Filename: b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.9928450584 seconds
Hash: 14e483efeb5e9ef703eb618f9961ba31
Uploaded: 1574069911

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-11-18-T-09-38-54-11182019.0938-b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap.txt - (34391 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:38:54. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        1535684      5.23   13       0        515104      118129.54   0.00        118129.54  
  2        2010140      1        7        2090140      7.11   204      0        458466      10245.78    0.00        10245.78   
  3        2019016      1        3        572640       1.95   32       0        428256      17895.00    0.00        17895.00   
  4        2802205      1        3        481776       1.64   41       0        292546      11750.63    0.00        11750.63   
  5        2021749      1        6        249438       0.85   1        0        249438      249438.00   0.00        249438.00  
  6        2814978      1        2        174772       0.59   3        0        164736      58257.33    0.00        58257.33   
  7        2814979      1        2        174010       0.59   3        0        162854      58003.33    0.00        58003.33   
  8        2018005      1        6        176784       0.60   4        0        158328      44196.00    0.00        44196.00   
  9        2022049      1        3        152694       0.52   1        1        152694      152694.00   152694.00   0.00       
  10       2822213      1        2        142412       0.48   4        0        127612      35603.00    0.00        35603.00   
  11       2022054      1        3        127366       0.43   1        0        127366      127366.00   0.00        127366.00  
  12       2816910      1        2        121028       0.41   1        0        121028      121028.00   0.00        121028.00  
  13       2022220      1        2        120718       0.41   1        0        120718      120718.00   0.00        120718.00  
  14       2022503      1        2        107010       0.36   1        0        107010      107010.00   0.00        107010.00  
  15       2816909      1        2        105398       0.36   1        0        105398      105398.00   0.00        105398.00  
  16       2816940      1        2        100068       0.34   1        0        100068      100068.00   0.00        100068.00  
  17       2025064      1        5        98100        0.33   1        0        98100       98100.00    0.00        98100.00   
  18       2816356      1        2        257346       0.88   4        0        96210       64336.50    0.00        64336.50   
  19       2822979      1        3        95052        0.32   1        0        95052       95052.00    0.00        95052.00   
  20       2820851      1        5        94188        0.32   1        0        94188       94188.00    0.00        94188.00   
  21       2018958      1        18       88754        0.30   1        0        88754       88754.00    0.00        88754.00   
  22       2815254      1        7        239146       0.81   3        0        83742       79715.33    0.00        79715.33   
  23       2011894      1        19       82084        0.28   1        0        82084       82084.00    0.00        82084.00   
  24       2022339      1        2        79980        0.27   1        0        79980       79980.00    0.00        79980.00   
  25       2816929      1        4        76512        0.26   1        0        76512       76512.00    0.00        76512.00   
  26       2823855      1        7        75768        0.26   1        0        75768       75768.00    0.00        75768.00   
  27       2023315      1        2        75474        0.26   1        0        75474       75474.00    0.00        75474.00   
  28       2018358      1        7        74302        0.25   1        0        74302       74302.00    0.00        74302.00   
  29       2816930      1        4        73802        0.25   1        0        73802       73802.00    0.00        73802.00   
  30       2016726      1        6        72572        0.25   1        0        72572       72572.00    0.00        72572.00   
  31       2023670      1        3        69944        0.24   1        1        69944       69944.00    69944.00    0.00       
  32       2019881      1        3        68894        0.23   1        0        68894       68894.00    0.00        68894.00   
  33       2022609      1        2        67752        0.23   1        0        67752       67752.00    0.00        67752.00   
  34       2024767      1        2        67546        0.23   1        0        67546       67546.00    0.00        67546.00   
  35       2819673      1        4        67398        0.23   1        0        67398       67398.00    0.00        67398.00   
  36       2816327      1        4        66892        0.23   1        0        66892       66892.00    0.00        66892.00   
  37       2018452      1        15       65598        0.22   1        0        65598       65598.00    0.00        65598.00   
  38       2022502      1        4        171374       0.58   4        0        65270       42843.50    0.00        42843.50   
  39       2816525      1        10       65176        0.22   1        0        65176       65176.00    0.00        65176.00   
  40       2815817      1        5        64654        0.22   1        0        64654       64654.00    0.00        64654.00   
  41       2024771      1        1        168384       0.57   3        0        63896       56128.00    0.00        56128.00   
  42       2828122      1        2        63528        0.22   1        0        63528       63528.00    0.00        63528.00   
  43       2821615      1        2        217340       0.74   4        0        63296       54335.00    0.00        54335.00   
  44       2017567      1        3        62170        0.21   1        0        62170       62170.00    0.00        62170.00   
  45       2018789      1        3        130280       0.44   3        0        62094       43426.67    0.00        43426.67   
  46       2815324      1        2        62086        0.21   1        0        62086       62086.00    0.00        62086.00   
  47       2809859      1        6        61300        0.21   1        0        61300       61300.00    0.00        61300.00   
  48       2022207      1        4        61190        0.21   1        0        61190       61190.00    0.00        61190.00   
  49       2816526      1        13       60506        0.21   1        0        60506       60506.00    0.00        60506.00   
  50       2810607      1        8        142422       0.48   3        0        59304       47474.00    0.00        47474.00   
  51       2828675      1        2        64142        0.22   2        1        59230       32071.00    59230.00    4912.00    
  52       2023875      1        2        59042        0.20   1        0        59042       59042.00    0.00        59042.00   
  53       2020496      1        2        152640       0.52   3        0        58262       50880.00    0.00        50880.00   
  54       2018496      1        9        57828        0.20   1        0        57828       57828.00    0.00        57828.00   
  55       2019344      1        5        57230        0.19   1        0        57230       57230.00    0.00        57230.00   
  56       2816925      1        3        56006        0.19   1        0        56006       56006.00    0.00        56006.00   
  57       2830124      1        1        55422        0.19   1        0        55422       55422.00    0.00        55422.00   
  58       2816165      1        5        170256       0.58   4        0        53610       42564.00    0.00        42564.00   
  59       2012707      1        5        132608       0.45   3        0        53604       44202.67    0.00        44202.67   
  60       2018457      1        1        52694        0.18   1        0        52694       52694.00    0.00        52694.00   
  61       2014701      1        12       282886       0.96   12       0        51950       23573.83    0.00        23573.83   
  62       2815886      1        2        51688        0.18   1        0        51688       51688.00    0.00        51688.00   
  63       2018010      1        5        51196        0.17   1        0        51196       51196.00    0.00        51196.00   
  64       2805260      1        4        50410        0.17   1        0        50410       50410.00    0.00        50410.00   
  65       2022543      1        1        153096       0.52   5        0        49384       30619.20    0.00        30619.20   
  66       2017613      1        9        49122        0.17   1        0        49122       49122.00    0.00        49122.00   
  67       2812916      1        6        49064        0.17   1        0        49064       49064.00    0.00        49064.00   
  68       2009702      1        5        283442       0.96   12       0        48996       23620.17    0.00        23620.17   
  69       2018981      1        4        47984        0.16   1        0        47984       47984.00    0.00        47984.00   
  70       2828986      1        2        47940        0.16   1        0        47940       47940.00    0.00        47940.00   
  71       2025162      1        2        47766        0.16   1        0        47766       47766.00    0.00        47766.00   
  72       2827147      1        2        47594        0.16   1        0        47594       47594.00    0.00        47594.00   
  73       2829644      1        1        47260        0.16   1        0        47260       47260.00    0.00        47260.00   
  74       2020388      1        8        47256        0.16   1        0        47256       47256.00    0.00        47256.00   
  75       2016858      1        10       47230        0.16   1        0        47230       47230.00    0.00        47230.00   
  76       2022842      1        5        72542        0.25   2        0        46868       36271.00    0.00        36271.00   
  77       2816924      1        4        46860        0.16   1        0        46860       46860.00    0.00        46860.00   
  78       2022262      1        3        46408        0.16   1        0        46408       46408.00    0.00        46408.00   
  79       2827279      1        5        124370       0.42   4        0        46202       31092.50    0.00        31092.50   
  80       2809850      1        2        88000        0.30   2        0        46178       44000.00    0.00        44000.00   
  81       2816660      1        3        46026        0.16   1        0        46026       46026.00    0.00        46026.00   
  82       2829848      1        2        45976        0.16   1        0        45976       45976.00    0.00        45976.00   
  83       2018242      1        5        45730        0.16   1        0        45730       45730.00    0.00        45730.00   
  84       2015781      1        2        45688        0.16   1        0        45688       45688.00    0.00        45688.00   
  85       2018983      1        7        45528        0.15   1        0        45528       45528.00    0.00        45528.00   
  86       2820031      1        2        45270        0.15   1        0        45270       45270.00    0.00        45270.00   
  87       2816922      1        5        45108        0.15   1        0        45108       45108.00    0.00        45108.00   
  88       2020295      1        6        134604       0.46   3        0        45046       44868.00    0.00        44868.00   
  89       2816931      1        3        45036        0.15   1        0        45036       45036.00    0.00        45036.00   
  90       2019693      1        5        45016        0.15   1        0        45016       45016.00    0.00        45016.00   
  91       2809667      1        2        44872        0.15   1        0        44872       44872.00    0.00        44872.00   
  92       2816328      1        5        44836        0.15   1        0        44836       44836.00    0.00        44836.00   
  93       2826256      1        2        151460       0.52   4        0        44572       37865.00    0.00        37865.00   
  94       2816927      1        3        44402        0.15   1        0        44402       44402.00    0.00        44402.00   
  95       2816928      1        3        44110        0.15   1        0        44110       44110.00    0.00        44110.00   
  96       2828823      1        2        43898        0.15   1        0        43898       43898.00    0.00        43898.00   
  97       2013739      1        15       1035090      3.52   197      0        43642       5254.26     0.00        5254.26    
  98       2802990      1        5        59380        0.20   2        0        42014       29690.00    0.00        29690.00   
  99       2826281      1        2        197572       0.67   7        0        41980       28224.57    0.00        28224.57   
  100      2828008      1        2        115626       0.39   4        0        41342       28906.50    0.00        28906.50   
  101      2803760      1        3        198766       0.68   7        0        40044       28395.14    0.00        28395.14   
  102      2819931      1        2        39112        0.13   1        0        39112       39112.00    0.00        39112.00   
  103      2830036      1        1        108250       0.37   3        0        38710       36083.33    0.00        36083.33   
  104      2017552      1        6        283032       0.96   10       0        37934       28303.20    0.00        28303.20   
  105      2014702      1        9        204428       0.70   12       0        37596       17035.67    0.00        17035.67   
  106      2021248      1        7        42068        0.14   2        0        37032       21034.00    0.00        21034.00   
  107      2823663      1        3        36990        0.13   1        0        36990       36990.00    0.00        36990.00   
  108      2012612      1        16       146240       0.50   4        0        36792       36560.00    0.00        36560.00   
  109      2007880      1        7        108160       0.37   3        0        36784       36053.33    0.00        36053.33   
  110      2815201      1        2        36760        0.13   1        0        36760       36760.00    0.00        36760.00   
  111      2021266      1        2        41444        0.14   2        0        36100       20722.00    0.00        20722.00   
  112      2830035      1        2        36054        0.12   1        0        36054       36054.00    0.00        36054.00   
  113      2024178      1        2        35996        0.12   1        0        35996       35996.00    0.00        35996.00   
  114      2020380      1        3        35860        0.12   1        0        35860       35860.00    0.00        35860.00   
  115      2021267      1        2        42174        0.14   2        0        35698       21087.00    0.00        21087.00   
  116      2829607      1        1        35682        0.12   1        0        35682       35682.00    0.00        35682.00   
  117      2804626      1        9        35432        0.12   1        0        35432       35432.00    0.00        35432.00   
  118      2016223      1        10       35352        0.12   1        0        35352       35352.00    0.00        35352.00   
  119      2020705      1        4        35268        0.12   1        0        35268       35268.00    0.00        35268.00   
  120      2816831      1        2        35254        0.12   1        0        35254       35254.00    0.00        35254.00   
  121      2806659      1        4        104336       0.36   3        0        35212       34778.67    0.00        34778.67   
  122      2017694      1        6        35158        0.12   1        0        35158       35158.00    0.00        35158.00   
  123      2003657      1        18       35142        0.12   1        0        35142       35142.00    0.00        35142.00   
  124      2809267      1        8        35132        0.12   1        0        35132       35132.00    0.00        35132.00   
  125      2820592      1        3        

This file has been truncated. Go here to download in full.


packet_stats.log - (19682 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             1          9857408        9857408       9857408          9.9m    0.04
 IPv4       6            62           175916      140321378     100145210          6.2b   24.14
 IPv4      17           123         11469412      142168754      79833947          9.8b   38.17
 IPv6      17            86         11055448      144688610      94392912          8.1b   31.56
 IPv6      58            19         10197002      126752550      82462665          1.6b    6.09
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             1           335568         335568        335568        335.6k    0.24
TMM_FLOWWORKER              IPv4       6            62           116750        7516266        585191         36.3m   25.77
TMM_FLOWWORKER              IPv4      17           123           206564        1867870        376175         46.3m   32.87
TMM_RECEIVEPCAPFILE         IPv4       2             1            15610          15610         15610         15.6k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6            58             4444          21400          5095        295.5k    0.21
TMM_RECEIVEPCAPFILE         IPv4      17           123             4468           6384          4766        586.3k    0.42
TMM_DECODEPCAPFILE          IPv4       2             1            20086          20086         20086         20.1k    0.01
TMM_DECODEPCAPFILE          IPv4       6            58             4576          11818          4951        287.2k    0.20
TMM_DECODEPCAPFILE          IPv4      17           123             4580           5760          4776        587.6k    0.42
TMM_FLOWWORKER              IPv6      17            86           187050       24776736        576585         49.6m   35.23
TMM_FLOWWORKER              IPv6      58            19           114436        2596838        287155          5.5m    3.88
TMM_RECEIVEPCAPFILE         IPv6      17            86             4470           6390          4821        414.7k    0.29
TMM_RECEIVEPCAPFILE         IPv6      58            19             4480           5684          4802         91.2k    0.06
TMM_DECODEPCAPFILE          IPv6      17            86             4588          12058          4831        415.5k    0.30
TMM_DECODEPCAPFILE          IPv6      58            19             4668          36074          6496        123.4k    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            58             4742          18642          5838        338.6k  0.27  
flow                    IPv4      17           123             4758          24154          5957        732.8k  0.58  
stream                  IPv4       6            62             5272        1136952         54663          3.4m  2.68  
app-layer               IPv4      17           123             4428         434584         11994          1.5m  1.17  
detect                  IPv4       2             1           309268         309268        309268        309.3k  0.24  
detect                  IPv4       6            62            77586        6928932        475686         29.5m  23.34 
detect                  IPv4      17           123           178836         944680        322688         39.7m  31.41 
tcp-prune               IPv4       6            62             4464          21712          5325        330.2k  0.26  
flow                    IPv6      17            86             4778          15930          6012        517.0k  0.41  
flow                    IPv6      58            19             4764          31020          6699        127.3k  0.10  
app-layer               IPv6      17            86             4432          49070          8800        756.9k  0.60  
detect                  IPv6      17            86           159362       24736888        542183         46.6m  36.90 
detect                  IPv6      58            19            95714         532610        135453          2.6m  2.04  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7             5156          22392         10558         73.9k  10.17 
http                    IPv4      17             6            13306          77568         41702        250.2k  34.44 
tls                     IPv4       6             2             6056           6172          6114         12.2k  1.68  
tls                     IPv4      17             1             5754           5754          5754          5.8k  0.79  
dns                     IPv4      17            12             6876          27602         10221        122.7k  16.88 
http                    IPv6      17             6            13306          77568         41702        250.2k  34.44 
tls                     IPv6      17             2             5754           5754          5754         11.5k  1.58  
Proto detect            IPv4      17            29             4574          33006          8690        252.0k
Proto detect            IPv6      17            26             4776          33978          6718        174.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             2            17184         216290        116737        233.5k  8.40  
LOGGER_UNIFIED2             IPv4      17             2            20860         119558         70209        140.4k  5.05  
LOGGER_JSON_ALERT           IPv4      17             2            41670         395694        218682        437.4k  15.74 
LOGGER_JSON_DNS             IPv4      17            10            43584         150670         89286        892.9k  32.14 
LOGGER_JSON_HTTP            IPv4       6             4            56498         173596        105175        420.7k  15.14 
LOGGER_JSON_TLS             IPv4       6             1            90802          90802         90802         90.8k  3.27  
LOGGER_JSON_FILE            IPv4       6             4            56940         279130        140607        562.4k  20.25 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            28             4526         362518         76087         2.1m  20.60 
payload                           IPv4      17           123             5162         298962         17174         2.1m  20.43 
stream                            IPv4       6            28             4458         697186        109495         3.1m  29.65 
http_uri                          IPv4       6             4            14580          46816         28357       113.4k  1.10  
http_request_line                 IPv4       6             4             9764          11866         10595        42.4k  0.41  
http_client_body                  IPv4       6             4             5234           6022          5600        22.4k  0.22  
http_header (request)             IPv4       6             4            53092         136652         78836       315.3k  3.05  
http_header (request trailer)     IPv4       6             4             4506           4762          4618        18.5k  0.18  
http_header_names (request)       IPv4       6             4            22698          28726         24970        99.9k  0.97  
http_accept (request)             IPv4       6             4             5650           6294          5930        23.7k  0.23  
http_referer (request)            IPv4       6             4             5114          21370          9256        37.0k  0.36  
http_content_len (request)        IPv4       6             4             5262           5530          5373        21.5k  0.21  
http_content_type (request)       IPv4       6             4             5242           5518          5345        21.4k  0.21  
http_protocol (request)           IPv4       6             4             7424           8300          7840        31.4k  0.30  
http_start (request)              IPv4       6             4            14714          43616         23599        94.4k  0.91  
http_raw_header (request)         IPv4       6             4            17966          22986         20256        81.0k  0.78  
http_method                       IPv4       6             4             8410           9712          9162        36.7k  0.35  
http_cookie (request)             IPv4       6             4             5312          22496         11153        44.6k  0.43  
http_raw_uri                      IPv4       6             4             7446           9820          8330        33.3k  0.32  
http_user_agent                   IPv4       6             4            15138          57216         26895       107.6k  1.04  
http_host                         IPv4       6             4             8918          16048         11634        46.5k  0.45  
dns_query                         IPv4      17             5             9726          22124         13368        66.8k  0.65  
tls_sni                           IPv4       6             2             8878          10494          9686        19.4k  0.19  
http_response_line                IPv4       6             4            10160          15130         13426        53.7k  0.52  
http_header (response)            IPv4       6             4            51910          91748         75738       303.0k  2.93  
http_header (response trailer)    IPv4       6             4             4490           8750          5680        22.7k  0.22  
http_content_type (response)      IPv4       6             4             9844          19404         13282        53.1k  0.51  
http_raw_header (response)        IPv4       6             5             9406          21352         16279        81.4k  0.79  
http_cookie (response)            IPv4       6             4             5018          12766          8696        34.8k  0.34  
http_stat_code                    IPv4       6             4             6040          18338          9180        36.7k  0.36  
tls_cert_issuer                   IPv4       6             1            28690          28690         28690        28.7k  0.28  
tls_cert_subject                  IPv4       6             1            20172          20172         20172        20.2k  0.20  
tls_cert_serial                   IPv4       6             1             7474           7474          7474         7.5k  0.07  
file_data (http response)         IPv4       6             1            14810          14810         14810        14.8k  0.14  
Total                             IPv4                   291                                         31761         9.2m
payload                           IPv6      17            86             5316          73644         11132       957.4k  9.26  
payload                           IPv6      58            19             4834          26124          7343       139.5k  1.35  
Total                             IPv6                   105                                         10447         1.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             1           178070         178070        178070        178.1k  0.14  
PROF_DETECT_IPONLY          IPv4       6            10            13402         145706         55916        559.2k  0.44  
PROF_DETECT_IPONLY          IPv4      17            27            42112          83106         55983          1.5m  1.18  
PROF_DETECT_RULES           IPv4       2             1             4792           4792          4792          4.8k  0.00  
PROF_DETECT_RULES           IPv4       6            62             4458        6045164        226552         14.0m  11.00 
PROF_DETECT_RULES           IPv4      17           123            77150         753796        179976         22.1m  17.34 
PROF_DETECT_STATEFUL_START    IPv4       6            15             8930        3349950        318757          4.8m  3.75  
PROF_DETECT_STATEFUL_CONT    IPv4       2             1             4502           4502          4502          4.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6            62             4414          26190          8462        524.7k  0.41  
PROF_DETECT_STATEFUL_CONT    IPv4      17           123             4408          58040          5811        714.8k  0.56  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            40             4466           6996          4786        191.5k  0.15  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             4610           5028          4817         57.8k  0.05  
PROF_DETECT_PREFILTER       IPv4       2             1            21574          21574         21574         21.6k  0.02  
PROF_DETECT_PREFILTER       IPv4       6            62            13682         806964        160245          9.9m  7.78  
PROF_DETECT_PREFILTER       IPv4      17           123            41088         340012         58739          7.2m  5.66  
PROF_DETECT_PF_PAYLOAD      IPv4       6            28            22870         717278        199307          5.6m  4.37  
PROF_DETECT_PF_PAYLOAD      IPv4      17           123            14036         307860         26851          3.3m  2.59  
PROF_DETECT_PF_TX           IPv4       6            40             4496         525810         66216          2.6m  2.08  
PROF_DETECT_PF_TX           IPv4      17             7             4574          50998         20500        143.5k  0.11  
PROF_DETECT_PF_SORT1        IPv4       6            28             4502          16358          5796        162.3k  0.13  
PROF_DETECT_PF_SORT1        IPv4      17           123             4476           8872          5190        638.4k  0.50  
PROF_DETECT_PF_SORT2        IPv4       2             1             4738           4738          4738          4.7k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6            62             4442          52724          7383        457.8k  0.36  
PROF_DETECT_PF_SORT2        IPv4      17           123             4452          22216          5156        634.3k  0.50  
PROF_DETECT_NONMPMLIST      IPv4       2             1             4816           4816          4816          4.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6            62             4496           6070          4975        308.5k  0.24  
PROF_DETECT_NONMPMLIST      IPv4      17           123             4430          27102          5253        646.2k  0.51  
PROF_DETECT_ALERT           IPv4       2             1            26224          26224         26224         26.2k  0.02  
PROF_DETECT_ALERT           IPv4       6            62             4426          23928          5262        326.3k  0.26  
PROF_DETECT_ALERT           IPv4      17           123             4428          28620          4988        613.6k  0.48  
PROF_DETECT_CLEANUP      

This file has been truncated. Go here to download in full.


stats.log - (3289 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 11/18/2019 -- 09:38:54 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 365
decoder.bytes                              | Total                     | 38419
decoder.ipv4                               | Total                     | 182
decoder.ipv6                               | Total                     | 105
decoder.ethernet                           | Total                     | 365
decoder.tcp                                | Total                     | 58
decoder.udp                                | Total                     | 209
decoder.icmpv6                             | Total                     | 19
decoder.avg_pkt_size                       | Total                     | 105
decoder.max_pkt_size                       | Total                     | 1358
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 48
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 3
tcp.overlap                                | Total                     | 2
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 4
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 5
app_layer.tx.dns_udp                       | Total                     | 5
app_layer.flow.failed_udp                  | Total                     | 43
flow.spare                                 | Total                     | 9982
flow_mgr.flows_checked                     | Total                     | 6
flow_mgr.flows_notimeout                   | Total                     | 6
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65530
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (10986 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{"timestamp":"2018-05-08T12:35:07.515033+0000","flow_id":1967853510843353,"pcap_cnt":135,"event_type":"alert","src_ip":"192.168.100.166","src_port":55615,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2804346,"rev":4,"signature":"ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-05-08T12:35:07.515033+0000","flow_id":1967853510843353,"pcap_cnt":135,"event_type":"dns","src_ip":"192.168.100.166","src_port":55615,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13643,"rrname":"vhx666sast8487210.tuco-salamanca.dynamic-dns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-08T12:35:08.509925+0000","flow_id":1967853510843353,"pcap_cnt":138,"event_type":"alert","src_ip":"192.168.100.166","src_port":55615,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2804346,"rev":4,"signature":"ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-05-08T12:35:08.510124+0000","flow_id":1967853510843353,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":55615,"proto":"UDP","dns":{"type":"answer","id":13643,"rcode":"NOERROR","rrname":"vhx666sast8487210.tuco-salamanca.dynamic-dns.net","rrtype":"A","ttl":28,"rdata":"104.155.14.135"}}
{"timestamp":"2018-05-08T12:35:08.695125+0000","flow_id":2079879142886066,"pcap_cnt":148,"event_type":"http","src_ip":"192.168.100.166","src_port":49332,"dest_ip":"104.155.14.135","dest_port":25014,"proto":"TCP","tx_id":0,"http":{"hostname":"vhx666sast8487210.tuco-salamanca.dynamic-dns.net","url":"\/excx\/?25371462434","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2018-05-08T12:35:08.703756+0000","flow_id":917094056901900,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.100.166","src_port":53107,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36103,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-08T12:35:08.709375+0000","flow_id":917094056901900,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":53107,"proto":"UDP","dns":{"type":"answer","id":36103,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":184,"rdata":"172.217.23.132"}}
{"timestamp":"2018-05-08T12:35:08.743441+0000","flow_id":2079879142886066,"pcap_cnt":154,"event_type":"fileinfo","src_ip":"104.155.14.135","src_port":25014,"dest_ip":"192.168.100.166","dest_port":49332,"proto":"TCP","http":{"hostname":"vhx666sast8487210.tuco-salamanca.dynamic-dns.net","url":"\/excx\/?25371462434","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/www.google.com","length":330},"app_proto":"http","fileinfo":{"filename":"\/excx\/","gaps":false,"state":"CLOSED","stored":false,"size":456,"tx_id":0}}
{"timestamp":"2018-05-08T12:35:08.861619+0000","flow_id":963814711153846,"pcap_cnt":163,"event_type":"tls","src_ip":"192.168.100.166","src_port":49335,"dest_ip":"172.217.23.132","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=www.google.com","issuerdn":"C=US, O=Google Inc, CN=Google Internet Authority G2"}}
{"timestamp":"2018-05-08T12:35:14.104500+0000","flow_id":756805877798964,"pcap_cnt":199,"event_type":"dns","src_ip":"192.168.100.166","src_port":62088,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26128,"rrname":"crl.geotrust.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-08T12:35:14.124763+0000","flow_id":756805877798964,"pcap_cnt":200,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62088,"proto":"UDP","dns":{"type":"answer","id":26128,"rcode":"NOERROR","rrname":"crl.geotrust.com","rrtype":"CNAME","ttl":147,"rdata":"crl-ds.ws.symantec.com.edgekey.net"}}
{"timestamp":"2018-05-08T12:35:14.124763+0000","flow_id":756805877798964,"pcap_cnt":200,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62088,"proto":"UDP","dns":{"type":"answer","id":26128,"rcode":"NOERROR","rrname":"crl-ds.ws.symantec.com.edgekey.net","rrtype":"CNAME","ttl":12,"rdata":"e6845.dscb1.akamaiedge.net"}}
{"timestamp":"2018-05-08T12:35:14.124763+0000","flow_id":756805877798964,"pcap_cnt":200,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62088,"proto":"UDP","dns":{"type":"answer","id":26128,"rcode":"NOERROR","rrname":"e6845.dscb1.akamaiedge.net","rrtype":"A","ttl":19,"rdata":"23.37.37.163"}}
{"timestamp":"2018-05-08T12:35:14.431771+0000","flow_id":1922240958622354,"pcap_cnt":213,"event_type":"http","src_ip":"192.168.100.166","src_port":49386,"dest_ip":"23.37.37.163","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"crl.geotrust.com","url":"\/crls\/secureca.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl"}}
{"timestamp":"2018-05-08T12:35:19.385588+0000","flow_id":1692103726326324,"pcap_cnt":239,"event_type":"dns","src_ip":"192.168.100.166","src_port":62321,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49448,"rrname":"g.symcd.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-08T12:35:20.385056+0000","flow_id":1692103726326324,"pcap_cnt":248,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62321,"proto":"UDP","dns":{"type":"answer","id":49448,"rcode":"NOERROR","rrname":"g.symcd.com","rrtype":"CNAME","ttl":2830,"rdata":"ocsp-ds.ws.symantec.com.edgekey.net"}}
{"timestamp":"2018-05-08T12:35:20.385056+0000","flow_id":1692103726326324,"pcap_cnt":248,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62321,"proto":"UDP","dns":{"type":"answer","id":49448,"rcode":"NOERROR","rrname":"ocsp-ds.ws.symantec.com.edgekey.net","rrtype":"CNAME","ttl":3,"rdata":"e8218.dscb1.akamaiedge.net"}}
{"timestamp":"2018-05-08T12:35:20.385056+0000","flow_id":1692103726326324,"pcap_cnt":248,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":62321,"proto":"UDP","dns":{"type":"answer","id":49448,"rcode":"NOERROR","rrname":"e8218.dscb1.akamaiedge.net","rrtype":"A","ttl":18,"rdata":"23.37.43.27"}}
{"timestamp":"2018-05-08T12:35:21.947323+0000","flow_id":935102855570079,"pcap_cnt":267,"event_type":"http","src_ip":"192.168.100.166","src_port":49477,"dest_ip":"23.37.43.27","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"g.symcd.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2018-05-08T12:35:26.729500+0000","flow_id":1651653724742044,"pcap_cnt":303,"event_type":"dns","src_ip":"192.168.100.166","src_port":57494,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32795,"rrname":"g.symcb.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-05-08T12:35:26.752916+0000","flow_id":1651653724742044,"pcap_cnt":304,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":57494,"proto":"UDP","dns":{"type":"answer","id":32795,"rcode":"NOERROR","rrname":"g.symcb.com","rrtype":"CNAME","ttl":3376,"rdata":"crl-ds.ws.symantec.com.edgekey.net"}}
{"timestamp":"2018-05-08T12:35:26.752916+0000","flow_id":1651653724742044,"pcap_cnt":304,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":57494,"proto":"UDP","dns":{"type":"answer","id":32795,"rcode":"NOERROR","rrname":"crl-ds.ws.symantec.com.edgekey.net","rrtype":"CNAME","ttl":14,"rdata":"e6845.dscb1.akamaiedge.net"}}
{"timestamp":"2018-05-08T12:35:26.752916+0000","flow_id":1651653724742044,"pcap_cnt":304,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.166","dest_port":57494,"proto":"UDP","dns":{"type":"answer","id":32795,"rcode":"NOERROR","rrname":"e6845.dscb1.akamaiedge.net","rrtype":"A","ttl":19,"rdata":"23.37.37.163"}}
{"timestamp":"2018-05-08T12:35:27.056747+0000","flow_id":1615541639741380,"pcap_cnt":311,"event_type":"http","src_ip":"192.168.100.166","src_port":49579,"dest_ip":"23.37.37.163","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"g.symcb.com","url":"\/crls\/gtglobal.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl"}}
{"timestamp":"2018-05-08T12:35:51.845361+0000","flow_id":1615541639741380,"event_type":"fileinfo","src_ip":"23.37.37.163","src_port":80,"dest_ip":"192.168.100.166","dest_port":49579,"proto":"TCP","http":{"hostname":"g.symcb.com","url":"\/crls\/gtglobal.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":665},"app_proto":"http","fileinfo":{"filename":"\/crls\/gtglobal.crl","gaps":false,"state":"CLOSED","stored":false,"size":665,"tx_id":0}}
{"timestamp":"2018-05-08T12:35:51.845361+0000","flow_id":935102855570079,"event_type":"fileinfo","src_ip":"23.37.43.27","src_port":80,"dest_ip":"192.168.100.166","dest_port":49477,"proto":"TCP","http":{"hostname":"g.symcd.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1391},"app_proto":"http","fileinfo":{"filename":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACEAEAISWIsPpZp3fvBXtmJ98=","gaps":false,"state":"CLOSED","stored":false,"size":1391,"tx_id":0}}
{"timestamp":"2018-05-08T12:35:51.845361+0000","flow_id":1922240958622354,"event_type":"fileinfo","src_ip":"23.37.37.163","src_port":80,"dest_ip":"192.168.100.166","dest_port":49386,"proto":"TCP","http":{"hostname":"crl.geotrust.com","url":"\/crls\/secureca.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/pkix-crl","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":325},"app_proto":"http","fileinfo":{"filename":"\/crls\/secureca.crl","gaps":false,"state":"CLOSED","stored":false,"size":325,"tx_id":0}}


suricata-report-2019-11-18-T-09-38-54-11182019.0938-b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap.txt - (17977 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/14e483efeb5e9ef703eb618f9961ba3156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0938-b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap -vvv -k none
elapsedtime:22.032139
stderr:
stdout:
18/11/2019 -- 09:38:32 - <Info> - Configuration node 'rule-files' redefined.
18/11/2019 -- 09:38:32 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/11/2019 -- 09:38:32 - <Info> - CPUs/cores online: 1
18/11/2019 -- 09:38:32 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31974 and 'request-body-inspect-window' set to 16241 after randomization.
18/11/2019 -- 09:38:32 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31449 and 'response-body-inspect-window' set to 17019 after randomization.
18/11/2019 -- 09:38:32 - <Config> - DNS request flood protection level: 500
18/11/2019 -- 09:38:32 - <Config> - DNS per flow memcap (state-memcap): 524288
18/11/2019 -- 09:38:32 - <Config> - DNS global memcap: 16777216
18/11/2019 -- 09:38:32 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/11/2019 -- 09:38:32 - <Config> - preallocated 1000 hosts of size 136
18/11/2019 -- 09:38:32 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/11/2019 -- 09:38:32 - <Config> - using magic-file /usr/share/file/magic
18/11/2019 -- 09:38:32 - <Config> - Core dump size is unlimited.
18/11/2019 -- 09:38:32 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/11/2019 -- 09:38:32 - <Config> - preallocated 1000 defrag trackers of size 168
18/11/2019 -- 09:38:32 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/11/2019 -- 09:38:32 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/11/2019 -- 09:38:32 - <Config> - stream "memcap": 33554432
18/11/2019 -- 09:38:32 - <Config> - stream "midstream" session pickups: disabled
18/11/2019 -- 09:38:32 - <Config> - stream "async-oneside": disabled
18/11/2019 -- 09:38:32 - <Config> - stream "checksum-validation": disabled
18/11/2019 -- 09:38:32 - <Config> - stream."inline": disabled
18/11/2019 -- 09:38:32 - <Config> - stream "bypass": disabled
18/11/2019 -- 09:38:32 - <Config> - stream "max-synack-queued": 5
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly "memcap": 134217728
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly "depth": 0
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly "toserver-chunk-size": 2585
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly "toclient-chunk-size": 2659
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly.raw: enabled
18/11/2019 -- 09:38:32 - <Config> - stream.reassembly "segment-prealloc": 2048
18/11/2019 -- 09:38:32 - <Config> - Delayed detect disabled
18/11/2019 -- 09:38:32 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/11/2019 -- 09:38:32 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/11/2019 -- 09:38:32 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/11/2019 -- 09:38:32 - <Config> - prefilter engines: MPM
18/11/2019 -- 09:38:32 - <Config> - IP reputation disabled
18/11/2019 -- 09:38:32 - <Perf> - Registered 148 keyword profiling counters.
18/11/2019 -- 09:38:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/11/2019 -- 09:38:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/11/2019 -- 09:38:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/11/2019 -- 09:38:37 - <Config> - No rules loaded from ET-icmp.rules.
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/11/2019 -- 09:38:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/11/2019 -- 09:38:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/11/2019 -- 09:38:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/11/2019 -- 09:38:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/11/2019 -- 09:38:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/11/2019 -- 09:38:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/11/2019 -- 09:38:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/11/2019 -- 09:38:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/11/2019 -- 09:38:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/11/2019 -- 09:38:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/11/2019 -- 09:38:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/11/2019 -- 09:38:45 - <Config> - No rules loaded from local.rules.
18/11/2019 -- 09:38:45 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/11/2019 -- 09:38:45 - <Info> - Threshold config parsed: 0 rule(s) found
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tcp-packet
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tcp-stream
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for udp-packet
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for other-ip
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_uri
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_client_body
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_accept
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_accept_enc
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_accept_lang
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_referer
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_connection
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_method
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_raw_uri
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_user_agent
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_host
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_raw_host
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_stat_msg
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_stat_code
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for dns_query
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tls_sni
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:38:45 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:38:45 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/11/2019 -- 09:38:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/11/2019 -- 09:38:46 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/11/2019 -- 09:38:46 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/11/2019 -- 09:38:46 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/11/2019 -- 09:38:46 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/11/2019 -- 09:38:46 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/11/2019 -- 09:38:46 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/11/2019 -- 09:38:50 - <Perf> - Unique rule groups: 104
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/11/2019 -- 09:38:50 - <Perf> - Builtin MPM "other IP packet": 3
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_header": 10
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_header": 6
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_start": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_method": 5
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver http_host": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toserver file_data": 1
18/11/2019 -- 09:38:50 - <Perf> - AppLayer MPM "toclient file_data": 7
18/11/2019 -- 09:38:53 - <Perf> - Registered 39590 rule profiling counters.
18/11/2019 -- 09:38:53 - <Info> - fast output device (regular) initialized: alert
18/11/2019 -- 09:38:53 - <Info> - eve-log output device (regular) initialized: eve.json
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'alert'
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'http'
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'dns'
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'tls'
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'files'
18/11/2019 -- 09:38:53 - <Config> - enabling 'eve-log' module 'ssh'
18/11/2019 -- 09:38:53 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/11/2019 -- 09:38:53 - <Info> - stats output device (regular) initialized: stats.log
18/11/2019 

This file has been truncated. Go here to download in full.


keyword_perf.log - (14256 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:38:54
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1016348         179             179             27216           5677.00         5677.00         0.00           
  content          3361614         487             272             435492          6902.00         6271.00         7701.00        
  pcre             735940          46              10              40544           15998.00        17464.00        15591.00       
  byte_test        929966          186             76              8938            4999.00         5251.00         4825.00        
  byte_jump        66162           13              13              6236            5089.00         5089.00         0.00           
  isdataat         53544           6               0               28610           8924.00         0.00            8924.00        
  flowbits         112678          18              3               25044           6259.00         6567.00         6198.00        
  urilen           189526          36              9               7754            5264.00         5039.00         5339.00        
  byte_extract     45920           10              10              5476            4592.00         4592.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1016348         179             179             27216           5677.00         5677.00         0.00           
  flowbits         92976           15              0               25044           6198.00         0.00            6198.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1878664         260             142             435492          7225.00         5893.00         8828.00        
  pcre             246422          18              3               40544           13690.00        13744.00        13679.00       
  byte_test        929966          186             76              8938            4999.00         5251.00         4825.00        
  byte_jump        66162           13              13              6236            5089.00         5089.00         0.00           
  isdataat         49026           5               0               28610           9805.00         0.00            9805.00        
  byte_extract     45920           10              10              5476            4592.00         4592.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         19702           3               3               7646            6567.00         6567.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          176970          31              12              6968            5708.00         5663.00         5737.00        
  pcre             221882          13              1               31600           17067.00        14996.00        17240.00       
  isdataat         4518            1               0               4518            4518.00         0.00            4518.00        
  urilen           189526          36              9               7754            5264.00         5039.00         5339.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19462           3               0               7226            6487.00         0.00            6487.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          819022          114             78              35692           7184.00         7262.00         7014.00        
  pcre             231296          12              4               37512           19274.00        21916.00        17953.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          236108          38              15              25158           6213.00         5661.00         6573.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5682            1               1               5682            5682.00         5682.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5228            1               1               5228            5228.00         5228.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10956           2               2               5490            5478.00         5478.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5278            1               1               5278            5278.00         5278.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6112            1               1               6112            6112.00         6112.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          182264          32              19              7270            5695.00         6121.00         5073.00        
  pcre             30744           2               2               15584           15372.00        15372.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             5596            1               0               5596            5596.00         0.00            5596.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10548           2               0               5384            5274.00         0.00            5274.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5320            1               0               5320            5320.00         0.00            5320.00        


unified2.alert.1574069933 - (408 bytes) - download
1
4Zñ™{ÛÙ*ÊzÀ¨d¦À¨dÙ?5ˆZñ™{Zñ™{ÛÙlRT6>ÿRTJ­!E^•€ðÀ¨d¦À¨dÙ?5JßÝ5Kvhx666sast8487210tuco-salamancadynamic-dnsnet4Zñ™|Çå*ÊzÀ¨d¦À¨dÙ?5ˆZñ™|Zñ™|ÇålRT6>ÿRTJ­!E^—€ïþÀ¨d¦À¨dÙ?5JßÝ5Kvhx666sast8487210tuco-salamancadynamic-dnsnet


suricata-4.0.0-etpro-all-alert-2019-11-18-T-09-38-54-11182019.0938-b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap.txt - (430 bytes) - download
1
2
05/08/2018-12:35:07.515033  [**] [1:2804346:4] ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.166:55615 -> 192.168.100.2:53
05/08/2018-12:35:08.509925  [**] [1:2804346:4] ETPRO INFO DYNAMIC_DNS Query to a *.dynamic-dns.net Domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.166:55615 -> 192.168.100.2:53


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-11-18 09:38:31,560 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-11-18 09:38:32,297 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-11-18 09:38:32,297 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-11-18 09:38:32,297 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-11-18 09:38:32,297 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-11-18 09:38:32,298 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/14e483efeb5e9ef703eb618f9961ba3156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0938-b117753cc5ae366b2d190b40affd5a05e83fc11f184ebfd4b4b5425a06e77880.pcap -vvv -k none
2019-11-18 09:38:54,332 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-11-18 09:38:54,333 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.7816531658