    
  89       2008420      1        4        7537         0.06   2        0        4253        3768.50     0.00        3768.50    
  90       2810794      1        5        4237         0.03   1        0        4237        4237.00     0.00        4237.00    
  91       2811445      1        4        4173         0.03   1        0        4173        4173.00     0.00        4173.00    
  92       2811447      1        2        9409         0.07   3        0        4017        3136.33     0.00        3136.33    
  93       2010643      1        3        7094         0.06   2        0        3953        3547.00     0.00        3547.00    
  94       2008118      1        3        150508       1.18   57       0        3951        2640.49     0.00        2640.49    
  95       2102523      1        8        35688        0.28   12       0        3846        2974.00     0.00        2974.00    
  96       2100540      1        12       13152        0.10   4        0        3756        3288.00     0.00        3288.00    
  97       2016323      1        1        35450        0.28   12       0        3739        2954.17     0.00        2954.17    
  98       2023625      1        3        242181       1.90   92       0        3702        2632.40     0.00        2632.40    
  99       2802205      1        3        23655        0.19   8        0        3650        2956.88     0.00        2956.88    
  100      2802081      1        1        94643        0.74   34       0        3572        2783.62     0.00        2783.62    
  101      2025200      1        1        93308        0.73   34       0        3523        2744.35     0.00        2744.35    
  102      2008116      1        4        22976        0.18   8        0        3516        2872.00     0.00        2872.00    
  103      2810801      1        5        6066         0.05   2        0        3508        3033.00     0.00        3033.00    
  104      2823788      1        4        49322        0.39   17       0        3479        2901.29     0.00        2901.29    
  105      2023626      1        3        221437       1.74   86       0        3417        2574.85     0.00        2574.85    
  106      2023627      1        3        172192       1.35   66       0        3396        2608.97     0.00        2608.97    
  107      2102523      1        8        3376         0.03   1        0        3376        3376.00     0.00        3376.00    
  108      2013739      1        15       192404       1.51   74       0        3353        2600.05     0.00        2600.05    
  109      2023622      1        3        291472       2.29   112      0        3350        2602.43     0.00        2602.43    
  110      2802026      1        1        48960        0.39   18       0        3345        2720.00     0.00        2720.00    
  111      2013926      1        8        3339         0.03   1        0        3339        3339.00     0.00        3339.00    
  112      2804586      1        2        3315         0.03   1        0        3315        3315.00     0.00        3315.00    
  113      2019010      1        3        17216        0.14   6        0        3314        2869.33     0.00        2869.33    
  114      2828748      1        2        31809        0.25   12       0        3313        2650.75     0.00        2650.75    
  115      2016363      1        2        31795        0.25   12       0        3308        2649.58     0.00        2649.58    
  116      2808116      1        1        3290         0.03   1        0        3290        3290.00     0.00        3290.00    
  117      2828876      1        1        15221        0.12   5        0        3284        3044.20     0.00        3044.20    
  118      2014704      1        7        3284         0.03   1        0        3284        3284.00     0.00        3284.00    
  119      2811120      1        1        3277         0.03   1        0        3277        3277.00     0.00        3277.00    
  120      2019011      1        3        16922        0.13   6        0        3271        2820.33     0.00        2820.33    
  121      2101734      1        36       3269         0.03   1        0        3269        3269.00     0.00        3269.00    
  122      2804589      1        3        3267         0.03   1        0        3267        3267.00     0.00        3267.00    
  123      2023620      1        3        183841       1.45   71       0        3263        2589.31     0.00        2589.31    
  124      2100518      1        8        22636        0.18   8        0        3263        2829.50     0.00        2829.50    
  125      2802822      1        1        61

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-05-08 09:14:16,634 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-08 09:14:17,397 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-08 09:14:17,397 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-08 09:14:17,397 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-08 09:14:17,398 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-08 09:14:17,398 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0f0adbae5bcd51f66d489fc47ab4b58656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05082019.0914-pcap.pcap -vvv -k none
2019-05-08 09:14:38,283 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-08 09:14:38,284 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.6649401188