Filename: rdpTimeShift.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 11.0211939812 seconds
Hash: 243593a222454f6a302c7799f85d7cad
Uploaded: 1566428644

Logfiles


unified2.alert.1566428652 - (4171 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
4]6’§Ï‰²À¨6‚À¨6
=ë3q]6’§]6’§ÏUPVÀ)FøÁEGW@€
†À¨6‚À¨6
=ë3fźûE(–€É6
›Â>uw*Ð44]6’´Œ‰²À¨6‚À¨6
=ë3e]6’´]6’´ŒIE;ÌéÀ¨6‚À¨6
=ë3P¤iÐ4œ]6’´]6’´Œ€ErɲÀ¨6‚À¨6
=ë3P©×EM\åQã­µ… çŸ£®æ_Bâ.>æ¸PÑaùQx¶žtz ô-ߙIi¤_&_ÆS¶Ï¶´–ŠåΙÞí/ÿìéæ0‚â0‚Ê 3*4_ª!ߣFÀ~n;ÿS0
	*†H†÷
010UWIN-S3427JHLOSJ0
190521132121Z
191120132121Z010UWIN-S3427JHLOSJ0‚"0
	*†H†÷
‚0‚
‚´‡íämP1‰Ká–^¿ð¦“Hj8öèkƒ³ïFrÔ@ü?á—%ftZØ	n´;	I¨²˜éÞ7Ú¨	€`^øí질¸ÙÕmtøÙoù7¥ã•gN²!øI¹Z`8“@Hš{Å-Ҋ,n‘0‡zîH•Nþ%&é’iæ
ͯ!³™Záû$„M<ãݛãD“×;;nv)¸0}tùŠØ‘…
›XÙ"ràÙi!È'UI^G—giéA±Ñ&Óu±ÝŽ—Íñ>DE¹Ôp`õ9/bWô¶Ù*_,ÛÀOÿsF5`¥~5›–Š~·ý=6+è§{\â›£$0"0U%0
+0U00
	*†H†÷
‚gø>ŽóïÔ Œ(®¿ÝØ°Ñßxòšá U>£©cŒëq˜MGf\ØØ͋ÿÊݟ"`
å4Yc¿8ÅåòfJxÄXvå¹*¶.:p‡× ´…1ørG¥S«ÖÝÅíPÃقE*/kruâ$;hn-lbæ%Nš(‰Ka3lüja‰ÞÝ7‘t’–A«ží+YÖ+d–$ õÁN7‡ÚòNrÛù-­Ñaÿ¢J†ägwÞzÉv Ï?uØáŸ+qp"PW”¿ö—OÏz߉WÅLü4¢èŸNé&›!meƒ2Y
UìsքEÎR~•pSbÚ,ö„Yo]6’´]6’´ŒqEcÌÁÀ¨6‚À¨6
=ë3Pk†0\ó«¿Ì{e×UñӐã®|È÷ŸC‡¤wæÔ¼¹‹FÍÔ/Js'KDOo×E÷w]6’´]6’´Œ[EMË×À¨6‚À¨6
=ë3Pé‹ üƒe°6ÄV–¨8E$õ ­á(Ø zo>ЗY©)•ÆAÎÑS1³—Ðœác±ù°w›±ÿ¹ÜÿíÄñ(Ë(ÃxäTÊÙEr”*ô
P†i
dÐs%YD⚨©âù(Ú[‘†Ðu€híšãL;Óô²
N›J­&}Ú_°xeK+ ýóUÖz²SÙ8£Ÿ™q•xË}vӇ¸Mº³zx,]Æ;ø0¢v[²‘nš>-—ÕýužÔJ–`–"ÆÚ'<IÉ6ýåa‡ÐOjÄnr:Xó}–1ßÀê² ÈbÙóLíEé‚Up,ݳ¿hè5Lâ4¼„z¦Aôml£Z}-›KÎò‡—tù~Ó@ú	¶Æþ|0I¡JÐ튘§]6’´]6’´Œ‹E}˧À¨6‚À¨6
=ë3Pe³P¹¶«!®ê¢´Á‹&FÄÔlÆ9¹mxî÷´ÓY/¦.\‹;‹vؘ´Èp¬éä|ïR=gÓIþ•=œ?p·¯í¶å¼ã¼ýWjfÇ
h
ȃÌ"Ës
X|8F›oÕC \²¼ïݾ˽³ÿÔN"e?ܼdÈ:²Ùˆýñ
ý49^Çʁ͔É$¨²‰æ§šà“¯ýA‰BêîˆÓï&Ë%Þj«dڞÅO8Ø,¶'emßCD@Š°oëéÍí|DŠHki4=¯*<Ò±Ž§~ÿ¿ÌgoG“àZùˆuø&³íšª'”œ•¤÷$4ÿ: ³†cùZ)0=øgµ5
v^×„`Ù]Öì76þõkðƒ9ÛOdÓÚ½+ÚÿÖyÄ@‘Ø•ñjZ/sq8¬×U7h”yöÆ"áÕl@Š¬g!¥¯ç]6’´]6’´ŒËE½ÌgÀ¨6‚À¨6
=ë3P/V
¶/Sžñ‰ëÅNí…ñ}†§*èF#uW¿§`á×¹Œ0š%—³]3Ûàb~¬­Gþ)Ád˜f2ª7„ªC×û>.TT¯:¡k%¨óXf]õ»Y¹VJ„ðWzý¸ä6ˆžf˜you§³e°Öª¼u솧ö/-hÞ2S —ÐK²Ÿ
õ<ZÓ°w]6’´]6’´Œ[EMÌ×À¨6‚À¨6
=ë3Pñ pß(R0ٙú%#¯X¿Ÿ­á ª	°Z;4°‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P›[0³k-閑aÀÀ2ø¤Y…e#Þ_PþªûÃPÝaä؟E­¬§í­K\•SJO<‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P‹ò0•Ÿtºa£4åT.ÎÆÞ¶o•;ˆ.¼µÖSdú%!]Œ¹ŸFÍØž¸Ÿäî‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P¸0{žgó>Jáa˜iX,$féû#Õù4¨3$áq7wOðŽ´$+Ç+ë©A½kïŒažÖ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P“;0Ո«@YÀ‰+éÁÓï&QdF’*.º
a¡Ã™Hû^Šû{fWlWI´ZºÃ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P	n0AñòÒÓ/&¬4ŸLFHw¢ù^,¥K÷P¿]ß1«¡ò”M«‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3PÐÂ0òòRWù£^&]DkjÓnWŒ=ïP+l=0¯§hxÛ¢1®}4ÆI‘y@G~Û@pn—]6’´]6’´Œ{EmÌ·À¨6‚À¨6
=ë3PÚî@›‘G¤qå·h<0ÉF.‚‡iMßÿ"ý[ØäÖJßfräì'ÌÖ²äQ7GÁ;ëF|ºšÿcðß\ǦÁ±‹†Xù\Eò]6’´]6’´ŒûEíË7À¨6‚À¨6
=ë3Pl6ÀO‹€’Ö);{Ë@ÒäØÒ<ƒE˦ù
I¾ké6©2#µ#ˆbÂ
”#§e#i8¸@ /~«×ÓþFWG[h•ïæ寁'›®Š'&ýMŒœüÔý"{Õe*ˆ,¶ÉžÈ©ÇÎß`xy##?ÄZ»[où2[·ŠÒÑÖr~_¥H-øijS#’tù7Cì³¼ÔLmVŒÐzÅ5©ÉTˆ*Л•»(³Eš‡»f"³ÁÒT~½ðŽú=þO7P5h«Ðñí9ÁÁª–ebœTÖYÍ#-?.ÇóÍ5˜õiP9ü…Zë¬bùLf>´¦â<½o†ìÇúːYÎXü8I@ÅoáHF§Õ9Ǩ]˜óۖÃL†öÏÏíj7lzÒUϑj%é¦Ùv8<¾ê;0L/
η}ÄõÖpTÙJàûs7-ËKG	ߋs¹§<ú̅ –+äƒt¡uÖÁøU¿%ÔOxÕ¦enlç‘IcZXuއ‚…#¤—ë LáoÇ.êgèXŠ~7W›;(ÛÜf§üHSvâ2Òò WúJômÚ·îV9Æñ†’½h(`


suricata-report-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (18078 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cadd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
elapsedtime:9.894621
stderr:
stdout:
21/8/2019 -- 23:04:05 - <Info> - Configuration node 'rule-files' redefined.
21/8/2019 -- 23:04:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/8/2019 -- 23:04:05 - <Info> - CPUs/cores online: 1
21/8/2019 -- 23:04:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34101 and 'request-body-inspect-window' set to 16908 after randomization.
21/8/2019 -- 23:04:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32959 and 'response-body-inspect-window' set to 16382 after randomization.
21/8/2019 -- 23:04:05 - <Config> - DNS request flood protection level: 500
21/8/2019 -- 23:04:05 - <Config> - DNS per flow memcap (state-memcap): 524288
21/8/2019 -- 23:04:05 - <Config> - DNS global memcap: 16777216
21/8/2019 -- 23:04:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/8/2019 -- 23:04:05 - <Config> - preallocated 1000 hosts of size 136
21/8/2019 -- 23:04:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/8/2019 -- 23:04:05 - <Config> - using magic-file /usr/share/file/magic
21/8/2019 -- 23:04:05 - <Config> - Core dump size is unlimited.
21/8/2019 -- 23:04:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/8/2019 -- 23:04:05 - <Config> - preallocated 1000 defrag trackers of size 168
21/8/2019 -- 23:04:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/8/2019 -- 23:04:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/8/2019 -- 23:04:05 - <Config> - stream "memcap": 33554432
21/8/2019 -- 23:04:05 - <Config> - stream "midstream" session pickups: disabled
21/8/2019 -- 23:04:05 - <Config> - stream "async-oneside": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "checksum-validation": disabled
21/8/2019 -- 23:04:05 - <Config> - stream."inline": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "bypass": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "max-synack-queued": 5
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "memcap": 134217728
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "depth": 0
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "toserver-chunk-size": 2593
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "toclient-chunk-size": 2576
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly.raw: enabled
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "segment-prealloc": 2048
21/8/2019 -- 23:04:05 - <Config> - Delayed detect disabled
21/8/2019 -- 23:04:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/8/2019 -- 23:04:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/8/2019 -- 23:04:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/8/2019 -- 23:04:05 - <Config> - prefilter engines: MPM
21/8/2019 -- 23:04:05 - <Config> - IP reputation disabled
21/8/2019 -- 23:04:05 - <Perf> - Registered 148 keyword profiling counters.
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
21/8/2019 -- 23:04:07 - <Config> - No rules loaded from ET-emerging-icmp.rules.
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
21/8/2019 -- 23:04:10 - <Config> - No rules loaded from local.rules.
21/8/2019 -- 23:04:10 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
21/8/2019 -- 23:04:10 - <Info> - Threshold config parsed: 0 rule(s) found
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tcp-packet
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tcp-stream
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for udp-packet
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for other-ip
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_uri
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_request_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_client_body
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_response_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header_names
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header_names
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept_enc
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept_lang
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_referer
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_connection
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_len
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_len
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_type
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_type
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_start
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_start
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_method
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_cookie
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_cookie
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_uri
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_user_agent
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_host
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_host
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_stat_msg
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_stat_code
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dns_query
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_sni
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dce_stub_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dce_stub_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_software
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_software
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for file_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for file_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_request_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_response_line
21/8/2019 -- 23:04:11 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
21/8/2019 -- 23:04:11 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/8/2019 -- 23:04:11 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/8/2019 -- 23:04:11 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/8/2019 -- 23:04:11 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
21/8/2019 -- 23:04:11 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
21/8/2019 -- 23:04:11 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/8/2019 -- 23:04:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/8/2019 -- 23:04:12 - <Perf> - Unique rule groups: 111
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver UDP packet": 33
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient UDP packet": 15
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "other IP packet": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_header": 6
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_header": 3
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_header_names": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_start": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_method": 3
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_host": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver tls_sni": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver file_data": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient file_data": 5
21/8/2019 -- 23:04:12 - <Perf> - Registered 18241 rule profiling counters.
21/8/2019 -- 23:04:12 - <Info> - fast output device (regular) initialized: alert
21/8/2019 -- 23:04:12 - <Info> - eve-log output device (regular) initialized: eve.json
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'alert'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'http'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'dns'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'tls'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'files'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'ssh'
21/8/2019 -- 23:04:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/8/2019 -- 23:04:12 - <Info> - s

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (8150 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 --------------------------------------------------------------------------
 Date: 8/21/2019 -- 23:04:15. Sorted by: max ticks.
 --------------------------------------------------------------------------
  Num   Rule     Gid   Rev   Ticks    %   Checks  Matches Max Ticks  Avg Ticks  Avg Match  Avg No Match
 -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
 1    2014386   1    2    48461354   47.67 1025   1    14275730  47279.37  43844.00  47282.72  
 2    2001330   1    8    39262914   38.62 2092   2    2786866   18768.12  40501.00  18747.33  
 3    2018382   1    8    482012    0.47  63    0    109266   7650.98   0.00    7650.98  
 4    2018789   1    3    86650    0.09  1    0    86650    86650.00  0.00    86650.00  
 5    2018375   1    3    1474972   1.45  63    0    85396    23412.25  0.00    23412.25  
 6    2017548   1    6    1643728   1.62  45    0    75062    36527.29  0.00    36527.29  
 7    2018477   1    1    576434    0.57  102   0    68162    5651.31   0.00    5651.31  
 8    2018373   1    3    1450362   1.43  63    0    64154    23021.62  0.00    23021.62  
 9    2012236   1    2    244438    0.24  41    0    52912    5961.90   0.00    5961.90  
 10    2001972   1    20    51236    0.05  1    1    51236    51236.00  51236.00  0.00    
 11    2014385   1    5    46952    0.05  1    1    46952    46952.00  46952.00  0.00    
 12    2020786   1    4    35790    0.04  1    0    35790    35790.00  0.00    35790.00  
 13    2103159   1    4    59802    0.06  5    0    34872    11960.40  0.00    11960.40  
 14    2021151   1    1    259468    0.26  48    0    34752    5405.58   0.00    5405.58  
 15    2018377   1    3    1363850   1.34  63    0    32032    21648.41  0.00    21648.41  
 16    2022132   1    1    58326    0.06  2    0    31910    29163.00  0.00    29163.00  
 17    2018077   1    5    30244    0.03  1    0    30244    30244.00  0.00    30244.00  
 18    2020783   1    3    28770    0.03  1    0    28770    28770.00  0.00    28770.00  
 19    2020692   1    1    28000    0.03  1    0    28000    28000.00  0.00    28000.00  
 20    2020788   1    2    53938    0.05  2    0    27900    26969.00  0.00    26969.00  
 21    2018638   1    2    27494    0.03  1    0    27494    27494.00  0.00    27494.00  
 22    2103158   1    6    712982    0.70  136   0    27384    5242.51   0.00    5242.51  
 23    2020765   1    2    27220    0.03  1    0    27220    27220.00  0.00    27220.00  
 24    2021701   1    1    425738    0.42  79    0    26640    5389.09   0.00    5389.09  
 25    2013479   1    5    26392    0.03  1    1    26392    26392.00  26392.00  0.00    
 26    2020774   1    2    25540    0.03  1    0    25540    25540.00  0.00    25540.00  
 27    2022547   1    1    442028    0.43  86    0    24152    5139.86   0.00    5139.86  
 28    2018292   1    1    213828    0.21  40    0    24086    5345.70   0.00    5345.70  
 29    2024776   1    1    538180    0.53  94    0    23850    5725.32   0.00    5725.32  
 30    2024778   1    1    470522    0.46  86    0    22206    5471.19   0.00    5471.19  
 31    2009387   1    4    270430    0.27  47    0    22138    5753.83   0.00    5753.83  
 32    2024777   1    2    341886    0.34  63    0    21616    5426.76   0.00    5426.76  
 33    2015986   1    5    140742    0.14  25    0    21440    5629.68   0.00    5629.68  
 34    2021702   1    1    404958    0.40  79    0    21396    5126.05   0.00    5126.05  
 35    2014130   1    2    188002    0.18  37    0    20646    5081.14   0.00    5081.14  
 36    2014384   1    8    24074    0.02  2    0    19532    12037.00  0.00    12037.00  
 37    2020371   1    2    36874    0.04  2    0    19520    18437.00  0.00    18437.00  
 38    2018069   1    1    17122    0.02  1    0    17122    17122.00  0.00    17122.00  
 39    2018487   1    4    15636    0.02  1    0    15636    15636.00  0.00    15636.00  
 40    2019313   1    3    212474    0.21  39    0    8952    5448.05   0.00    5448.05  
 41    2024775   1    1    476606    0.47  94    0    8582    5070.28   0.00    5070.28  
 42    2020661   1    3    462296    0.45  85    0    8362    5438.78   0.00    5438.78  
 43    2100327   1    10    18360    0.02  3    0    7072    6120.00   0.00    6120.00  
 44    2102190   1    5    132886    0.13  26    0    6786    5111.00   0.00    5111.00  
 45    2018063   1    3    6266     0.01  1    0    6266    6266.00   0.00    6266.00  
 46    2021152   1    1    220112    0.22  46    0    5730    4785.04   0.00    4785.04  
 47    2102523   1    8    5662     0.01  1    0    5662    5662.00   0.00    5662.00  
 48    2102523   1    8    5622     0.01  1    0    5622    5622.00   0.00    5622.00  
 49    2018067   1    3    5510     0.01  1    0    5510    5510.00   0.00    5510.00  
 50    2018558   1    5    5384     0.01  1    0    5384    5384.00   0.00    5384.00  
 51    2018281   1    4    5370     0.01  1    0    5370    5370.00   0.00    5370.00  
 52    2017935   1    3    9868     0.01  2    0    5364    4934.00   0.00    4934.00  
 53    2019809   1    2    10558    0.01  2    0    5304    5279.00   0.00    5279.00  
 54    2021978   1    6    5274     0.01  1    0    5274    5274.00   0.00    5274.00  
 55    2008302   1    3    10160    0.01  2    0    5216    5080.00   0.00    5080.00  
 56    2008306   1    3    10174    0.01  2    0    5178    5087.00   0.00    5087.00  
 57    2103238   1    4    4972     0.00  1    0    4972    4972.00   0.00    4972.00  
 58    2018625   1    5    4502     0.00  1    0    4502    4502.00   0.00    4502.00  
 59    2022868   1    4    4484     0.00  1    0    4484    4484.00   0.00    4484.00  
 60    2021976   1    2    4444     0.00  1    0    4444    4444.00   0.00    4444.00  


packet_stats.log - (5062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Packet profile dump:

IP ver  Proto  cnt      min      max      avg      tot      %% 
------  -----  ----------   ------------  ------------  -----------  -----------  ---
 IPv4    6     3231      619938   620718168   425219391    1373.9b 100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module       IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---
TMM_FLOWWORKER       IPv4    6     3231      113914    30362380    258500    835.2m  90.05
TMM_RECEIVEPCAPFILE     IPv4    6     3230       4434     185776     5203     16.8m  1.81
TMM_DECODEPCAPFILE     IPv4    6     3230       4574    21905296     23368     75.5m  8.14

Flow Worker      IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 
flow          IPv4    6     3230       4708    2684338     6421     20.7m 2.83 
stream         IPv4    6     3231       4644    2814464     7456     24.1m 3.29 
detect         IPv4    6     3231      76922    30314862    200284    647.1m 88.31 
tcp-prune        IPv4    6     3231       4450    23896184     12646     40.9m 5.58 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer       IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 

Log Thread Module     IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---

Logger/output stats:

Logger           IP ver  Proto  cnt      min      max      avg      tot     
------------------------  ------  -----  ----------   ------------  ------------  -----------  ----------- 
LOGGER_ALERT_FAST      IPv4    6       2      88088     217436    152762    305.5k 4.54 
LOGGER_UNIFIED2       IPv4    6       2      80584     197214    138899    277.8k 4.12 
LOGGER_JSON_ALERT      IPv4    6       2      104404    6046798    3075601     6.2m 91.34 

Prefilter            IP ver  Proto  cnt      min      max      avg      tot     %% 
--------------------       ------  -----  ----------   ------------  ------------  -----------  ---------  ---
payload              IPv4    6     2285       4514    6336770     23827    54.4m 45.11 
stream              IPv4    6     2285       4422     694140     28991    66.2m 54.89 
Total               IPv4         4570                     26409    120.7m

General detection engine stats:

Detection phase      IP ver  Proto  cnt      min      max      avg      tot     
------------------------  ------  -----  ----------   ------------  ------------  -----------  ----------- 
PROF_DETECT_IPONLY     IPv4    6       2      23308     100912     62110    124.2k 0.02 
PROF_DETECT_RULES      IPv4    6     3231       4438    14287134     44203    142.8m 21.49 
PROF_DETECT_STATEFUL_CONT  IPv4    6     3231       4394     135968     5102     16.5m 2.48 
PROF_DETECT_PREFILTER    IPv4    6     3231      13414    11902330     74901    242.0m 36.42 
PROF_DETECT_PF_PAYLOAD   IPv4    6     2285      22806    6355840     67862    155.1m 23.34 
PROF_DETECT_PF_SORT1    IPv4    6      893       4420     42856     5135     4.6m 0.69 
PROF_DETECT_PF_SORT2    IPv4    6     3231       4420    11892910     8801     28.4m 4.28 
PROF_DETECT_NONMPMLIST   IPv4    6     3231       4414     67536     5072     16.4m 2.47 
PROF_DETECT_ALERT      IPv4    6     3231       4416    5458662     6805     22.0m 3.31 
PROF_DETECT_CLEANUP     IPv4    6     3231       4444    2675502     6062     19.6m 2.95 
PROF_DETECT_GETSGH     IPv4    6     3231       4414     90448     5252     17.0m 2.55 


suricata-4.0.0-etopen-all-alert-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (358 bytes) - download
1
2
07/23/2019-04:52:55.380696 [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211
07/23/2019-04:53:08.918412 [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211


stats.log - (2463 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 8/21/2019 -- 23:04:15 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                  | TM Name          | Value
------------------------------------------------------------------------------------
decoder.pkts                | Total           | 3230
decoder.bytes               | Total           | 3068249
decoder.ipv4                | Total           | 3230
decoder.ethernet              | Total           | 3230
decoder.tcp                | Total           | 3230
decoder.avg_pkt_size            | Total           | 949
decoder.max_pkt_size            | Total           | 1514
flow.tcp                  | Total           | 1
tcp.sessions                | Total           | 1
tcp.syn                  | Total           | 1
tcp.synack                 | Total           | 1
tcp.rst                  | Total           | 1
tcp.overlap                | Total           | 5
detect.alert                | Total           | 2
detect.mpm_list              | Total           | 1
detect.nonmpm_list             | Total           | 2
detect.match_list             | Total           | 1
app_layer.flow.failed_tcp         | Total           | 1
flow.spare                 | Total           | 10000
flow_mgr.flows_checked           | Total           | 1
flow_mgr.flows_notimeout          | Total           | 1
flow_mgr.rows_checked           | Total           | 65536
flow_mgr.rows_skipped           | Total           | 65535
flow_mgr.rows_maxlen            | Total           | 1
tcp.memuse                 | Total           | 573440
tcp.reassembly_memuse           | Total           | 81920
flow.memuse                | Total           | 7074592


eve.json - (746 bytes) - download
1
2
{"timestamp":"2019-07-23T04:52:55.380696+0000","flow_id":469347896635073,"pcap_cnt":6,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}}
{"timestamp":"2019-07-23T04:53:08.918412+0000","flow_id":469347896635073,"pcap_cnt":58,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3},"app_proto":"failed"}


keyword_perf.log - (4873 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 --------------------------------------------------------------------------------------------------------------------------------
 Date: 8/21/2019 -- 23:04:15
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: total
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flags      27002      4        3        9954      6750.00     6556.00     7334.00    
 flow       5209360     1029      1029      74796      5062.00     5062.00     0.00      
 threshold    48276      2        0        43186      24138.00    0.00      24138.00    
 content     17538400    2808      61       2775306     6245.00     10607.00    6149.00    
 pcre       39338      2        0        34654      19669.00    0.00      19669.00    
 byte_jump    321172     54       0        23816      5947.00     0.00      5947.00    
 flowbits     5270950     1028      5        38342      5127.00     5527.00     5125.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flags      27002      4        3        9954      6750.00     6556.00     7334.00    
 flow       5209360     1029      1029      74796      5062.00     5062.00     0.00      
 flowbits     5254032     1025      2        38342      5125.00     5359.00     5125.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet/stream payload
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     17538400    2808      61       2775306     6245.00     10607.00    6149.00    
 pcre       39338      2        0        34654      19669.00    0.00      19669.00    
 byte_jump    321172     54       0        23816      5947.00     0.00      5947.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: post-match
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flowbits     16918      3        3        6792      5639.00     5639.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: threshold
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 threshold    48276      2        0        43186      24138.00    0.00      24138.00    


IDSDeathBlossom.py.log - (1154 bytes) - download
1
2
3
4
5
6
7
8
2019-08-21 23:04:04,447 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-21 23:04:05,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-21 23:04:05,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-08-21 23:04:05,311 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-21 23:04:05,311 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-21 23:04:05,311 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cadd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
2019-08-21 23:04:15,209 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-21 23:04:15,210 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.774091959