Filename: 95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etproenall-all
Runtime: 26.2918298244 seconds
Hash: 1c9ec1428c60cbfa2fe14163233c2839
Uploaded: 1564912020

Logfiles


suricata-4.0.0-etproenall-all-perf.txt-2019-08-04-T-09-47-26-08042019.0932-95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap.txt - (96085 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/4/2019 -- 09:47:26. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2803396      1        1        15148092     8.74   3        0        15138224    5049364.00  0.00        5049364.00 
  2        2803398      1        1        13298278     7.67   3        0        13288452    4432759.33  0.00        4432759.33 
  3        2803400      1        1        13284008     7.66   3        0        13273046    4428002.67  0.00        4428002.67 
  4        2803395      1        1        1478052      0.85   3        0        1468168     492684.00   0.00        492684.00  
  5        2803397      1        1        662972       0.38   3        0        653102      220990.67   0.00        220990.67  
  6        2803399      1        1        647732       0.37   3        0        637894      215910.67   0.00        215910.67  
  7        2000540      1        8        1121138      0.65   42       0        306870      26693.76    0.00        26693.76   
  8        2815806      1        7        618916       0.36   7        0        109242      88416.57    0.00        88416.57   
  9        2816899      1        2        266996       0.15   6        0        101440      44499.33    0.00        44499.33   
  10       2807506      1        5        595816       0.34   7        0        101428      85116.57    0.00        85116.57   
  11       2816910      1        2        611678       0.35   7        0        99620       87382.57    0.00        87382.57   
  12       2010697      1        8        533690       0.31   7        0        99074       76241.43    0.00        76241.43   
  13       2811864      1        5        481180       0.28   6        0        93250       80196.67    0.00        80196.67   
  14       2100523      1        6        838902       0.48   77       0        92608       10894.83    0.00        10894.83   
  15       2816909      1        2        600384       0.35   7        0        91844       85769.14    0.00        85769.14   
  16       2015872      1        6        415152       0.24   6        0        91174       69192.00    0.00        69192.00   
  17       2001328      1        13       644978       0.37   35       0        89610       18427.94    0.00        18427.94   
  18       2815180      1        3        388910       0.22   6        0        88990       64818.33    0.00        64818.33   
  19       2816895      1        2        420642       0.24   6        0        84902       70107.00    0.00        70107.00   
  20       2010500      1        6        84664        0.05   1        1        84664       84664.00    84664.00    0.00       
  21       2815804      1        8        448526       0.26   6        0        82638       74754.33    0.00        74754.33   
  22       2816925      1        3        465392       0.27   7        0        82078       66484.57    0.00        66484.57   
  23       2019378      1        12       415038       0.24   6        0        81860       69173.00    0.00        69173.00   
  24       2017036      1        3        355418       0.21   6        0        80634       59236.33    0.00        59236.33   
  25       2805348      1        4        79292        0.05   1        0        79292       79292.00    0.00        79292.00   
  26       2811826      1        7        395148       0.23   6        0        79026       65858.00    0.00        65858.00   
  27       2017454      1        12       399480       0.23   6        0        78082       66580.00    0.00        66580.00   
  28       2811827      1        6        403754       0.23   6        0        77712       67292.33    0.00        67292.33   
  29       2819647      1        3        347212       0.20   6        0        77518       57868.67    0.00        57868.67   
  30       2821471      1        2        301364       0.17   6        0        77506       50227.33    0.00        50227.33   
  31       2816931      1        3        403252       0.23   7        0        77112       57607.43    0.00        57607.43   
  32       2811828      1        12       391392       0.23   6        0        76918       65232.00    0.00        65232.00   
  33       2816927      1        3        525226       0.30   7        0        76622       75032.29    0.00        75032.29   
  34       2815805      1        8        416700       0.24   7        0        76584       59528.57    0.00        59528.57   
  35       2002561      1        5        279126       0.16   14       0        75646       19937.57    0.00        19937.57   
  36       2020027      1        3        415710       0.24   7        0        75552       59387.14    0.00        59387.14   
  37       2816356      1        2        409520       0.24   7        0        73958       58502.86    0.00        58502.86   
  38       2806468      1        2        306494       0.18   6        0        73286       51082.33    0.00        51082.33   
  39       2816922      1        5        413088       0.24   7        0        72142       59012.57    0.00        59012.57   
  40       2011583      1        4        407126       0.23   7        0        71404       58160.86    0.00        58160.86   
  41       2803506      1        10       418310       0.24   7        0        71308       59758.57    0.00        59758.57   
  42       2815181      1        3        352204       0.20   6        0        70908       58700.67    0.00        58700.67   
  43       2019094      1        5        311082       0.18   6        0        70650       51847.00    0.00        51847.00   
  44       2816352      1        5        362448       0.21   6        0        70530       60408.00    0.00        60408.00   
  45       2815533      1        3        414924       0.24   7        0        70496       59274.86    0.00        59274.86   
  46       2017452      1        3        352054       0.20   6        0        70196       58675.67    0.00        58675.67   
  47       2823858      1        3        303616       0.18   6        0        69948       50602.67    0.00        50602.67   
  48       2017076      1        9        348302       0.20   6        0        69940       58050.33    0.00        58050.33   
  49       2815758      1        4        317498       0.18   6        0        69866       52916.33    0.00        52916.33   
  50       2013154      1        5        417512       0.24   7        0        69632       59644.57    0.00        59644.57   
  51       2016809      1        5        353406       0.20   6        0        69252       58901.00    0.00        58901.00   
  52       2808578      1        3        344326       0.20   6        0        68842       57387.67    0.00        57387.67   
  53       2017556      1        3        356056       0.21   6        0        67988       59342.67    0.00        59342.67   
  54       2809906      1        4        362020       0.21   7        0        67988       51717.14    0.00        51717.14   
  55       2812616      1        2        67926        0.04   1        0        67926       67926.00    0.00        67926.00   
  56       2017376      1        7        336414       0.19   6        0        67578       56069.00    0.00        56069.00   
  57       2815182      1        3        337052       0.19   6        0        67538       56175.33    0.00        56175.33   
  58       2805089      1        6        67154        0.04   1        0        67154       67154.00    0.00        67154.00   
  59       2016975      1        3        350276       0.20   7        0        66954       50039.43    0.00        50039.43   
  60       2816924      1        4        325240       0.19   7        0        66608       46462.86    0.00        46462.86   
  61       2021418      1        9        310908       0.18   6        0        66092       51818.00    0.00        51818.00   
  62       2816940      1        2        364714       0.21   7        0        65972       52102.00    0.00        52102.00   
  63       2003394      1        8        373388       0.22   7        0        65412       53341.14    0.00        53341.14   
  64       2829848      1        2        287726       0.17   6        0        65272       47954.33    0.00        47954.33   
  65       2014442      1        6        375948       0.22   6        0        64908       62658.00    0.00        62658.00   
  66       2021718      1        4        291438       0.17   6        0        64874       48573.00    0.00        48573.00   
  67       2816929      1        4        321246       0.19   7        0        64558       45892.29    0.00        45892.29   
  68       2023083      1        2        348442       0.20   7        0        64428       49777.43    0.00        49777.43   
  69       2816928      1        3        437728       0.25   7        0        64050       62532.57    0.00        62532.57   
  70       2816707      1        2        323220       0.19   6        0        63860       53870.00    0.00        53870.00   
  71       2810058      1        3        365142       0.21   7        0        62320       52163.14    0.00        52163.14   
  72       2816525      1        10       345184       0.20   7        0        62270       49312.00    0.00        49312.00   
  73       2815759      1        4        295702       0.17   6        0        62164       49283.67    0.00        49283.67   
  74       2829661      1        2        280594       0.16   6        0        62000       46765.67    0.00        46765.67   
  75       2015803      1        8        303382       0.18   6        0        61812       50563.67    0.00        50563.67   
  76       2815568      1        2        333210       0.19   6        0        61482       55535.00    0.00        55535.00   
  77       2020963      1        2        292202       0.17   6        0        61054       48700.33    0.00        48700.33   
  78       2815817      1        5        328072       0.19   7        0        61018       46867.43    0.00        46867.43   
  79       2828060      1        4        282842       0.16   6        0        60994       47140.33    0.00        47140.33   
  80       2811905      1        3        282874       0.16   6        0        60940       47145.67    0.00        47145.67   
  81       2017948      1        2        319048       0.18   6        0        60724       53174.67    0.00        53174.67   
  82       2801587      1        1        512722       0.30   14       0        60614       36623.00    0.00        36623.00   
  83       2815764      1        5        292522       0.17   6        0        60562       48753.67    0.00        48753.67   
  84       2812433      1        2        279666       0.16   6        0        60420       46611.00    0.00        46611.00   
  85       2809363      1        3        282520       0.16   6        0        60358       47086.67    0.00        47086.67   
  86       2815871      1        2        385396       0.22   7        0        60338       55056.57    0.00        55056.57   
  87       2021157      1        8        329008       0.19   7        0        60280       47001.14    0.00        47001.14   
  88       2025064      1        5        337728       0.19   7        0        60268       48246.86    0.00        48246.86   
  89       2803305      1        7        339586       0.20   7        0        60258       48512.29    0.00        48512.29   
  90       2801364      1        4        325962       0.19   7        0        60170       46566.00    0.00        46566.00   
  91       2816930      1        4        346592       0.20   7        0        59994       49513.14    0.00        49513.14   
  92       2816337      1        5        327722       0.19   7        0        59380       46817.43    0.00        46817.43   
  93       2008197      1        5        329098       0.19   7        0        59344       47014.00    0.00        47014.00   
  94       2807793      1        4        280476       0.16   6        0        59320       46746.00    0.00        46746.00   
  95       2008065      1        6        589394       0.34   14       0        59134       42099.57    0.00        42099.57   
  96       2020181      1        8        298462       0.17   6        0        59020       49743.67    0.00        49743.67   
  97       2816526      1        13       318104       0.18   7        0        58530       45443.43    0.00        45443.43   
  98       2000538      1        8        929472       0.54   42       0        58358       22130.29    0.00        22130.29   
  99       2003045      1        4        286522       0.17   7        0        57908       40931.71    0.00        40931.71   
  100      2020399      1        5        373140       0.22   7        0        57868       53305.71    0.00        53305.71   
  101      2101437      1        13       340890       0.20   7        0        57744       48698.57    0.00        48698.57   
  102      2807682      1        2        243556       0.14   6        0        57676       40592.67    0.00        40592.67   
  103      2819673      1        4        317064       0.18   7        0        57574       45294.86    0.00        45294.86   
  104      2816619      1        2        57422        0.03   1        0        57422       57422.00    0.00        57422.00   
  105      2016706      1        20       326332       0.19   6        0        57062       54388.67    0.00        54388.67   
  106      2009583      1        3        315058       0.18   14       0        57038       22504.14    0.00        22504.14   
  107      2017706      1        6        326616       0.19   6        0        56862       54436.00    0.00        54436.00   
  108      2017456      1        3        322794       0.19   6        0        56714       53799.00    0.00        53799.00   
  109      2800489      1        3        475558       0.27   14       0        56680       33968.43    0.00        33968.43   
  110      2018589      1        6        328690       0.19   6        0        56554       54781.67    0.00        54781.67   
  111      2803265      1        2        56542        0.03   1        0        56542       56542.00    0.00        56542.00   
  112      2816094      1        4        278224       0.16   6        0        56262       46370.67    0.00        46370.67   
  113      2808793      1        3        56202        0.03   1        0        56202       56202.00    0.00        56202.00   
  114      2801545      1        1        476848       0.28   14       0        55692       34060.57    0.00        34060.57   
  115      2816328      1        5        364958       0.21   7        0        54986       52136.86    0.00        52136.86   
  116      2820851      1        5        327348       0.19   7        0        54830       46764.00    0.00        46764.00   
  117      2815220      1        2        318536       0.18   6        0        54766       53089.33    0.00        53089.33   
  118      2800704      1        4        239232       0.14   6        0        54512       39872.00    0.00        39872.00   
  119      2828008      1        2        258382       0.15   7        0        54238       36911.71    0.00        36911.71   
  120      2014379      1        2        445414       0.26   14       0        54080       31815.29    0.00        31815.29   
  121      2022502      1        4        271776       0.16   7        0        53442       38825.14    0.00        38825.14   
  122      2008664      1        11       53382        0.03   1        0        53382       53382.00    0.00        53382.00   
  123      2015933      1        6        53148        0.03   1        0        53148       53148.00    0.00        53148.00   
  124      2822633      1        3        225438       0.13   6        0        52892       37573.00    0.00        37573.00   
  125      2002704      1        5        24

This file has been truncated. Go here to download in full.


packet_stats.log - (14713 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             4         16789970      135991908      48717766        194.9m    1.58
 IPv4       6            70         83811286      257890098     169946848         11.9b   96.47
 IPv4      17             3         24285816      133035586      80204158        240.6m    1.95
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             4          2637242       14259864       5673018         22.7m    8.82
TMM_FLOWWORKER              IPv4       6            70           333930       12991228       2438544        170.7m   66.35
TMM_FLOWWORKER              IPv4      17             3          1942252       59000050      21016160         63.0m   24.51
TMM_RECEIVEPCAPFILE         IPv4       1             4             4456           4758          4653         18.6k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6            70             4428           5742          4710        329.7k    0.13
TMM_RECEIVEPCAPFILE         IPv4      17             3             5484           6154          5751         17.3k    0.01
TMM_DECODEPCAPFILE          IPv4       1             4             4874          76024         22796         91.2k    0.04
TMM_DECODEPCAPFILE          IPv4       6            70             4552           5958          4841        338.9k    0.13
TMM_DECODEPCAPFILE          IPv4      17             3             4712          13228          7764         23.3k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             5764           5764          5764          5.8k  0.00  
flow                    IPv4       6            70             4926          22424          5874        411.2k  0.16  
flow                    IPv4      17             3             6374          21544         13141         39.4k  0.02  
stream                  IPv4       6            70             5366         360044         30185          2.1m  0.84  
app-layer               IPv4      17             3            16942          61836         33070         99.2k  0.04  
detect                  IPv4       1             4          2519654       13604416       5413461         21.7m  8.60  
detect                  IPv4       6            70           295350       12944244       2349219        164.4m  65.33 
detect                  IPv4      17             3          1766208       58747638      20853870         62.6m  24.86 
tcp-prune               IPv4       6            70             4464          31234          5285        370.0k  0.15  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7            14932          39892         19648        137.5k  73.07 
http                    IPv4      17             1            18394          18394         18394         18.4k  9.77  
dns                     IPv4      17             2            10846          21438         16142         32.3k  17.15 
Proto detect            IPv4      17             3             6290          23698         17895         53.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             4            16412         156422         55160        220.6k  8.94  
LOGGER_ALERT_FAST           IPv4       6             3            47400          57418         53350        160.1k  6.48  
LOGGER_UNIFIED2             IPv4       1             4            24850         137592         55225        220.9k  8.95  
LOGGER_UNIFIED2             IPv4       6             3            36988          48602         44105        132.3k  5.36  
LOGGER_JSON_ALERT           IPv4       1             4            48030         330344        120906        483.6k  19.59 
LOGGER_JSON_ALERT           IPv4       6             3            77140         120812         94891        284.7k  11.53 
LOGGER_JSON_DNS             IPv4      17             2            63342         176068        119705        239.4k  9.70  
LOGGER_JSON_HTTP            IPv4       6             7            53862         130332         94211        659.5k  26.72 
LOGGER_JSON_FILE            IPv4       6             1            67240          67240         67240         67.2k  2.72  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             4             4706          11858          9120        36.5k  0.73  
payload                           IPv4       6            28             4520         141600         40163         1.1m  22.49 
payload                           IPv4      17             3            49334         114000         81908       245.7k  4.91  
stream                            IPv4       6            28             4486         116782         41304         1.2m  23.13 
http_uri                          IPv4       6             7            31796          58712         41201       288.4k  5.77  
http_request_line                 IPv4       6             7             7204          10088          8298        58.1k  1.16  
http_client_body                  IPv4       6             7             5070           6854          5411        37.9k  0.76  
http_header (request)             IPv4       6             7            27364          73160         41550       290.9k  5.82  
http_header (request trailer)     IPv4       6             7             4498           4750          4550        31.9k  0.64  
http_header_names (request)       IPv4       6             7            10530          19258         14035        98.2k  1.97  
http_accept (request)             IPv4       6             7             5188           7006          5728        40.1k  0.80  
http_referer (request)            IPv4       6             7             4754           5886          5036        35.3k  0.71  
http_content_len (request)        IPv4       6             7             4942           5606          5270        36.9k  0.74  
http_content_type (request)       IPv4       6             7             4816           6266          5183        36.3k  0.73  
http_protocol (request)           IPv4       6             7             5950           8496          6849        47.9k  0.96  
http_start (request)              IPv4       6             7            10606          15664         12374        86.6k  1.73  
http_raw_header (request)         IPv4       6             7            14956          24134         19283       135.0k  2.70  
http_method                       IPv4       6             7             6056           9122          7628        53.4k  1.07  
http_cookie (request)             IPv4       6             7             4868           7938          5359        37.5k  0.75  
http_raw_uri                      IPv4       6             7             7340          30666         11839        82.9k  1.66  
http_user_agent                   IPv4       6             7            11616          27614         17186       120.3k  2.41  
http_host                         IPv4       6             7             6074           9314          7758        54.3k  1.09  
dns_query                         IPv4      17             1            12600          12600         12600        12.6k  0.25  
http_response_line                IPv4       6             7             7584          11154          9382        65.7k  1.31  
http_header (response)            IPv4       6             7            30676          61890         46261       323.8k  6.48  
http_header (response trailer)    IPv4       6             7             4522           9144          8413        58.9k  1.18  
http_content_type (response)      IPv4       6             7             7658          13052          9409        65.9k  1.32  
http_raw_header (response)        IPv4       6             7            16200          37778         20489       143.4k  2.87  
http_cookie (response)            IPv4       6             7             5012          10450          8270        57.9k  1.16  
http_stat_msg                     IPv4       6             7             6000          25302          9943        69.6k  1.39  
http_stat_code                    IPv4       6             7             6062          25084          9520        66.6k  1.33  
Total                             IPv4                   246                                         20323         5.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             4            53486         145366         84037        336.1k  0.12  
PROF_DETECT_IPONLY          IPv4       6            14            60898         103248         75210          1.1m  0.37  
PROF_DETECT_IPONLY          IPv4      17             3            55828          77508         63704        191.1k  0.07  
PROF_DETECT_RULES           IPv4       1             4          2358180       13261200       5193178         20.8m  7.36  
PROF_DETECT_RULES           IPv4       6            70           220648       12289894       2132524        149.3m  52.89 
PROF_DETECT_RULES           IPv4      17             3          1427904       58383426      20481844         61.4m  21.77 
PROF_DETECT_STATEFUL_START    IPv4       6            27             9034        4450222       1086707         29.3m  10.40 
PROF_DETECT_STATEFUL_CONT    IPv4       1             4             4472           4716          4618         18.5k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       6            70             4408          76730          9523        666.7k  0.24  
PROF_DETECT_STATEFUL_CONT    IPv4      17             3             4456          60408         25298         75.9k  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            42             4488           5336          4745        199.3k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             4900           8074          6487         13.0k  0.00  
PROF_DETECT_PREFILTER       IPv4       1             4            32656          62542         44219        176.9k  0.06  
PROF_DETECT_PREFILTER       IPv4       6            70            13936         577616        120783          8.5m  3.00  
PROF_DETECT_PREFILTER       IPv4      17             3           125074         163476        145738        437.2k  0.15  
PROF_DETECT_PF_PAYLOAD      IPv4       1             4            13924          20748         18188         72.8k  0.03  
PROF_DETECT_PF_PAYLOAD      IPv4       6            28            58026         159630         95560          2.7m  0.95  
PROF_DETECT_PF_PAYLOAD      IPv4      17             3            58490         123152         90970        272.9k  0.10  
PROF_DETECT_PF_TX           IPv4       6            42             4554         374894         85984          3.6m  1.28  
PROF_DETECT_PF_TX           IPv4      17             1            22698          22698         22698         22.7k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6            35             6482          39304         14560        509.6k  0.18  
PROF_DETECT_PF_SORT1        IPv4      17             3            11488          14602         13337         40.0k  0.01  
PROF_DETECT_PF_SORT2        IPv4       1             4             4716           7838          6267         25.1k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6            70             4596          17532          6295        440.7k  0.16  
PROF_DETECT_PF_SORT2        IPv4      17             3             7464           9182          8448         25.3k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1             4             5036          12528          7752         31.0k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6            70             4866          24900          5980        418.7k  0.15  
PROF_DETECT_NONMPMLIST      IPv4      17             3             5224           5790          5552         16.7k  0.01  
PROF_DETECT_ALERT           IPv4       1             4            15140          62822         27826        111.3k  0.04  
PROF_DETECT_ALERT           IPv4       6            70             4436          25902          6339        443.8k  0.16  
PROF_DETECT_ALERT           IPv4      17             3            14810          47126         27130         81.4k  0.03  
PROF_DETECT_CLEANUP         IPv4       1             4             4440           5012          4636         18.5k  0.01  
PROF_DETECT_CLEANUP         IPv4       6            70             4528          33824          5740        401.8k  0.14  
PROF_DETECT_CLEANUP         IPv4      17             3             6046           8424          7264         21.8k  0.01  
PROF_DETECT_GETSGH          IPv4       1             4             4662           4736          4709         18.8k  0.01  
PROF_DETECT_GETSGH          IPv4       6            70             4434          10906          5757        403.1k  0.14  
PROF_DETECT_GETSGH          IPv4      17             3            10234         104528         41729        125.2k  0.04  


unified2.alert.1564912045 - (2685 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
4¥Ž@

X¥Ž<RT5'ÓïŠE!X¡t

(gDHCPC4¥Ž ¡

X¥Ž<RT5'ÓïŠE!X¡t

(gDHCPC4¥Ž  

X¥Ž<RT5'ÓïŠE!X¡t

(gDHCPC4Š ¡

XŠ<RT5'ÓïŠE!Y¡s

'gDHCPC4Š  

XŠ<RT5'ÓïŠE!Y¡s

'gDHCPC4Š–@

KŠ–/'ÓïŠRT5E!¡Ë

/gDHCPC4Š– ¸

KŠ–/'ÓïŠRT5E!¡Ë

/gDHCPC4_$£öÂ:=¸
PC_$'E­ÞÂ:=¸
PP¼HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 01 Aug 2019 17:45:49 GMT
Content-Type: text/plain
Content-Length: 1
Connection: keep-alive
Last-Modified: Wed, 03 Apr 2019 13:41:54 GMT
ETag: "1-585a06aa4cc80"
Accept-Ranges: bytes

04	ܔ£öÂ:=¸
PÏ	ܔ³E¥­RÂ:=¸
PPDHTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 01 Aug 2019 17:45:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=7u30lm0ak1gkfdffpe1vric2v1; path=/

0

4
Ok ±

b
OkF'ÓïŠRT5EÀ8
ÿ¢ç

e$Eåe!–

ÿŠŠÑ•ö4"U£öÂ:=¸
P
Ï""U³E¥­RÂ:=¸
P
PϵHTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Thu, 01 Aug 2019 17:45:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=12tgk3re44352oham94e6fv4g6; path=/

0


suricata-4.0.0-etproenall-all-alert-2019-08-04-T-09-47-26-08042019.0932-95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap.txt - (1768 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
05.959886  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
05.959886  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
05.959886  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.231964  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.231964  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.232086  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
07.232086  [**] [1:2100408:6] GPL ICMP_INFO Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
24.352036  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.61.184:80 -> 10.0.2.15:1035
24.515220  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.61.184:80 -> 10.0.2.15:1036
27.020331  [**] [1:2100401:7] GPL ICMP_INFO Destination Unreachable Network Unreachable [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.2:3 -> 10.0.2.15:0
34.363861  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.61.184:80 -> 10.0.2.15:1037


suricata-report-2019-08-04-T-09-47-26-08042019.0932-95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap.txt - (18355 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/1c9ec1428c60cbfa2fe14163233c283951cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08042019.0932-95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap -vvv -k none
elapsedtime:25.279133
stderr:
stdout:
4/8/2019 -- 09:47:01 - <Info> - Configuration node 'rule-files' redefined.
4/8/2019 -- 09:47:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/8/2019 -- 09:47:01 - <Info> - CPUs/cores online: 1
4/8/2019 -- 09:47:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32764 and 'request-body-inspect-window' set to 16426 after randomization.
4/8/2019 -- 09:47:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31384 and 'response-body-inspect-window' set to 15654 after randomization.
4/8/2019 -- 09:47:01 - <Config> - DNS request flood protection level: 500
4/8/2019 -- 09:47:01 - <Config> - DNS per flow memcap (state-memcap): 524288
4/8/2019 -- 09:47:01 - <Config> - DNS global memcap: 16777216
4/8/2019 -- 09:47:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/8/2019 -- 09:47:01 - <Config> - preallocated 1000 hosts of size 136
4/8/2019 -- 09:47:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/8/2019 -- 09:47:01 - <Config> - using magic-file /usr/share/file/magic
4/8/2019 -- 09:47:01 - <Config> - Core dump size is unlimited.
4/8/2019 -- 09:47:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/8/2019 -- 09:47:01 - <Config> - preallocated 1000 defrag trackers of size 168
4/8/2019 -- 09:47:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/8/2019 -- 09:47:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/8/2019 -- 09:47:01 - <Config> - stream "memcap": 33554432
4/8/2019 -- 09:47:01 - <Config> - stream "midstream" session pickups: disabled
4/8/2019 -- 09:47:01 - <Config> - stream "async-oneside": disabled
4/8/2019 -- 09:47:01 - <Config> - stream "checksum-validation": disabled
4/8/2019 -- 09:47:01 - <Config> - stream."inline": disabled
4/8/2019 -- 09:47:01 - <Config> - stream "bypass": disabled
4/8/2019 -- 09:47:01 - <Config> - stream "max-synack-queued": 5
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly "memcap": 134217728
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly "depth": 0
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly "toserver-chunk-size": 2478
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly "toclient-chunk-size": 2603
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly.raw: enabled
4/8/2019 -- 09:47:01 - <Config> - stream.reassembly "segment-prealloc": 2048
4/8/2019 -- 09:47:01 - <Config> - Delayed detect disabled
4/8/2019 -- 09:47:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/8/2019 -- 09:47:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/8/2019 -- 09:47:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/8/2019 -- 09:47:01 - <Config> - prefilter engines: MPM
4/8/2019 -- 09:47:01 - <Config> - IP reputation disabled
4/8/2019 -- 09:47:01 - <Perf> - Registered 148 keyword profiling counters.
4/8/2019 -- 09:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ftp.rules
4/8/2019 -- 09:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-policy.rules
4/8/2019 -- 09:47:01 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-trojan.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-games.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-pop3.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-user_agents.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-activex.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-rpc.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-attack_response.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-scan.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-voip.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-chat.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp_info.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-info.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-shellcode.rules
4/8/2019 -- 09:47:06 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_client.rules
4/8/2019 -- 09:47:07 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-imap.rules
4/8/2019 -- 09:47:07 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_server.rules
4/8/2019 -- 09:47:07 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-current_events.rules
4/8/2019 -- 09:47:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-inappropriate.rules
4/8/2019 -- 09:47:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-smtp.rules
4/8/2019 -- 09:47:10 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_specific_apps.rules
4/8/2019 -- 09:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-malware.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-snmp.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-worm.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dns.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-misc.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-sql.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dos.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-netbios.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-telnet.rules
4/8/2019 -- 09:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-exploit.rules
4/8/2019 -- 09:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-p2p.rules
4/8/2019 -- 09:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tftp.rules
4/8/2019 -- 09:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-mobile_malware.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-botcc.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-compromised.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-drop.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dshield.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tor.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ciarmy.rules
4/8/2019 -- 09:47:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/local.rules
4/8/2019 -- 09:47:15 - <Config> - No rules loaded from local.rules.
4/8/2019 -- 09:47:15 - <Info> - 44 rule files processed. 50693 rules successfully loaded, 0 rules failed
4/8/2019 -- 09:47:15 - <Info> - Threshold config parsed: 0 rule(s) found
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tcp-packet
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tcp-stream
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for udp-packet
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for other-ip
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_uri
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_request_line
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_client_body
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_response_line
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_header
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_header
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_header_names
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_header_names
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_accept
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_accept_enc
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_accept_lang
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_referer
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_connection
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_content_len
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_content_len
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_content_type
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_content_type
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_protocol
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_protocol
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_start
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_start
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_raw_header
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_raw_header
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_method
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_cookie
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_cookie
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_raw_uri
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_user_agent
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_host
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_raw_host
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_stat_msg
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_stat_code
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for dns_query
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tls_sni
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for dce_stub_data
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for dce_stub_data
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for ssh_protocol
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for ssh_protocol
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for ssh_software
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for ssh_software
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for file_data
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for file_data
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_request_line
4/8/2019 -- 09:47:16 - <Perf> - using shared mpm ctx' for http_response_line
4/8/2019 -- 09:47:16 - <Info> - 50718 signatures processed. 1220 are IP-only rules, 21106 are inspecting packet payload, 34612 inspect application layer, 0 are decoder event only
4/8/2019 -- 09:47:16 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/8/2019 -- 09:47:17 - <Perf> - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies
4/8/2019 -- 09:47:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/8/2019 -- 09:47:17 - <Perf> - UDP toserver: 41 port groups, 34 unique SGH's, 7 copies
4/8/2019 -- 09:47:17 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
4/8/2019 -- 09:47:17 - <Perf> - OTHER toserver: 254 proto groups, 7 unique SGH's, 247 copies
4/8/2019 -- 09:47:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/8/2019 -- 09:47:22 - <Perf> - Unique rule groups: 114
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toserver TCP packet": 33
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toclient TCP packet": 18
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toserver TCP stream": 29
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toclient TCP stream": 20
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toserver UDP packet": 33
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "toclient UDP packet": 18
4/8/2019 -- 09:47:22 - <Perf> - Builtin MPM "other IP packet": 4
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_header": 10
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_header": 6
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_start": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_raw_header": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_raw_header": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_method": 5
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_user_agent": 7
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver http_host": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_stat_msg": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient http_stat_code": 3
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toserver file_data": 1
4/8/2019 -- 09:47:22 - <Perf> - AppLayer MPM "toclient file_data": 5
4/8/2019 -- 09:47:25 - <Perf> - Registered 50718 rule profiling counters.
4/8/2019 -- 09:47:25 - <Info> - fast output device (regular) initialized: alert
4/8/2019 -- 09:47:25 - <Info> - eve-log output device (regular) initialized: eve.json
4/8/2019 -- 09:47:25 - <Config> - enabling 'eve-log' module 'alert'
4/8/2019 -- 09:47:25 - <Config> - enabling 'eve-log' module 'http'
4/8/2019 -- 09:47:25 - <Config> - enabl

This file has been truncated. Go here to download in full.


stats.log - (2829 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 8/4/2019 -- 09:47:26 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 80
decoder.bytes                              | Total                     | 9237
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 77
decoder.ethernet                           | Total                     | 80
decoder.tcp                                | Total                     | 70
decoder.udp                                | Total                     | 3
decoder.icmpv4                             | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 115
decoder.max_pkt_size                       | Total                     | 435
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 2
decoder.ethernet.pkt_too_small             | Total                     | 1
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
detect.alert                               | Total                     | 11
detect.mpm_list                            | Total                     | 38
detect.nonmpm_list                         | Total                     | 98
detect.fnonmpm_list                        | Total                     | 53
detect.match_list                          | Total                     | 90
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 1
flow.spare                                 | Total                     | 9999
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (9411 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{"timestamp":"1900-01-00T00:00:05.959886+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:05.959886+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:05.959886+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:07.231964+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:07.231964+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:07.232086+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:07.232086+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100408,"rev":6,"signature":"GPL ICMP_INFO Echo Reply","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:24.209782+0000","flow_id":927685020234614,"pcap_cnt":7,"event_type":"dns","src_ip":"10.0.2.15","src_port":1031,"dest_ip":"10.0.2.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54167,"rrname":"shopstoregame.com","rrtype":"A","tx_id":0}}
{"timestamp":"1900-01-00T00:00:24.253271+0000","flow_id":927685020234614,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"shopstoregame.com","rrtype":"A","ttl":20864,"rdata":"194.58.61.184"}}
{"timestamp":"1900-01-00T00:00:24.253271+0000","flow_id":927685020234614,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"shopstoregame.com","rrtype":"NS","ttl":41728,"rdata":"ns2.site-dns.com"}}
{"timestamp":"1900-01-00T00:00:24.253271+0000","flow_id":927685020234614,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"shopstoregame.com","rrtype":"NS","ttl":41728,"rdata":"ns3.site-dns.com"}}
{"timestamp":"1900-01-00T00:00:24.253271+0000","flow_id":927685020234614,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"shopstoregame.com","rrtype":"NS","ttl":41728,"rdata":"ns1.site-dns.com"}}
{"timestamp":"1900-01-00T00:00:24.352036+0000","flow_id":1340957510922476,"pcap_cnt":16,"event_type":"alert","src_ip":"194.58.61.184","src_port":80,"dest_ip":"10.0.2.15","dest_port":1035,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:24.397754+0000","flow_id":1340957510922476,"pcap_cnt":18,"event_type":"http","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/mycount.txt","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:24.397754+0000","flow_id":1340957510922476,"pcap_cnt":18,"event_type":"fileinfo","src_ip":"194.58.61.184","src_port":80,"dest_ip":"10.0.2.15","dest_port":1035,"proto":"TCP","http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/mycount.txt","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1},"app_proto":"http","fileinfo":{"filename":"\/adminpanel\/mycount.txt","gaps":false,"state":"CLOSED","stored":false,"size":1,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:24.515220+0000","flow_id":1896988271999702,"pcap_cnt":26,"event_type":"alert","src_ip":"194.58.61.184","src_port":80,"dest_ip":"10.0.2.15","dest_port":1036,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:24.560590+0000","flow_id":1896988271999702,"pcap_cnt":27,"event_type":"http","src_ip":"10.0.2.15","src_port":1036,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:27.020331+0000","flow_id":909983312727809,"pcap_cnt":30,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":3,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100401,"rev":7,"signature":"GPL ICMP_INFO Destination Unreachable Network Unreachable","category":"Misc activity","severity":3},"app_proto":"failed"}
{"timestamp":"1900-01-00T00:00:34.363861+0000","flow_id":818872024448322,"pcap_cnt":38,"event_type":"alert","src_ip":"194.58.61.184","src_port":80,"dest_ip":"10.0.2.15","dest_port":1037,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:34.408987+0000","flow_id":818872024448322,"pcap_cnt":39,"event_type":"http","src_ip":"10.0.2.15","src_port":1037,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:44.414189+0000","flow_id":2028693445430320,"pcap_cnt":49,"event_type":"http","src_ip":"10.0.2.15","src_port":1038,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:54.423232+0000","flow_id":1581155706363513,"pcap_cnt":59,"event_type":"http","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1970-01-01T00:01:04.444213+0000","flow_id":964958896549743,"pcap_cnt":69,"event_type":"http","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1970-01-01T00:01:14.426806+0000","flow_id":1900018374704677,"pcap_cnt":79,"event_type":"http","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"194.58.61.184","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"shopstoregame.com","url":"\/adminpanel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}


keyword_perf.log - (15345 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/4/2019 -- 09:47:26
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              347722          70              0               27230           4967.00         0.00            4967.00        
  window           66678           14              0               5694            4762.00         0.00            4762.00        
  ipopts           256238          50              0               22256           5124.00         0.00            5124.00        
  flags            735442          147             14              25622           5003.00         5802.00         4918.00        
  fragbits         1151204         234             147             22052           4919.00         4937.00         4888.00        
  fragoffset       161276          35              0               5002            4607.00         0.00            4607.00        
  ttl              243348          44              2               20062           5530.00         5567.00         5528.00        
  itype            698030          145             7               17122           4814.00         4867.00         4811.00        
  icode            1500020         313             116             20706           4792.00         4837.00         4766.00        
  icmp_id          43000           8               0               6732            5375.00         0.00            5375.00        
  dsize            559994          112             112             21684           4999.00         4999.00         0.00           
  flow             6055594         1141            1127            70564           5307.00         5296.00         6156.00        
  threshold        154040          15              5               40942           10269.00        14487.00        8160.00        
  content          32879172        6485            1972            164164          5070.00         5541.00         4864.00        
  pcre             13926354        2225            2               56350           6259.00         11648.00        6254.00        
  byte_test        2587888         446             208             424532          5802.00         6828.00         4905.00        
  byte_jump        5434            1               1               5434            5434.00         5434.00         0.00           
  sameip           360600          77              0               7510            4683.00         0.00            4683.00        
  isdataat         182776          36              12              18292           5077.00         4665.00         5282.00        
  flowbits         2392864         475             23              23282           5037.00         5442.00         5017.00        
  urilen           1885944         373             235             21028           5056.00         5000.00         5150.00        
  byte_extract     70256           14              7               6246            5018.00         5614.00         4422.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              347722          70              0               27230           4967.00         0.00            4967.00        
  window           66678           14              0               5694            4762.00         0.00            4762.00        
  ipopts           256238          50              0               22256           5124.00         0.00            5124.00        
  flags            735442          147             14              25622           5003.00         5802.00         4918.00        
  fragbits         1151204         234             147             22052           4919.00         4937.00         4888.00        
  fragoffset       161276          35              0               5002            4607.00         0.00            4607.00        
  ttl              243348          44              2               20062           5530.00         5567.00         5528.00        
  itype            698030          145             7               17122           4814.00         4867.00         4811.00        
  icode            1500020         313             116             20706           4792.00         4837.00         4766.00        
  icmp_id          43000           8               0               6732            5375.00         0.00            5375.00        
  dsize            559994          112             112             21684           4999.00         4999.00         0.00           
  flow             6055594         1141            1127            70564           5307.00         5296.00         6156.00        
  sameip           360600          77              0               7510            4683.00         0.00            4683.00        
  flowbits         2306404         460             8               23282           5013.00         4839.00         5017.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25692712        5249            1094            164164          4894.00         5320.00         4782.00        
  pcre             10539958        1783            0               56350           5911.00         0.00            5911.00        
  byte_test        2587888         446             208             424532          5802.00         6828.00         4905.00        
  byte_jump        5434            1               1               5434            5434.00         5434.00         0.00           
  isdataat         182776          36              12              18292           5077.00         4665.00         5282.00        
  byte_extract     70256           14              7               6246            5018.00         5614.00         4422.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         86460           15              15              6754            5764.00         5764.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        154040          15              5               40942           10269.00        14487.00        8160.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3754434         640             459             25810           5866.00         5877.00         5838.00        
  pcre             2484528         318             2               39974           7812.00         11648.00        7788.00        
  urilen           1885944         373             235             21028           5056.00         5000.00         5150.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35480           7               0               5774            5068.00         0.00            5068.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9764            2               0               5028            4882.00         0.00            4882.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2611380         447             342             28752           5842.00         5846.00         5826.00        
  pcre             681628          89              0               20216           7658.00         0.00            7658.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          49658           8               0               7312            6207.00         0.00            6207.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          62578           12              12              5802            5214.00         5214.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          234348          44              8               20586           5326.00         5570.00         5271.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          338432          63              56              7002            5371.00         5305.00         5907.00        
  pcre             220240          35              0               13966           6292.00         0.00            6292.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          90386           13              1               26588           6952.00         5796.00         7049.00        


IDSDeathBlossom.py.log - (1219 bytes) - download
1
2
3
4
5
6
7
8
2019-08-04 09:47:00,265 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-04 09:47:01,039 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-04 09:47:01,039 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etproenall-all
2019-08-04 09:47:01,040 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-04 09:47:01,040 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-04 09:47:01,040 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/1c9ec1428c60cbfa2fe14163233c283951cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08042019.0932-95d85c385d1870d5f28f5a68ef6e02ad869ba9b07ecdffb2cfeddfc47ef1bce1.pcap -vvv -k none
2019-08-04 09:47:26,321 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-04 09:47:26,322 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.0701839924