Filename: Heartbleed.pcap
Status: Analysis complete
IDS: suricata-2.0
Ruleset: etopen-all
Runtime: 10.8912110329 seconds
Hash: 36a1867b53d58ba14bfbab7fa0d1bad9
Uploaded: 1566430346

Logfiles


packet_stats.log - (3876 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            23           136350        1471956        313289          7.2m  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_RECEIVEPCAPFILE         IPv4       6            23             4714          60748         10666        245.3k    3.88
TMM_DECODEPCAPFILE          IPv4       6            23             5336          77828         10364        238.4k    3.77
TMM_DETECT                  IPv4       6            23            68778         424032        160488          3.7m   58.43
TMM_STREAMTCP               IPv4       6            23             5632         848856         56891          1.3m   20.71
TMM_PACKETLOGGER            IPv4       6            23             4614         489274         26598        611.8k    9.68
TMM_TXLOGGER                IPv4       6            23             4516           5696          4786        110.1k    1.74
TMM_FILELOGGER              IPv4       6            23             4520           6640          4869        112.0k    1.77
Note: TMM_STREAMTCP includes TCP app layer parsers, see below.

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             5             7630         836064        181138        905.7k  100.00
Proto detect            IPv4       6             2            25284          49402         37343         74.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_JSONTLSLOG              IPv4       6             1           476824         476824        476824        476.8k  100.00

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_MPM             IPv4       6            23             4478         285094         72242          1.7m  39.12 
PROF_DETECT_MPM_PACKET      IPv4       6             9            13838         209860         54705        492.3k  11.59 
PROF_DETECT_MPM_STREAM      IPv4       6             6            63242         275832        164276        985.7k  23.21 
PROF_DETECT_IPONLY          IPv4       6             2            71058         101886         86472        172.9k  4.07  
PROF_DETECT_RULES           IPv4       6            23             4398          73402          7780        178.9k  4.21  
PROF_DETECT_STATEFUL        IPv4       6            23             4412          43370          8250        189.8k  4.47  
PROF_DETECT_PREFILTER       IPv4       6            23             4634          25170          6712        154.4k  3.64  
PROF_DETECT_ALERT           IPv4       6            23             4456          18964          5483        126.1k  2.97  
PROF_DETECT_CLEANUP         IPv4       6            23             4760          20992          6198        142.6k  3.36  
PROF_DETECT_GETSGH          IPv4       6            23             4410          24816          6220        143.1k  3.37  


suricata-report-2019-08-21-T-23-32-36-08212019.2332-Heartbleed.pcap.txt - (7958 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
lastcmd:ulimit -c unlimited; /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-all.yaml -l /var/www/html/36a1867b53d58ba14bfbab7fa0d1bad9e7c16aaa885e55a37aab53d36a09e0a5 -r /var/pcap/08212019.2332-Heartbleed.pcap -vvv --runmode=single -k none
elapsedtime:9.898321
stderr:
21/8/2019 -- 23:32:32 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
stdout:
21/8/2019 -- 23:32:27 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
21/8/2019 -- 23:32:27 - <Notice> - This is Suricata version 2.0 RELEASE
21/8/2019 -- 23:32:27 - <Info> - CPUs/cores online: 1
21/8/2019 -- 23:32:27 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
21/8/2019 -- 23:32:27 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
21/8/2019 -- 23:32:27 - <Info> - DNS request flood protection level: 500
21/8/2019 -- 23:32:27 - <Info> - DNS per flow memcap (state-memcap): 524288
21/8/2019 -- 23:32:27 - <Info> - DNS global memcap: 16777216
21/8/2019 -- 23:32:27 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/8/2019 -- 23:32:27 - <Info> - preallocated 1000 defrag trackers of size 152
21/8/2019 -- 23:32:27 - <Info> - defrag memory usage: 3822016 bytes, maximum: 33554432
21/8/2019 -- 23:32:27 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
21/8/2019 -- 23:32:27 - <Info> - preallocated 1024 packets. Total memory 3573760
21/8/2019 -- 23:32:27 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/8/2019 -- 23:32:27 - <Info> - preallocated 1000 hosts of size 112
21/8/2019 -- 23:32:27 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
21/8/2019 -- 23:32:27 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
21/8/2019 -- 23:32:27 - <Info> - preallocated 10000 flows of size 280
21/8/2019 -- 23:32:27 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
21/8/2019 -- 23:32:27 - <Info> - IP reputation disabled
21/8/2019 -- 23:32:27 - <Info> - Registered 106 keyword profiling counters.
21/8/2019 -- 23:32:27 - <Info> - using magic-file /usr/share/file/magic
21/8/2019 -- 23:32:27 - <Info> - Delayed detect disabled
21/8/2019 -- 23:32:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
21/8/2019 -- 23:32:32 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
21/8/2019 -- 23:32:32 - <Info> - 45 rule files processed. 18223 rules successfully loaded, 0 rules failed
21/8/2019 -- 23:32:32 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
21/8/2019 -- 23:32:32 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
21/8/2019 -- 23:32:32 - <Info> - building signature grouping structure, stage 2: building source address list... complete
21/8/2019 -- 23:32:35 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
21/8/2019 -- 23:32:36 - <Info> - Registered 18228 rule profiling counters.
21/8/2019 -- 23:32:36 - <Info> - Threshold config parsed: 0 rule(s) found
21/8/2019 -- 23:32:36 - <Info> - Core dump size is unlimited.
21/8/2019 -- 23:32:36 - <Info> - fast output device (regular) initialized: alert
21/8/2019 -- 23:32:36 - <Info> - eve-log output device (regular) initialized: eve.json
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'alert'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'http'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'dns'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'tls'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'files'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'ssh'
21/8/2019 -- 23:32:36 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/8/2019 -- 23:32:36 - <Info> - http-log output device (regular) initialized: http.log
21/8/2019 -- 23:32:36 - <Info> - reading pcap file /var/pcap/08212019.2332-Heartbleed.pcap
21/8/2019 -- 23:32:36 - <Info> - stream "prealloc-sessions": 2048 (per thread)
21/8/2019 -- 23:32:36 - <Info> - stream "memcap": 33554432
21/8/2019 -- 23:32:36 - <Info> - stream "midstream" session pickups: disabled
21/8/2019 -- 23:32:36 - <Info> - stream "async-oneside": disabled
21/8/2019 -- 23:32:36 - <Info> - stream "checksum-validation": disabled
21/8/2019 -- 23:32:36 - <Info> - stream."inline": disabled
21/8/2019 -- 23:32:36 - <Info> - stream "max-synack-queued": 5
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "memcap": 134217728
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "depth": 0
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "toserver-chunk-size": 2469
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "toclient-chunk-size": 2466
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly.raw: enabled
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 4, prealloc 256
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 16, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 112, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 248, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 512, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 768, prealloc 1024
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 1448, prealloc 1024
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 65535, prealloc 128
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "chunk-prealloc": 250
21/8/2019 -- 23:32:36 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
21/8/2019 -- 23:32:36 - <Info> - pcap file end of file reached (pcap err code 0)
21/8/2019 -- 23:32:36 - <Notice> - Signal Received.  Stopping engine.
21/8/2019 -- 23:32:36 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
21/8/2019 -- 23:32:36 - <Info> - time elapsed 0.025s
21/8/2019 -- 23:32:36 - <Notice> - Pcap-file module read 23 packets, 21831 bytes
21/8/2019 -- 23:32:36 - <Info> - Stream TCP processed 23 TCP packets
21/8/2019 -- 23:32:36 - <Info> - Fast log output wrote 0 alerts
21/8/2019 -- 23:32:36 - <Info> - Alert unified2 module wrote 0 alerts
21/8/2019 -- 23:32:36 - <Info> - HTTP logger logged 0 requests
21/8/2019 -- 23:32:36 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
21/8/2019 -- 23:32:36 - <Info> - Dumping profiling data for 18228 rules.
21/8/2019 -- 23:32:36 - <Info> - Done dumping profiling data.
21/8/2019 -- 23:32:36 - <Info> - file /var/www/html/36a1867b53d58ba14bfbab7fa0d1bad9e7c16aaa885e55a37aab53d36a09e0a5/keyword_perf.log mode a
21/8/2019 -- 23:32:36 - <Info> - Done dumping keyword profiling data.
21/8/2019 -- 23:32:36 - <Info> - cleaning up signature grouping structure... complete
21/8/2019 -- 23:32:36 - <Info> - Done dumping profiling data.
returncode:
0errors:
- 21/8/2019 -- 23:32:32 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 21/8/2019 -- 23:32:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
- 21/8/2019 -- 23:32:32 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules


stats.log - (3658 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
-------------------------------------------------------------------
Date: 8/21/2019 -- 23:32:36 (uptime: 0d, 00h 00m 09s)
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
dns.memuse                | PcapFile                  | 0
dns.memcap_state          | PcapFile                  | 0
dns.memcap_global         | PcapFile                  | 0
decoder.pkts              | PcapFile                  | 23
decoder.bytes             | PcapFile                  | 21831
decoder.invalid           | PcapFile                  | 0
decoder.ipv4              | PcapFile                  | 23
decoder.ipv6              | PcapFile                  | 0
decoder.ethernet          | PcapFile                  | 23
decoder.raw               | PcapFile                  | 0
decoder.sll               | PcapFile                  | 0
decoder.tcp               | PcapFile                  | 23
decoder.udp               | PcapFile                  | 0
decoder.sctp              | PcapFile                  | 0
decoder.icmpv4            | PcapFile                  | 0
decoder.icmpv6            | PcapFile                  | 0
decoder.ppp               | PcapFile                  | 0
decoder.pppoe             | PcapFile                  | 0
decoder.gre               | PcapFile                  | 0
decoder.vlan              | PcapFile                  | 0
decoder.vlan_qinq         | PcapFile                  | 0
decoder.teredo            | PcapFile                  | 0
decoder.ipv4_in_ipv6      | PcapFile                  | 0
decoder.ipv6_in_ipv6      | PcapFile                  | 0
decoder.avg_pkt_size      | PcapFile                  | 949
decoder.max_pkt_size      | PcapFile                  | 4410
defrag.ipv4.fragments     | PcapFile                  | 0
defrag.ipv4.reassembled   | PcapFile                  | 0
defrag.ipv4.timeouts      | PcapFile                  | 0
defrag.ipv6.fragments     | PcapFile                  | 0
defrag.ipv6.reassembled   | PcapFile                  | 0
defrag.ipv6.timeouts      | PcapFile                  | 0
defrag.max_frag_hits      | PcapFile                  | 0
tcp.sessions              | PcapFile                  | 1
tcp.ssn_memcap_drop       | PcapFile                  | 0
tcp.pseudo                | PcapFile                  | 0
tcp.invalid_checksum      | PcapFile                  | 0
tcp.no_flow               | PcapFile                  | 0
tcp.reused_ssn            | PcapFile                  | 0
tcp.memuse                | PcapFile                  | 192
tcp.syn                   | PcapFile                  | 1
tcp.synack                | PcapFile                  | 1
tcp.rst                   | PcapFile                  | 0
tcp.segment_memcap_drop   | PcapFile                  | 0
tcp.stream_depth_reached  | PcapFile                  | 0
tcp.reassembly_memuse     | PcapFile                  | 12316544
tcp.reassembly_gap        | PcapFile                  | 0
http.memuse               | PcapFile                  | 0
http.memcap               | PcapFile                  | 0
detect.alert              | PcapFile                  | 0
flow_mgr.closed_pruned    | FlowManagerThread         | 0
flow_mgr.new_pruned       | FlowManagerThread         | 0
flow_mgr.est_pruned       | FlowManagerThread         | 0
flow.memuse               | FlowManagerThread         | 7074592
flow.spare                | FlowManagerThread         | 10000
flow.emerg_mode_entered   | FlowManagerThread         | 0
flow.emerg_mode_over      | FlowManagerThread         | 0


eve.json - (383 bytes) - download
1
{"timestamp":"2014-04-08T16:11:26.720700","pcap_cnt":10,"event_type":"tls","src_ip":"173.203.79.216","src_port":46592,"dest_ip":"162.219.2.166","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, CN=www.lilawelt.net\/emailAddress=denicadmmail@arcor.de","issuerdn":"C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA"}}


keyword_perf.log - (477 bytes) - download
1
2
3
4
5
6
7
  --------------------------------------------------------------------------
  Date: 8/21/2019 -- 23:32:36
  --------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------
  Keyword          Ticks       Checks   Matches  Max Ticks   Avg         Avg Match   Avg No Match
  ---------------- ----------- -------- -------- ----------- ----------- ----------- ----------- 


IDSDeathBlossom.py.log - (10306 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
2019-08-21 23:32:26,248 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-21 23:32:27,032 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-21 23:32:27,032 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-2.0-etopen-all
2019-08-21 23:32:27,033 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-21 23:32:27,033 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-21 23:32:27,033 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-all.yaml -l /var/www/html/36a1867b53d58ba14bfbab7fa0d1bad9e7c16aaa885e55a37aab53d36a09e0a5 -r /var/pcap/08212019.2332-Heartbleed.pcap -vvv --runmode=single -k none
2019-08-21 23:32:36,941 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
21/8/2019 -- 23:32:32 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.
2019-08-21 23:32:36,941 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
2019-08-21 23:32:36,942 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
21/8/2019 -- 23:32:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
2019-08-21 23:32:36,942 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
21/8/2019 -- 23:32:32 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
2019-08-21 23:32:36,942 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-21 23:32:36,943 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata20/bin/suricata -c /opt/suricata20/etc/etopen/suricata20-etopen-all.yaml -l /var/www/html/36a1867b53d58ba14bfbab7fa0d1bad9e7c16aaa885e55a37aab53d36a09e0a5 -r /var/pcap/08212019.2332-Heartbleed.pcap -vvv --runmode=single -k none; returncode:0; elapsed:9.898321; Errors:
- 21/8/2019 -- 23:32:32 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.

 Warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 21/8/2019 -- 23:32:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
- 21/8/2019 -- 23:32:32 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules

 stderr:
21/8/2019 -- 23:32:32 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata20/etc/etopen/luajit.rules: No such file or directory.

 stdout:
21/8/2019 -- 23:32:27 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
21/8/2019 -- 23:32:27 - <Notice> - This is Suricata version 2.0 RELEASE
21/8/2019 -- 23:32:27 - <Info> - CPUs/cores online: 1
21/8/2019 -- 23:32:27 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
21/8/2019 -- 23:32:27 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
21/8/2019 -- 23:32:27 - <Info> - DNS request flood protection level: 500
21/8/2019 -- 23:32:27 - <Info> - DNS per flow memcap (state-memcap): 524288
21/8/2019 -- 23:32:27 - <Info> - DNS global memcap: 16777216
21/8/2019 -- 23:32:27 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/8/2019 -- 23:32:27 - <Info> - preallocated 1000 defrag trackers of size 152
21/8/2019 -- 23:32:27 - <Info> - defrag memory usage: 3822016 bytes, maximum: 33554432
21/8/2019 -- 23:32:27 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
21/8/2019 -- 23:32:27 - <Info> - preallocated 1024 packets. Total memory 3573760
21/8/2019 -- 23:32:27 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/8/2019 -- 23:32:27 - <Info> - preallocated 1000 hosts of size 112
21/8/2019 -- 23:32:27 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
21/8/2019 -- 23:32:27 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
21/8/2019 -- 23:32:27 - <Info> - preallocated 10000 flows of size 280
21/8/2019 -- 23:32:27 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
21/8/2019 -- 23:32:27 - <Info> - IP reputation disabled
21/8/2019 -- 23:32:27 - <Info> - Registered 106 keyword profiling counters.
21/8/2019 -- 23:32:27 - <Info> - using magic-file /usr/share/file/magic
21/8/2019 -- 23:32:27 - <Info> - Delayed detect disabled
21/8/2019 -- 23:32:28 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/ET-emerging-icmp.rules
21/8/2019 -- 23:32:32 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata20/etc/etopen/local.rules
21/8/2019 -- 23:32:32 - <Info> - 45 rule files processed. 18223 rules successfully loaded, 0 rules failed
21/8/2019 -- 23:32:32 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
21/8/2019 -- 23:32:32 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
21/8/2019 -- 23:32:32 - <Info> - building signature grouping structure, stage 2: building source address list... complete
21/8/2019 -- 23:32:35 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
21/8/2019 -- 23:32:36 - <Info> - Registered 18228 rule profiling counters.
21/8/2019 -- 23:32:36 - <Info> - Threshold config parsed: 0 rule(s) found
21/8/2019 -- 23:32:36 - <Info> - Core dump size is unlimited.
21/8/2019 -- 23:32:36 - <Info> - fast output device (regular) initialized: alert
21/8/2019 -- 23:32:36 - <Info> - eve-log output device (regular) initialized: eve.json
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'alert'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'http'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'dns'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'tls'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'files'
21/8/2019 -- 23:32:36 - <Info> - enabling 'eve-log' module 'ssh'
21/8/2019 -- 23:32:36 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/8/2019 -- 23:32:36 - <Info> - http-log output device (regular) initialized: http.log
21/8/2019 -- 23:32:36 - <Info> - reading pcap file /var/pcap/08212019.2332-Heartbleed.pcap
21/8/2019 -- 23:32:36 - <Info> - stream "prealloc-sessions": 2048 (per thread)
21/8/2019 -- 23:32:36 - <Info> - stream "memcap": 33554432
21/8/2019 -- 23:32:36 - <Info> - stream "midstream" session pickups: disabled
21/8/2019 -- 23:32:36 - <Info> - stream "async-oneside": disabled
21/8/2019 -- 23:32:36 - <Info> - stream "checksum-validation": disabled
21/8/2019 -- 23:32:36 - <Info> - stream."inline": disabled
21/8/2019 -- 23:32:36 - <Info> - stream "max-synack-queued": 5
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "memcap": 134217728
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "depth": 0
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "toserver-chunk-size": 2469
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "toclient-chunk-size": 2466
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly.raw: enabled
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 4, prealloc 256
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 16, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 112, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 248, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 512, prealloc 512
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 768, prealloc 1024
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 1448, prealloc 1024
21/8/2019 -- 23:32:36 - <Info> - segment pool: pktsize 65535, prealloc 128
21/8/2019 -- 23:32:36 - <Info> - stream.reassembly "chunk-prealloc": 250
21/8/2019 -- 23:32:36 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
21/8/2019 -- 23:32:36 - <Info> - pcap file end of file reached (pcap err code 0)
21/8/2019 -- 23:32:36 - <Notice> - Signal Received.  Stopping engine.
21/8/2019 -- 23:32:36 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
21/8/2019 -- 23:32:36 - <Info> - time elapsed 0.025s
21/8/2019 -- 23:32:36 - <Notice> - Pcap-file module read 23 packets, 21831 bytes
21/8/2019 -- 23:32:36 - <Info> - Stream TCP processed 23 TCP packets
21/8/2019 -- 23:32:36 - <Info> - Fast log output wrote 0 alerts
21/8/2019 -- 23:32:36 - <Info> - Alert unified2 module wrote 0 alerts
21/8/2019 -- 23:32:36 - <Info> - HTTP logger logged 0 requests
21/8/2019 -- 23:32:36 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
21/8/2019 -- 23:32:36 - <Info> - Dumping profiling data for 18228 rules.
21/8/2019 -- 23:32:36 - <Info> - Done dumping profiling data.
21/8/2019 -- 23:32:36 - <Info> - file /var/www/html/36a1867b53d58ba14bfbab7fa0d1bad9e7c16aaa885e55a37aab53d36a09e0a5/keyword_perf.log mode a
21/8/2019 -- 23:32:36 - <Info> - Done dumping keyword profiling data.
21/8/2019 -- 23:32:36 - <Info> - cleaning up signature grouping structure... complete
21/8/2019 -- 23:32:36 - <Info> - Done dumping profiling data.

 
2019-08-21 23:32:36,943 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.7039079666


suricata-2.0-etopen-all-perf.txt-2019-08-21-T-23-32-36-08212019.2332-Heartbleed.pcap.txt - (575 bytes) - download
1
2
3
4
5
6
  --------------------------------------------------------------------------
  Date: 8/21/2019 -- 23:32:36
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018789      1        3        29472        100.00 1        0        29472       29472.00    0.00        29472.00