Filename: 7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.8475658894 seconds
Hash: 19980d66391e010b4d56c3e1e6474532
Uploaded: 1570528046

Logfiles


suricata-report-2019-10-08-T-09-47-53-10082019.0947-7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap.txt - (17706 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/19980d66391e010b4d56c3e1e647453256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10082019.0947-7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap -vvv -k none
elapsedtime:25.801600
stderr:
stdout:
8/10/2019 -- 09:47:27 - <Info> - Configuration node 'rule-files' redefined.
8/10/2019 -- 09:47:27 - <Notice> - This is Suricata version 4.0.0 RELEASE
8/10/2019 -- 09:47:27 - <Info> - CPUs/cores online: 1
8/10/2019 -- 09:47:27 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33601 and 'request-body-inspect-window' set to 17002 after randomization.
8/10/2019 -- 09:47:27 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33181 and 'response-body-inspect-window' set to 15736 after randomization.
8/10/2019 -- 09:47:27 - <Config> - DNS request flood protection level: 500
8/10/2019 -- 09:47:27 - <Config> - DNS per flow memcap (state-memcap): 524288
8/10/2019 -- 09:47:27 - <Config> - DNS global memcap: 16777216
8/10/2019 -- 09:47:27 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
8/10/2019 -- 09:47:27 - <Config> - preallocated 1000 hosts of size 136
8/10/2019 -- 09:47:27 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
8/10/2019 -- 09:47:27 - <Config> - using magic-file /usr/share/file/magic
8/10/2019 -- 09:47:27 - <Config> - Core dump size is unlimited.
8/10/2019 -- 09:47:27 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
8/10/2019 -- 09:47:27 - <Config> - preallocated 1000 defrag trackers of size 168
8/10/2019 -- 09:47:27 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
8/10/2019 -- 09:47:27 - <Config> - stream "prealloc-sessions": 2048 (per thread)
8/10/2019 -- 09:47:27 - <Config> - stream "memcap": 33554432
8/10/2019 -- 09:47:27 - <Config> - stream "midstream" session pickups: disabled
8/10/2019 -- 09:47:27 - <Config> - stream "async-oneside": disabled
8/10/2019 -- 09:47:27 - <Config> - stream "checksum-validation": disabled
8/10/2019 -- 09:47:27 - <Config> - stream."inline": disabled
8/10/2019 -- 09:47:27 - <Config> - stream "bypass": disabled
8/10/2019 -- 09:47:27 - <Config> - stream "max-synack-queued": 5
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly "memcap": 134217728
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly "depth": 0
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly "toserver-chunk-size": 2569
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly "toclient-chunk-size": 2463
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly.raw: enabled
8/10/2019 -- 09:47:27 - <Config> - stream.reassembly "segment-prealloc": 2048
8/10/2019 -- 09:47:27 - <Config> - Delayed detect disabled
8/10/2019 -- 09:47:27 - <Config> - pattern matchers: MPM: ac, SPM: bm
8/10/2019 -- 09:47:27 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
8/10/2019 -- 09:47:27 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
8/10/2019 -- 09:47:27 - <Config> - prefilter engines: MPM
8/10/2019 -- 09:47:27 - <Config> - IP reputation disabled
8/10/2019 -- 09:47:27 - <Perf> - Registered 148 keyword profiling counters.
8/10/2019 -- 09:47:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
8/10/2019 -- 09:47:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
8/10/2019 -- 09:47:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
8/10/2019 -- 09:47:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
8/10/2019 -- 09:47:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
8/10/2019 -- 09:47:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
8/10/2019 -- 09:47:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
8/10/2019 -- 09:47:33 - <Config> - No rules loaded from ET-icmp.rules.
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
8/10/2019 -- 09:47:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
8/10/2019 -- 09:47:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
8/10/2019 -- 09:47:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
8/10/2019 -- 09:47:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
8/10/2019 -- 09:47:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
8/10/2019 -- 09:47:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
8/10/2019 -- 09:47:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
8/10/2019 -- 09:47:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
8/10/2019 -- 09:47:40 - <Config> - No rules loaded from local.rules.
8/10/2019 -- 09:47:40 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
8/10/2019 -- 09:47:41 - <Info> - Threshold config parsed: 0 rule(s) found
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tcp-packet
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tcp-stream
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for udp-packet
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for other-ip
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_uri
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_request_line
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_client_body
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_response_line
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_header
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_header
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_header_names
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_header_names
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_accept
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_accept_enc
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_accept_lang
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_referer
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_connection
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_content_len
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_content_len
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_content_type
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_content_type
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_protocol
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_protocol
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_start
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_start
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_raw_header
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_raw_header
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_method
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_cookie
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_cookie
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_raw_uri
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_user_agent
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_host
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_raw_host
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_stat_msg
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_stat_code
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for dns_query
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tls_sni
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tls_cert_issuer
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tls_cert_subject
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for tls_cert_serial
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for dce_stub_data
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for dce_stub_data
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for ssh_protocol
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for ssh_protocol
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for ssh_software
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for ssh_software
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for file_data
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for file_data
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_request_line
8/10/2019 -- 09:47:41 - <Perf> - using shared mpm ctx' for http_response_line
8/10/2019 -- 09:47:41 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
8/10/2019 -- 09:47:41 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
8/10/2019 -- 09:47:42 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
8/10/2019 -- 09:47:42 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
8/10/2019 -- 09:47:42 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
8/10/2019 -- 09:47:42 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
8/10/2019 -- 09:47:42 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
8/10/2019 -- 09:47:42 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
8/10/2019 -- 09:47:49 - <Perf> - Unique rule groups: 104
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toserver TCP packet": 35
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toclient TCP packet": 17
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toserver TCP stream": 33
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toclient TCP stream": 19
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toserver UDP packet": 27
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "toclient UDP packet": 17
8/10/2019 -- 09:47:49 - <Perf> - Builtin MPM "other IP packet": 3
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_uri": 14
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_request_line": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_client_body": 6
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_response_line": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_header": 10
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_header": 6
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_header_names": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_accept": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_referer": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_content_len": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_content_type": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_content_type": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_protocol": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_start": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_method": 5
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_cookie": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_cookie": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver http_host": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver dns_query": 4
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver tls_sni": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toserver file_data": 1
8/10/2019 -- 09:47:49 - <Perf> - AppLayer MPM "toclient file_data": 7
8/10/2019 -- 09:47:51 - <Perf> - Registered 39590 rule profiling counters.
8/10/2019 -- 09:47:51 - <Info> - fast output device (regular) initialized: alert
8/10/2019 -- 09:47:51 - <Info> - eve-log output device (regular) initialized: eve.json
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'alert'
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'http'
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'dns'
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'tls'
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'files'
8/10/2019 -- 09:47:51 - <Config> - enabling 'eve-log' module 'ssh'
8/10/2019 -- 09:47:51 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
8/10/2019 -- 09:47:51 - <Info> - stats output device (regular) initialized: stats.log
8/10/2019 -- 09:47:51 - <Config> - AutoFP mode using "Hash" flow load balancer
8/10/2019 -- 09:47:51 - <Info> - reading pcap file /var/pcap/10082019.0947-7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap
8/10/2019 -- 09:47:51 - <Config> - us

This file has been truncated. Go here to download in full.


packet_stats.log - (12797 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            34          2473946       78354876      43603824          1.5b   62.52
 IPv4      17            31          4863946       62305762      27825666        862.6m   36.38
 IPv6      17             4          5174864        7824516       6541673         26.2m    1.10
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            34           116962       17223644       1632672         55.5m   68.64
TMM_FLOWWORKER              IPv4      17            31           204964        8969746        768458         23.8m   29.46
TMM_RECEIVEPCAPFILE         IPv4       6            26             4440           6002          4880        126.9k    0.16
TMM_RECEIVEPCAPFILE         IPv4      17            31             4454          11924          5111        158.5k    0.20
TMM_DECODEPCAPFILE          IPv4       6            26             4566          17200          5375        139.8k    0.17
TMM_DECODEPCAPFILE          IPv4      17            31             4584          39996          6128        190.0k    0.23
TMM_FLOWWORKER              IPv6      17             4           188586         247188        215703        862.8k    1.07
TMM_RECEIVEPCAPFILE         IPv6      17             4             4718           5522          4956         19.8k    0.02
TMM_DECODEPCAPFILE          IPv6      17             4             4880          20540          9000         36.0k    0.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            26             4908          21760          6712        174.5k  0.23  
flow                    IPv4      17            31             4754          42704          7615        236.1k  0.31  
stream                  IPv4       6            34             6086         600002         44694          1.5m  1.96  
app-layer               IPv4      17            31             4420          54080          7484        232.0k  0.30  
detect                  IPv4       6            34            77466       17171846       1527555         51.9m  67.16 
detect                  IPv4      17            31           177040        8930862        717914         22.3m  28.78 
tcp-prune               IPv4       6            34             4460          32364          5867        199.5k  0.26  
flow                    IPv6      17             4             5364          15356         10866         43.5k  0.06  
app-layer               IPv6      17             4             4450          16130         10282         41.1k  0.05  
detect                  IPv6      17             4           160402         196540        174659        698.6k  0.90  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             9474          47550         22252         66.8k  100.00
Proto detect            IPv4       6             8             4536          18806          8133         65.1k
Proto detect            IPv4      17             4             4654          41994         14520         58.1k
Proto detect            IPv6      17             2             4852           6374          5613         11.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_HTTP            IPv4       6             3            80522         479204        220996        663.0k  87.15 
LOGGER_JSON_FILE            IPv4       6             1            97724          97724         97724         97.7k  12.85 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            10             4926         286256         95907       959.1k  15.76 
payload                           IPv4      17            31             5198         421912         30733       952.7k  15.65 
stream                            IPv4       6            10             4508         785220        176984         1.8m  29.08 
http_uri                          IPv4       6             3            11008          65092         37809       113.4k  1.86  
http_request_line                 IPv4       6             3            10112          12304         11470        34.4k  0.57  
http_client_body                  IPv4       6             6             5406         484238        157291       943.7k  15.51 
http_header (request)             IPv4       6             3           157228         184470        169803       509.4k  8.37  
http_header (request trailer)     IPv4       6             3             4636           5936          5215        15.6k  0.26  
http_header_names (request)       IPv4       6             3            35194          40392         38316       114.9k  1.89  
http_accept (request)             IPv4       6             3             5512           6182          5828        17.5k  0.29  
http_referer (request)            IPv4       6             3             5120           6164          5614        16.8k  0.28  
http_content_len (request)        IPv4       6             3             8060          10220          9015        27.0k  0.44  
http_content_type (request)       IPv4       6             3            15876          17800         16762        50.3k  0.83  
http_protocol (request)           IPv4       6             3             8408           9918          8940        26.8k  0.44  
http_start (request)              IPv4       6             3            18338          22578         20340        61.0k  1.00  
http_raw_header (request)         IPv4       6             6            15312          34210         20722       124.3k  2.04  
http_method                       IPv4       6             3             9730          10518         10171        30.5k  0.50  
http_cookie (request)             IPv4       6             3             5458           5958          5787        17.4k  0.29  
http_raw_uri                      IPv4       6             3             7486           9484          8574        25.7k  0.42  
http_user_agent                   IPv4       6             3            67556          70320         69332       208.0k  3.42  
http_host                         IPv4       6             3            11376          14056         12804        38.4k  0.63  
Total                             IPv4                   111                                         54568         6.1m
payload                           IPv6      17             4             5232          11344          7249        29.0k  0.48  
Total                             IPv6                     4                                          7249        29.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             6            20444          96468         63487        380.9k  0.42  
PROF_DETECT_IPONLY          IPv4      17             4            42846         293070        114652        458.6k  0.51  
PROF_DETECT_RULES           IPv4       6            34             4446       17033540       1222305         41.6m  45.90 
PROF_DETECT_RULES           IPv4      17            31            76830        8813836        514411         15.9m  17.61 
PROF_DETECT_STATEFUL_START    IPv4       6             6           323576        4668610       1889617         11.3m  12.52 
PROF_DETECT_STATEFUL_CONT    IPv4       6            34             4414         450698         33704          1.1m  1.27  
PROF_DETECT_STATEFUL_CONT    IPv4      17            31             4462           6210          4981        154.4k  0.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            21             4470          24014          5693        119.6k  0.13  
PROF_DETECT_PREFILTER       IPv4       6            34            13704        1275774        190463          6.5m  7.15  
PROF_DETECT_PREFILTER       IPv4      17            31            40860         466626         94684          2.9m  3.24  
PROF_DETECT_PF_PAYLOAD      IPv4       6            10            29684         804804        286505          2.9m  3.16  
PROF_DETECT_PF_PAYLOAD      IPv4      17            31            14088         430892         40040          1.2m  1.37  
PROF_DETECT_PF_TX           IPv4       6            21             4746         567394        133166          2.8m  3.09  
PROF_DETECT_PF_SORT1        IPv4       6             9             5548          17360          9490         85.4k  0.09  
PROF_DETECT_PF_SORT1        IPv4      17            31             4468           8240          5570        172.7k  0.19  
PROF_DETECT_PF_SORT2        IPv4       6            34             4440          18716          5790        196.9k  0.22  
PROF_DETECT_PF_SORT2        IPv4      17            31             4444          10736          5231        162.2k  0.18  
PROF_DETECT_NONMPMLIST      IPv4       6            34             4688          12506          5399        183.6k  0.20  
PROF_DETECT_NONMPMLIST      IPv4      17            31             4428           6734          5029        155.9k  0.17  
PROF_DETECT_ALERT           IPv4       6            34             4418           6190          4833        164.3k  0.18  
PROF_DETECT_ALERT           IPv4      17            31             4420          19812          5128        159.0k  0.18  
PROF_DETECT_CLEANUP         IPv4       6            34             4464          15580          5722        194.6k  0.21  
PROF_DETECT_CLEANUP         IPv4      17            31             4412           7270          4669        144.8k  0.16  
PROF_DETECT_GETSGH          IPv4       6            34             4442          12172          5777        196.4k  0.22  
PROF_DETECT_GETSGH          IPv4      17            31             4446         427870         21371        662.5k  0.73  
PROF_DETECT_IPONLY          IPv6      17             2             5598          12054          8826         17.7k  0.02  
PROF_DETECT_RULES           IPv6      17             4            58682          60954         59481        237.9k  0.26  
PROF_DETECT_STATEFUL_CONT    IPv6      17             4             4496           4794          4689         18.8k  0.02  
PROF_DETECT_PREFILTER       IPv6      17             4            41260          48910         43865        175.5k  0.19  
PROF_DETECT_PF_PAYLOAD      IPv6      17             4            14132          20478         16336         65.3k  0.07  
PROF_DETECT_PF_SORT1        IPv6      17             4             4490           4856          4628         18.5k  0.02  
PROF_DETECT_PF_SORT2        IPv6      17             4             4450           4588          4515         18.1k  0.02  
PROF_DETECT_NONMPMLIST      IPv6      17             4             4484           4776          4656         18.6k  0.02  
PROF_DETECT_ALERT           IPv6      17             4             4428           4530          4462         17.8k  0.02  
PROF_DETECT_CLEANUP         IPv6      17             4             4490           5234          4851         19.4k  0.02  
PROF_DETECT_GETSGH          IPv6      17             4             4792          10464          7494         30.0k  0.03  


stats.log - (2982 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 10/8/2019 -- 09:47:53 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 253
decoder.bytes                              | Total                     | 20221
decoder.ipv4                               | Total                     | 57
decoder.ipv6                               | Total                     | 4
decoder.ethernet                           | Total                     | 253
decoder.tcp                                | Total                     | 26
decoder.udp                                | Total                     | 35
decoder.avg_pkt_size                       | Total                     | 79
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 6
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 3
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 13
app_layer.tx.http                          | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 6
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 3
flow_mgr.flows_timeout_inuse               | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65527
flow_mgr.rows_empty                        | Total                     | 5
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (2001 bytes) - download
1
2
3
4
{"timestamp":"2019-10-07T08:45:27.214208+0000","flow_id":465522822604598,"event_type":"http","src_ip":"192.168.100.24","src_port":51045,"dest_ip":"218.103.37.229","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.webcrawler.com","url":"\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-10-07T08:45:27.214208+0000","flow_id":1756126127419542,"event_type":"http","src_ip":"192.168.100.24","src_port":49223,"dest_ip":"218.103.37.229","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.alltheweb.com","url":"\/main\/board\/write.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-10-07T08:45:27.214208+0000","flow_id":610284703137238,"event_type":"http","src_ip":"192.168.100.24","src_port":52897,"dest_ip":"23.115.75.188","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bing.com","url":"\/member\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-10-07T08:45:27.214208+0000","flow_id":610284703137238,"event_type":"fileinfo","src_ip":"192.168.100.24","src_port":52897,"dest_ip":"23.115.75.188","dest_port":80,"proto":"TCP","http":{"hostname":"www.bing.com","url":"\/member\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"mypage.docx","gaps":false,"state":"CLOSED","stored":false,"size":677,"tx_id":0}}


keyword_perf.log - (9632 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/8/2019 -- 09:47:53
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            22756           3               3               12630           7585.00         7585.00         0.00           
  flow             1836548         302             302             92060           6081.00         6081.00         0.00           
  content          4236076         582             374             427898          7278.00         6739.00         8248.00        
  pcre             1048398         78              33              87802           13441.00        13951.00        13066.00       
  byte_test        232338          39              39              25062           5957.00         5957.00         0.00           
  byte_jump        77488           14              13              10406           5534.00         5331.00         8174.00        
  flowbits         79348           6               6               24796           13224.00        13224.00        0.00           
  urilen           517580          91              22              22772           5687.00         5097.00         5876.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            22756           3               3               12630           7585.00         7585.00         0.00           
  flow             1836548         302             302             92060           6081.00         6081.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          623210          92              60              22454           6774.00         7345.00         5701.00        
  pcre             35522           3               0               19694           11840.00        0.00            11840.00       
  byte_test        232338          39              39              25062           5957.00         5957.00         0.00           
  byte_jump        77488           14              13              10406           5534.00         5331.00         8174.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         79348           6               6               24796           13224.00        13224.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          496734          78              56              23222           6368.00         6249.00         6671.00        
  pcre             643752          46              18              87802           13994.00        16674.00        12272.00       
  urilen           517580          91              22              22772           5687.00         5097.00         5876.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          231944          30              7               22668           7731.00         8210.00         7585.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1957794         228             151             427898          8586.00         6923.00         11849.00       
  pcre             311030          23              9               66506           13523.00        11351.00        14919.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          128264          22              8               7174            5830.00         5888.00         5797.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4710            1               0               4710            4710.00         0.00            4710.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          267068          45              38              21652           5934.00         5902.00         6109.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          526352          86              54              21628           6120.00         6581.00         5342.00        
  pcre             58094           6               6               16434           9682.00         9682.00         0.00           


suricata-4.0.0-etpro-all-perf.txt-2019-10-08-T-09-47-53-10082019.0947-7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap.txt - (23254 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 10/8/2019 -- 09:47:53. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        9999612      29.07  13       0        8590486     769200.92   0.00        769200.92  
  2        2019094      1        5        1861074      5.41   4        0        1745764     465268.50   0.00        465268.50  
  3        2022503      1        2        648486       1.89   3        0        525646      216162.00   0.00        216162.00  
  4        2807970      1        8        556292       1.62   2        0        488754      278146.00   0.00        278146.00  
  5        2812433      1        2        537382       1.56   2        0        479674      268691.00   0.00        268691.00  
  6        2816165      1        5        545706       1.59   3        0        457906      181902.00   0.00        181902.00  
  7        2826256      1        2        524070       1.52   3        0        451104      174690.00   0.00        174690.00  
  8        2023627      1        3        554220       1.61   27       0        417784      20526.67    0.00        20526.67   
  9        2815324      1        2        269422       0.78   3        0        176566      89807.33    0.00        89807.33   
  10       2807440      1        3        153890       0.45   1        0        153890      153890.00   0.00        153890.00  
  11       2822458      1        2        213584       0.62   3        0        128274      71194.67    0.00        71194.67   
  12       2816909      1        2        310640       0.90   3        0        122404      103546.67   0.00        103546.67  
  13       2022339      1        2        270820       0.79   3        0        121064      90273.33    0.00        90273.33   
  14       2812976      1        3        262378       0.76   3        0        116348      87459.33    0.00        87459.33   
  15       2018793      1        4        112186       0.33   1        0        112186      112186.00   0.00        112186.00  
  16       2816940      1        2        313934       0.91   3        0        107208      104644.67   0.00        104644.67  
  17       2816910      1        2        285592       0.83   3        0        99674       95197.33    0.00        95197.33   
  18       2022080      1        1        204756       0.60   3        3        97050       68252.00    68252.00    0.00       
  19       2022901      1        2        172716       0.50   2        0        91604       86358.00    0.00        86358.00   
  20       2829004      1        4        188188       0.55   3        0        91142       62729.33    0.00        62729.33   
  21       2017264      1        2        89976        0.26   1        0        89976       89976.00    0.00        89976.00   
  22       2023315      1        2        243856       0.71   3        0        89762       81285.33    0.00        81285.33   
  23       2018452      1        15       200584       0.58   3        0        85816       66861.33    0.00        66861.33   
  24       2025064      1        5        205518       0.60   3        0        85000       68506.00    0.00        68506.00   
  25       2809363      1        3        154960       0.45   2        0        83614       77480.00    0.00        77480.00   
  26       2021418      1        9        157510       0.46   2        0        83322       78755.00    0.00        78755.00   
  27       2816925      1        3        205006       0.60   3        0        82206       68335.33    0.00        68335.33   
  28       2816927      1        3        171498       0.50   3        0        81278       57166.00    0.00        57166.00   
  29       2017261      1        3        148236       0.43   2        0        80868       74118.00    0.00        74118.00   
  30       2016858      1        10       206816       0.60   3        0        80660       68938.67    0.00        68938.67   
  31       2821471      1        2        148238       0.43   2        0        79982       74119.00    0.00        74119.00   
  32       2816928      1        3        168150       0.49   3        0        79836       56050.00    0.00        56050.00   
  33       2024767      1        2        183234       0.53   3        0        78744       61078.00    0.00        61078.00   
  34       2825926      1        2        78328        0.23   1        0        78328       78328.00    0.00        78328.00   
  35       2820851      1        5        197396       0.57   3        0        78294       65798.67    0.00        65798.67   
  36       2816365      1        3        123768       0.36   2        0        78058       61884.00    0.00        61884.00   
  37       2019881      1        3        182722       0.53   3        0        77882       60907.33    0.00        60907.33   
  38       2020380      1        3        149012       0.43   3        0        76872       49670.67    0.00        49670.67   
  39       2815942      1        2        76374        0.22   1        0        76374       76374.00    0.00        76374.00   
  40       2014967      1        3        110354       0.32   2        0        74992       55177.00    0.00        55177.00   
  41       2023875      1        2        196268       0.57   3        0        74804       65422.67    0.00        65422.67   
  42       2024565      1        3        175056       0.51   3        0        73418       58352.00    0.00        58352.00   
  43       2018358      1        7        195060       0.57   3        0        73176       65020.00    0.00        65020.00   
  44       2021413      1        2        139524       0.41   2        0        71796       69762.00    0.00        69762.00   
  45       2018386      1        2        70340        0.20   1        0        70340       70340.00    0.00        70340.00   
  46       2816929      1        4        181124       0.53   3        0        70144       60374.67    0.00        60374.67   
  47       2823263      1        3        180450       0.52   3        0        68394       60150.00    0.00        60150.00   
  48       2828122      1        2        183448       0.53   3        0        68042       61149.33    0.00        61149.33   
  49       2816327      1        4        181054       0.53   3        0        67774       60351.33    0.00        60351.33   
  50       2816924      1        4        172632       0.50   3        0        67360       57544.00    0.00        57544.00   
  51       2015877      1        6        118960       0.35   2        0        66828       59480.00    0.00        59480.00   
  52       2011894      1        19       190418       0.55   3        0        66080       63472.67    0.00        63472.67   
  53       2819673      1        4        157660       0.46   3        0        66018       52553.33    0.00        52553.33   
  54       2816899      1        2        102280       0.30   2        0        65012       51140.00    0.00        51140.00   
  55       2018496      1        9        171546       0.50   3        0        64582       57182.00    0.00        57182.00   
  56       2816525      1        10       173794       0.51   3        0        63896       57931.33    0.00        57931.33   
  57       2815568      1        2        114026       0.33   2        0        63300       57013.00    0.00        57013.00   
  58       2022220      1        2        180300       0.52   3        0        63084       60100.00    0.00        60100.00   
  59       2823858      1        3        108838       0.32   2        0        62958       54419.00    0.00        54419.00   
  60       2017613      1        9        167734       0.49   3        0        62456       55911.33    0.00        55911.33   
  61       2816328      1        5        166248       0.48   3        0        60652       55416.00    0.00        55416.00   
  62       2815254      1        7        153136       0.45   3        0        60366       51045.33    0.00        51045.33   
  63       2023083      1        2        155774       0.45   3        0        60282       51924.67    0.00        51924.67   
  64       2020181      1        8        119170       0.35   2        0        60234       59585.00    0.00        59585.00   
  65       2815102      1        2        59410        0.17   1        0        59410       59410.00    0.00        59410.00   
  66       2821569      1        7        116950       0.34   2        0        59398       58475.00    0.00        58475.00   
  67       2815817      1        5        156094       0.45   3        0        59006       52031.33    0.00        52031.33   
  68       2809511      1        4        114190       0.33   2        0        57756       57095.00    0.00        57095.00   
  69       2016051      1        5        57656        0.17   1        0        57656       57656.00    0.00        57656.00   
  70       2022049      1        3        126438       0.37   3        0        56914       42146.00    0.00        42146.00   
  71       2016537      1        2        133784       0.39   3        0        53620       44594.67    0.00        44594.67   
  72       2022502      1        4        125760       0.37   3        0        53470       41920.00    0.00        41920.00   
  73       2019141      1        3        150366       0.44   3        0        53180       50122.00    0.00        50122.00   
  74       2809547      1        5        120984       0.35   3        0        53022       40328.00    0.00        40328.00   
  75       2809682      1        5        123194       0.36   3        0        51646       41064.67    0.00        41064.67   
  76       2019693      1        5        145870       0.42   3        0        51262       48623.33    0.00        48623.33   
  77       2022207      1        4        145558       0.42   3        0        48788       48519.33    0.00        48519.33   
  78       2024178      1        2        122258       0.36   3        0        48746       40752.67    0.00        40752.67   
  79       2816526      1        13       139538       0.41   3        0        48564       46512.67    0.00        46512.67   
  80       2022262      1        3        142604       0.41   3        0        48436       47534.67    0.00        47534.67   
  81       2820031      1        2        139806       0.41   3        0        48248       46602.00    0.00        46602.00   
  82       2816356      1        2        142116       0.41   3        0        48024       47372.00    0.00        47372.00   
  83       2013672      1        3        140630       0.41   3        0        47914       46876.67    0.00        46876.67   
  84       2018981      1        4        142192       0.41   3        0        47754       47397.33    0.00        47397.33   
  85       2023670      1        3        235368       0.68   6        3        47610       39228.00    31386.00    47070.00   
  86       2019344      1        5        141074       0.41   3        0        47544       47024.67    0.00        47024.67   
  87       2807793      1        4        93944        0.27   2        0        47496       46972.00    0.00        46972.00   
  88       2812916      1        6        141382       0.41   3        0        47150       47127.33    0.00        47127.33   
  89       2017948      1        2        145746       0.42   4        0        46872       36436.50    0.00        36436.50   
  90       2020295      1        6        136008       0.40   3        0        46298       45336.00    0.00        45336.00   
  91       2816930      1        4        134738       0.39   3        0        45672       44912.67    0.00        44912.67   
  92       2816922      1        5        135542       0.39   3        0        45656       45180.67    0.00        45180.67   
  93       2816931      1        3        134142       0.39   3        0        45490       44714.00    0.00        44714.00   
  94       2018983      1        7        136030       0.40   3        0        45436       45343.33    0.00        45343.33   
  95       2018242      1        5        134708       0.39   3        0        44992       44902.67    0.00        44902.67   
  96       2018958      1        18       117668       0.34   3        0        44808       39222.67    0.00        39222.67   
  97       2014380      1        4        212116       0.62   6        0        43908       35352.67    0.00        35352.67   
  98       2020705      1        4        116894       0.34   3        0        43606       38964.67    0.00        38964.67   
  99       2020586      1        3        43424        0.13   1        0        43424       43424.00    0.00        43424.00   
  100      2822109      1        2        109390       0.32   3        0        41726       36463.33    0.00        36463.33   
  101      2815201      1        2        111388       0.32   3        0        38764       37129.33    0.00        37129.33   
  102      2820809      1        2        105898       0.31   3        0        38548       35299.33    0.00        35299.33   
  103      2827279      1        5        110646       0.32   3        0        38460       36882.00    0.00        36882.00   
  104      2016706      1        20       75210        0.22   2        0        38382       37605.00    0.00        37605.00   
  105      2827580      1        7        109290       0.32   3        0        37592       36430.00    0.00        36430.00   
  106      2804626      1        9        108398       0.32   3        0        37438       36132.67    0.00        36132.67   
  107      2003657      1        18       108998       0.32   3        0        37188       36332.67    0.00        36332.67   
  108      2828008      1        2        107232       0.31   3        0        36976       35744.00    0.00        35744.00   
  109      2003492      1        30       109068       0.32   3        0        36878       36356.00    0.00        36356.00   
  110      2017552      1        6        211866       0.62   6        0        36660       35311.00    0.00        35311.00   
  111      2024606      1        2        71942        0.21   2        0        36518       35971.00    0.00        35971.00   
  112      2016757      1        10       36406        0.11   1        0        36406       36406.00    0.00        36406.00   
  113      2816668      1        3        35842        0.10   1        0        35842       35842.00    0.00        35842.00   
  114      2815033      1        2        103216       0.30   3        0        35560       34405.33    0.00        34405.33   
  115      2016809      1        5        70348        0.20   2        0        35286       35174.00    0.00        35174.00   
  116      2018010      1        5        103630       0.30   3        0        35260       34543.33    0.00        34543.33   
  117      2016223      1        10       103586       0.30   3        0        35232       34528.67    0.00        34528.67   
  118      2805260      1        4        102408       0.30   3        0        34446       34136.00    0.00        34136.00   
  119      2010140      1        7        248942       0.72   35       0        30200       7112.63     0.00        7112.63    
  120      2809487      1        2        50108        0.15   6        0        21552       8351.33     0.00        8351.33    
  121      2810793      1        5        31294        0.09   3        0        21142       10431.33    0.00        10431.33   
  122      2019016      1        3        77376        0.22   13       0        19326       5952.00     0.00        5952.00    
  123      2008120      1        4        176604       0.51   35       0        14738       5045.83     0.00        5045.83    
  124      2811402      1        2        17220        0.05   2        0        11686       8610.00     0.00        8610.00    
  125      2008116      1        4        7

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-10-08 09:47:26,895 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-08 09:47:27,669 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-08 09:47:27,669 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-08 09:47:27,670 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-08 09:47:27,670 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-08 09:47:27,670 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/19980d66391e010b4d56c3e1e647453256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10082019.0947-7dbf4104-7aac-46bb-b8ef-7842b590eaee.pcap -vvv -k none
2019-10-08 09:47:53,474 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-08 09:47:53,475 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.5901889801