Filename: f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etproenall-all
Runtime: 27.4107441902 seconds
Hash: 3c9ad4e530d550ef35fb6386a17d3dfe
Uploaded: 1564912261

Logfiles


unified2.alert.1564912287 - (2685 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
4_U@

X_U<RT5'ÓïŠE!X¡t

(gDHCPC4_U ¡

X_U<RT5'ÓïŠE!X¡t

(gDHCPC4_U  

X_U<RT5'ÓïŠE!X¡t

(gDHCPC4†Å ¡

X†Å<RT5'ÓïŠE!Y¡s

'gDHCPC4†Å  

X†Å<RT5'ÓïŠE!Y¡s

'gDHCPC4†ð@

K†ð/'ÓïŠRT5E!¡Ë

/gDHCPC4†ð ¸

K†ð/'ÓïŠRT5E!¡Ë

/gDHCPC4yÀ£öÂ:Z
PCyÀ'E‘|Â:Z
PPÉDHTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 10 Jul 2019 23:35:26 GMT
Content-Type: text/plain
Content-Length: 1
Connection: keep-alive
Last-Modified: Wed, 03 Apr 2019 12:41:54 GMT
ETag: "1-5859f94112880"
Accept-Ranges: bytes

04	
ï£öÂ:Z
PÏ	
ï³E¥ðÂ:Z
PP™ÖHTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 10 Jul 2019 23:35:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ok3rfde1j20p8q6551fstied84; path=/

0

4
L ±

b
LF'ÓïŠRT5EÀ8
ÿ¢ç

e$Eåe!–

ÿŠŠÑ•ö4!™£öÂ:Z
P
Ï!!™³E¥ðÂ:Z
P
P2HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 10 Jul 2019 23:35:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=62pj7eug3hf383mau2ki6f18b3; path=/

0


suricata-report-2019-08-04-T-09-51-29-08042019.0951-f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap.txt - (18355 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/3c9ad4e530d550ef35fb6386a17d3dfe51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08042019.0951-f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap -vvv -k none
elapsedtime:26.478032
stderr:
stdout:
4/8/2019 -- 09:51:02 - <Info> - Configuration node 'rule-files' redefined.
4/8/2019 -- 09:51:02 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/8/2019 -- 09:51:02 - <Info> - CPUs/cores online: 1
4/8/2019 -- 09:51:02 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32728 and 'request-body-inspect-window' set to 17148 after randomization.
4/8/2019 -- 09:51:02 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32608 and 'response-body-inspect-window' set to 16367 after randomization.
4/8/2019 -- 09:51:02 - <Config> - DNS request flood protection level: 500
4/8/2019 -- 09:51:02 - <Config> - DNS per flow memcap (state-memcap): 524288
4/8/2019 -- 09:51:02 - <Config> - DNS global memcap: 16777216
4/8/2019 -- 09:51:02 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/8/2019 -- 09:51:02 - <Config> - preallocated 1000 hosts of size 136
4/8/2019 -- 09:51:02 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/8/2019 -- 09:51:02 - <Config> - using magic-file /usr/share/file/magic
4/8/2019 -- 09:51:02 - <Config> - Core dump size is unlimited.
4/8/2019 -- 09:51:02 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/8/2019 -- 09:51:02 - <Config> - preallocated 1000 defrag trackers of size 168
4/8/2019 -- 09:51:02 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/8/2019 -- 09:51:02 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/8/2019 -- 09:51:02 - <Config> - stream "memcap": 33554432
4/8/2019 -- 09:51:02 - <Config> - stream "midstream" session pickups: disabled
4/8/2019 -- 09:51:02 - <Config> - stream "async-oneside": disabled
4/8/2019 -- 09:51:02 - <Config> - stream "checksum-validation": disabled
4/8/2019 -- 09:51:02 - <Config> - stream."inline": disabled
4/8/2019 -- 09:51:02 - <Config> - stream "bypass": disabled
4/8/2019 -- 09:51:02 - <Config> - stream "max-synack-queued": 5
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly "memcap": 134217728
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly "depth": 0
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly "toserver-chunk-size": 2532
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly "toclient-chunk-size": 2464
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly.raw: enabled
4/8/2019 -- 09:51:02 - <Config> - stream.reassembly "segment-prealloc": 2048
4/8/2019 -- 09:51:02 - <Config> - Delayed detect disabled
4/8/2019 -- 09:51:02 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/8/2019 -- 09:51:02 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/8/2019 -- 09:51:02 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/8/2019 -- 09:51:02 - <Config> - prefilter engines: MPM
4/8/2019 -- 09:51:02 - <Config> - IP reputation disabled
4/8/2019 -- 09:51:02 - <Perf> - Registered 148 keyword profiling counters.
4/8/2019 -- 09:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ftp.rules
4/8/2019 -- 09:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-policy.rules
4/8/2019 -- 09:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-trojan.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-games.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-pop3.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-user_agents.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-activex.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-rpc.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-attack_response.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-scan.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-voip.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-chat.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp_info.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-info.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-shellcode.rules
4/8/2019 -- 09:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_client.rules
4/8/2019 -- 09:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-imap.rules
4/8/2019 -- 09:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_server.rules
4/8/2019 -- 09:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-current_events.rules
4/8/2019 -- 09:51:12 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-inappropriate.rules
4/8/2019 -- 09:51:12 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-smtp.rules
4/8/2019 -- 09:51:12 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_specific_apps.rules
4/8/2019 -- 09:51:14 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-malware.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-snmp.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-worm.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dns.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-misc.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-sql.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dos.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-netbios.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-telnet.rules
4/8/2019 -- 09:51:15 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-exploit.rules
4/8/2019 -- 09:51:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-p2p.rules
4/8/2019 -- 09:51:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tftp.rules
4/8/2019 -- 09:51:16 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-mobile_malware.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-botcc.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-compromised.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-drop.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dshield.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tor.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ciarmy.rules
4/8/2019 -- 09:51:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/local.rules
4/8/2019 -- 09:51:17 - <Config> - No rules loaded from local.rules.
4/8/2019 -- 09:51:17 - <Info> - 44 rule files processed. 50693 rules successfully loaded, 0 rules failed
4/8/2019 -- 09:51:17 - <Info> - Threshold config parsed: 0 rule(s) found
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tcp-packet
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tcp-stream
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for udp-packet
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for other-ip
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_uri
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_request_line
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_client_body
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_response_line
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_header
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_header
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_header_names
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_header_names
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_accept
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_accept_enc
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_accept_lang
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_referer
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_connection
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_content_len
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_content_len
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_content_type
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_content_type
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_protocol
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_protocol
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_start
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_start
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_raw_header
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_raw_header
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_method
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_cookie
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_cookie
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_raw_uri
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_user_agent
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_host
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_raw_host
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_stat_msg
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_stat_code
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for dns_query
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tls_sni
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for dce_stub_data
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for dce_stub_data
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for ssh_protocol
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for ssh_protocol
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for ssh_software
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for ssh_software
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for file_data
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for file_data
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_request_line
4/8/2019 -- 09:51:18 - <Perf> - using shared mpm ctx' for http_response_line
4/8/2019 -- 09:51:18 - <Info> - 50718 signatures processed. 1220 are IP-only rules, 21106 are inspecting packet payload, 34612 inspect application layer, 0 are decoder event only
4/8/2019 -- 09:51:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/8/2019 -- 09:51:19 - <Perf> - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies
4/8/2019 -- 09:51:19 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/8/2019 -- 09:51:19 - <Perf> - UDP toserver: 41 port groups, 34 unique SGH's, 7 copies
4/8/2019 -- 09:51:19 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
4/8/2019 -- 09:51:19 - <Perf> - OTHER toserver: 254 proto groups, 7 unique SGH's, 247 copies
4/8/2019 -- 09:51:19 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/8/2019 -- 09:51:25 - <Perf> - Unique rule groups: 114
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toserver TCP packet": 33
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toclient TCP packet": 18
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toserver TCP stream": 29
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toclient TCP stream": 20
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toserver UDP packet": 33
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "toclient UDP packet": 18
4/8/2019 -- 09:51:25 - <Perf> - Builtin MPM "other IP packet": 4
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_header": 10
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_header": 6
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_start": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_raw_header": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_raw_header": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_method": 5
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_user_agent": 7
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver http_host": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_stat_msg": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient http_stat_code": 3
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toserver file_data": 1
4/8/2019 -- 09:51:25 - <Perf> - AppLayer MPM "toclient file_data": 5
4/8/2019 -- 09:51:27 - <Perf> - Registered 50718 rule profiling counters.
4/8/2019 -- 09:51:27 - <Info> - fast output device (regular) initialized: alert
4/8/2019 -- 09:51:27 - <Info> - eve-log output device (regular) initialized: eve.json
4/8/2019 -- 09:51:27 - <Config> - enabling 'eve-log' module 'alert'
4/8/2019 -- 09:51:27 - <Config> - enabling 'eve-log' module 'http'
4/8/2019 -- 09:51:27 - <Config> - enabl

This file has been truncated. Go here to download in full.


packet_stats.log - (14713 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             4         19035308      111641276      44402004        177.6m    1.65
 IPv4       6            70         55438800      255457266     148500888         10.4b   96.46
 IPv4      17             3         40311228      108527572      67789365        203.4m    1.89
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             4          2697218       16596778       6334051         25.3m    9.96
TMM_FLOWWORKER              IPv4       6            70           335066       15409526       2807434        196.5m   77.24
TMM_FLOWWORKER              IPv4      17             3          2117968       15515574      10599999         31.8m   12.50
TMM_RECEIVEPCAPFILE         IPv4       1             4             4698           4776          4741         19.0k    0.01
TMM_RECEIVEPCAPFILE         IPv4       6            70             4446           5698          4748        332.4k    0.13
TMM_RECEIVEPCAPFILE         IPv4      17             3             4482           5094          4788         14.4k    0.01
TMM_DECODEPCAPFILE          IPv4       1             4             4986          22228          9441         37.8k    0.01
TMM_DECODEPCAPFILE          IPv4       6            70             4552          16674          5040        352.9k    0.14
TMM_DECODEPCAPFILE          IPv4      17             3             4896          18196          9341         28.0k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             5968           5968          5968          6.0k  0.00  
flow                    IPv4       6            70             4864          24288          6504        455.3k  0.19  
flow                    IPv4      17             3             6892          26578         15292         45.9k  0.02  
stream                  IPv4       6            70             5822         450282         38500          2.7m  1.14  
app-layer               IPv4      17             3            17756          84998         41459        124.4k  0.05  
detect                  IPv4       1             4          2563530        3169872       2865145         11.5m  4.86  
detect                  IPv4       6            70           295984       15360990       2704460        189.3m  80.31 
detect                  IPv4      17             3          2072300       15217138      10403232         31.2m  13.24 
tcp-prune               IPv4       6            70             4474          36642          5855        409.9k  0.17  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7            18150          65228         26016        182.1k  78.02 
http                    IPv4      17             1            18410          18410         18410         18.4k  7.89  
dns                     IPv4      17             2            11640          21264         16452         32.9k  14.10 
Proto detect            IPv4      17             3             7154          48174         34500        103.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             4            24314         148670         60721        242.9k  1.54  
LOGGER_ALERT_FAST           IPv4       6             3            54572          70868         63234        189.7k  1.20  
LOGGER_UNIFIED2             IPv4       1             4            30238         236876         82824        331.3k  2.10  
LOGGER_UNIFIED2             IPv4       6             3            46426          48370         47553        142.7k  0.91  
LOGGER_JSON_ALERT           IPv4       1             4            55284       12997974       3293594         13.2m  83.67 
LOGGER_JSON_ALERT           IPv4       6             3            80514         110486         91565        274.7k  1.74  
LOGGER_JSON_DNS             IPv4      17             2           149268         172522        160895        321.8k  2.04  
LOGGER_JSON_HTTP            IPv4       6             7            56994         251510        142595        998.2k  6.34  
LOGGER_JSON_FILE            IPv4       6             1            70126          70126         70126         70.1k  0.45  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             4             5090          19448         11190        44.8k  0.66  
payload                           IPv4       6            28             4638         144694         56243         1.6m  23.10 
payload                           IPv4      17             3            49602         110864         75570       226.7k  3.32  
stream                            IPv4       6            28             4484         178080         63345         1.8m  26.01 
http_uri                          IPv4       6             7            20504          70562         54280       380.0k  5.57  
http_request_line                 IPv4       6             7             9168          10404          9914        69.4k  1.02  
http_client_body                  IPv4       6             7             5280           6262          5573        39.0k  0.57  
http_header (request)             IPv4       6             7            59090          96712         66216       463.5k  6.80  
http_header (request trailer)     IPv4       6             7             4502           4812          4592        32.1k  0.47  
http_header_names (request)       IPv4       6             7            17276          20458         18610       130.3k  1.91  
http_accept (request)             IPv4       6             7             5956           7008          6384        44.7k  0.66  
http_referer (request)            IPv4       6             7             4990           6334          5413        37.9k  0.56  
http_content_len (request)        IPv4       6             7             5254           6942          5543        38.8k  0.57  
http_content_type (request)       IPv4       6             7             5052           6682          5627        39.4k  0.58  
http_protocol (request)           IPv4       6             7             8174          10290          8728        61.1k  0.90  
http_start (request)              IPv4       6             7            16218          32826         19546       136.8k  2.01  
http_raw_header (request)         IPv4       6             7            23494          42042         27025       189.2k  2.77  
http_method                       IPv4       6             7             8706          10850          9374        65.6k  0.96  
http_cookie (request)             IPv4       6             7             5070           5886          5364        37.5k  0.55  
http_raw_uri                      IPv4       6             7             7916          29054         13195        92.4k  1.35  
http_user_agent                   IPv4       6             7            25778          29106         27539       192.8k  2.83  
http_host                         IPv4       6             7            10978          13170         11848        82.9k  1.22  
dns_query                         IPv4      17             1            15090          15090         15090        15.1k  0.22  
http_response_line                IPv4       6             7            10786          13616         11824        82.8k  1.21  
http_header (response)            IPv4       6             7            59634          84770         68472       479.3k  7.03  
http_header (response trailer)    IPv4       6             7             4504          10896          8608        60.3k  0.88  
http_content_type (response)      IPv4       6             7             8578          13024         11275        78.9k  1.16  
http_raw_header (response)        IPv4       6             7            15670          22186         19501       136.5k  2.00  
http_cookie (response)            IPv4       6             7             5182          13506         10387        72.7k  1.07  
http_stat_msg                     IPv4       6             7             7866          29234         11757        82.3k  1.21  
http_stat_code                    IPv4       6             7             7782           9902          8229        57.6k  0.84  
Total                             IPv4                   246                                         27719         6.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             4            54766         138862         87921        351.7k  0.14  
PROF_DETECT_IPONLY          IPv4       6            14            71270         142224         88820          1.2m  0.48  
PROF_DETECT_IPONLY          IPv4      17             3            62150         507438        216502        649.5k  0.25  
PROF_DETECT_RULES           IPv4       1             4          2396094        2808488       2626736         10.5m  4.09  
PROF_DETECT_RULES           IPv4       6            70           221274       13528862       2265381        158.6m  61.80 
PROF_DETECT_RULES           IPv4      17             3          1678946       14377658       9738904         29.2m  11.39 
PROF_DETECT_STATEFUL_START    IPv4       6            27             9046        5051114       1179825         31.9m  12.41 
PROF_DETECT_STATEFUL_CONT    IPv4       1             4             4406           4732          4579         18.3k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       6            70             4420          33102          9506        665.5k  0.26  
PROF_DETECT_STATEFUL_CONT    IPv4      17             3             4706         109952         45358        136.1k  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            42             4546          20384          5294        222.4k  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             7180           8018          7599         15.2k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             4            33834          96822         58102        232.4k  0.09  
PROF_DETECT_PREFILTER       IPv4       6            70            14100         697446        151056         10.6m  4.12  
PROF_DETECT_PREFILTER       IPv4      17             3           119208         161668        136360        409.1k  0.16  
PROF_DETECT_PF_PAYLOAD      IPv4       1             4            14902          31482         21240         85.0k  0.03  
PROF_DETECT_PF_PAYLOAD      IPv4       6            28            90004         196426        135637          3.8m  1.48  
PROF_DETECT_PF_PAYLOAD      IPv4      17             3            58798         120044         84744        254.2k  0.10  
PROF_DETECT_PF_TX           IPv4       6            42             4584         428240        105711          4.4m  1.73  
PROF_DETECT_PF_TX           IPv4      17             1            25818          25818         25818         25.8k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6            35             6560          61686         16465        576.3k  0.22  
PROF_DETECT_PF_SORT1        IPv4      17             3            12004          14198         13164         39.5k  0.02  
PROF_DETECT_PF_SORT2        IPv4       1             4             4806           8468          6741         27.0k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6            70             4698          28814          7101        497.1k  0.19  
PROF_DETECT_PF_SORT2        IPv4      17             3             8108          11392          9383         28.1k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       1             4             5266           8190          6635         26.5k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6            70             4932          35860          6799        476.0k  0.19  
PROF_DETECT_NONMPMLIST      IPv4      17             3             5712           5902          5794         17.4k  0.01  
PROF_DETECT_ALERT           IPv4       1             4            16252          60346         28775        115.1k  0.04  
PROF_DETECT_ALERT           IPv4       6            70             4428          22388          7004        490.3k  0.19  
PROF_DETECT_ALERT           IPv4      17             3            19032          23748         21652         65.0k  0.03  
PROF_DETECT_CLEANUP         IPv4       1             4             4478           5380          4770         19.1k  0.01  
PROF_DETECT_CLEANUP         IPv4       6            70             4536          20394          5585        391.0k  0.15  
PROF_DETECT_CLEANUP         IPv4      17             3             6648           8810          7818         23.5k  0.01  
PROF_DETECT_GETSGH          IPv4       1             4             4698           4806          4750         19.0k  0.01  
PROF_DETECT_GETSGH          IPv4       6            70             4430          11712          5855        409.9k  0.16  
PROF_DETECT_GETSGH          IPv4      17             3            10408          69610         32184         96.6k  0.04  


suricata-4.0.0-etproenall-all-alert-2019-08-04-T-09-51-29-08042019.0951-f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap.txt - (1765 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
06.286549  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
06.286549  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
06.286549  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.558789  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.558789  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
07.558832  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
07.558832  [**] [1:2100408:6] GPL ICMP_INFO Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
23.555456  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.90.26:80 -> 10.0.2.15:1035
23.716560  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.90.26:80 -> 10.0.2.15:1036
27.347159  [**] [1:2100401:7] GPL ICMP_INFO Destination Unreachable Network Unreachable [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.2:3 -> 10.0.2.15:0
33.332185  [**] [1:2008054:7] ET DELETED Nginx Server in use - Often Hostile Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 194.58.90.26:80 -> 10.0.2.15:1037


stats.log - (2829 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 8/4/2019 -- 09:51:29 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 80
decoder.bytes                              | Total                     | 9118
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 77
decoder.ethernet                           | Total                     | 80
decoder.tcp                                | Total                     | 70
decoder.udp                                | Total                     | 3
decoder.icmpv4                             | Total                     | 4
decoder.avg_pkt_size                       | Total                     | 113
decoder.max_pkt_size                       | Total                     | 435
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 2
decoder.ethernet.pkt_too_small             | Total                     | 1
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
detect.alert                               | Total                     | 11
detect.mpm_list                            | Total                     | 38
detect.nonmpm_list                         | Total                     | 98
detect.fnonmpm_list                        | Total                     | 53
detect.match_list                          | Total                     | 90
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 1
flow.spare                                 | Total                     | 9999
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (9115 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{"timestamp":"1900-01-00T00:00:06.286549+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:06.286549+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:06.286549+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:07.558789+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:07.558789+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:07.558832+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:07.558832+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100408,"rev":6,"signature":"GPL ICMP_INFO Echo Reply","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:23.164184+0000","flow_id":1491798909747544,"pcap_cnt":7,"event_type":"dns","src_ip":"10.0.2.15","src_port":1031,"dest_ip":"10.0.2.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54167,"rrname":"webstatistika-country.ru","rrtype":"A","tx_id":0}}
{"timestamp":"1900-01-00T00:00:23.459340+0000","flow_id":1491798909747544,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"webstatistika-country.ru","rrtype":"A","ttl":3600,"rdata":"194.58.90.26"}}
{"timestamp":"1900-01-00T00:00:23.459340+0000","flow_id":1491798909747544,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"webstatistika-country.ru","rrtype":"NS","ttl":17920,"rdata":"ns6.hosting.reg.ru"}}
{"timestamp":"1900-01-00T00:00:23.459340+0000","flow_id":1491798909747544,"pcap_cnt":8,"event_type":"dns","src_ip":"10.0.2.2","src_port":53,"dest_ip":"10.0.2.15","dest_port":1031,"proto":"UDP","dns":{"type":"answer","id":54167,"rcode":"NOERROR","rrname":"webstatistika-country.ru","rrtype":"NS","ttl":17920,"rdata":"ns5.hosting.reg.ru"}}
{"timestamp":"1900-01-00T00:00:23.555456+0000","flow_id":866419459165183,"pcap_cnt":16,"event_type":"alert","src_ip":"194.58.90.26","src_port":80,"dest_ip":"10.0.2.15","dest_port":1035,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:23.601308+0000","flow_id":866419459165183,"pcap_cnt":18,"event_type":"http","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/mycount.txt","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/plain"}}
{"timestamp":"1900-01-00T00:00:23.601308+0000","flow_id":866419459165183,"pcap_cnt":18,"event_type":"fileinfo","src_ip":"194.58.90.26","src_port":80,"dest_ip":"10.0.2.15","dest_port":1035,"proto":"TCP","http":{"hostname":"webstatistika-country.ru","url":"\/panel\/mycount.txt","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1},"app_proto":"http","fileinfo":{"filename":"\/panel\/mycount.txt","gaps":false,"state":"CLOSED","stored":false,"size":1,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:23.716560+0000","flow_id":1528688383858331,"pcap_cnt":26,"event_type":"alert","src_ip":"194.58.90.26","src_port":80,"dest_ip":"10.0.2.15","dest_port":1036,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:23.762317+0000","flow_id":1528688383858331,"pcap_cnt":27,"event_type":"http","src_ip":"10.0.2.15","src_port":1036,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:27.347159+0000","flow_id":417485855345583,"pcap_cnt":30,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":3,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100401,"rev":7,"signature":"GPL ICMP_INFO Destination Unreachable Network Unreachable","category":"Misc activity","severity":3},"app_proto":"failed"}
{"timestamp":"1900-01-00T00:00:33.332185+0000","flow_id":257794676721708,"pcap_cnt":38,"event_type":"alert","src_ip":"194.58.90.26","src_port":80,"dest_ip":"10.0.2.15","dest_port":1037,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2008054,"rev":7,"signature":"ET DELETED Nginx Server in use - Often Hostile Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:33.378565+0000","flow_id":257794676721708,"pcap_cnt":39,"event_type":"http","src_ip":"10.0.2.15","src_port":1037,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:43.375178+0000","flow_id":1616754542090895,"pcap_cnt":49,"event_type":"http","src_ip":"10.0.2.15","src_port":1038,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:53.376944+0000","flow_id":1113642073697092,"pcap_cnt":59,"event_type":"http","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1970-01-01T00:01:03.390714+0000","flow_id":1404014075822798,"pcap_cnt":69,"event_type":"http","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}
{"timestamp":"1970-01-01T00:01:13.388335+0000","flow_id":1542178879426256,"pcap_cnt":79,"event_type":"http","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"194.58.90.26","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"webstatistika-country.ru","url":"\/panel\/add_bot.php?os=Windows+XP+Professional+(Build%3A+2600+-+Service+Pack%3A+3.0)+(x86)&bits=x32&av=Not+found","http_user_agent":"Opera\/9.80 (Windows NT 6.0) Presto\/2.12.388 Version\/12.14","http_content_type":"text\/html"}}


suricata-4.0.0-etproenall-all-perf.txt-2019-08-04-T-09-51-29-08042019.0951-f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap.txt - (95701 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/4/2019 -- 09:51:29. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2014363      1        7        12446056     7.78   2        0        12440850    6223028.00  0.00        6223028.00 
  2        2803396      1        1        3136688      1.96   3        0        3126172     1045562.67  0.00        1045562.67 
  3        2803400      1        1        2826222      1.77   3        0        2815644     942074.00   0.00        942074.00  
  4        2803398      1        1        2646522      1.65   3        0        2636566     882174.00   0.00        882174.00  
  5        2803397      1        1        673042       0.42   3        0        663256      224347.33   0.00        224347.33  
  6        2803399      1        1        672532       0.42   3        0        661806      224177.33   0.00        224177.33  
  7        2014703      1        9        454072       0.28   2        0        429636      227036.00   0.00        227036.00  
  8        2802205      1        3        426246       0.27   2        0        421332      213123.00   0.00        213123.00  
  9        2803395      1        1        242296       0.15   3        0        230922      80765.33    0.00        80765.33   
  10       2807506      1        5        674678       0.42   7        0        125544      96382.57    0.00        96382.57   
  11       2816910      1        2        711220       0.44   7        0        119708      101602.86   0.00        101602.86  
  12       2816933      1        2        355552       0.22   6        0        117176      59258.67    0.00        59258.67   
  13       2010500      1        6        112544       0.07   1        1        112544      112544.00   112544.00   0.00       
  14       2811826      1        7        458430       0.29   6        0        109500      76405.00    0.00        76405.00   
  15       2815806      1        7        584764       0.37   7        0        108882      83537.71    0.00        83537.71   
  16       2801557      1        2        564106       0.35   14       0        108310      40293.29    0.00        40293.29   
  17       2815759      1        4        390482       0.24   6        0        107816      65080.33    0.00        65080.33   
  18       2816327      1        4        406400       0.25   7        0        107742      58057.14    0.00        58057.14   
  19       2816909      1        2        650364       0.41   7        0        106890      92909.14    0.00        92909.14   
  20       2816927      1        3        537382       0.34   7        0        106544      76768.86    0.00        76768.86   
  21       2805089      1        6        103304       0.06   1        0        103304      103304.00   0.00        103304.00  
  22       2811864      1        5        490840       0.31   6        0        102002      81806.67    0.00        81806.67   
  23       2805348      1        4        101524       0.06   1        0        101524      101524.00   0.00        101524.00  
  24       2022901      1        2        366178       0.23   6        0        99112       61029.67    0.00        61029.67   
  25       2020027      1        3        487646       0.30   7        0        97152       69663.71    0.00        69663.71   
  26       2815805      1        8        503404       0.31   7        0        96702       71914.86    0.00        71914.86   
  27       2815804      1        8        425676       0.27   6        0        96186       70946.00    0.00        70946.00   
  28       2815871      1        2        546926       0.34   7        0        93734       78132.29    0.00        78132.29   
  29       2017376      1        7        392202       0.25   6        0        92190       65367.00    0.00        65367.00   
  30       2815220      1        2        367656       0.23   6        0        90618       61276.00    0.00        61276.00   
  31       2017552      1        6        527556       0.33   14       0        90358       37682.57    0.00        37682.57   
  32       2815181      1        3        364760       0.23   6        0        90058       60793.33    0.00        60793.33   
  33       2016809      1        5        402696       0.25   6        0        90056       67116.00    0.00        67116.00   
  34       2000540      1        8        956610       0.60   42       0        89638       22776.43    0.00        22776.43   
  35       2816895      1        2        403786       0.25   6        0        88844       67297.67    0.00        67297.67   
  36       2011583      1        4        458810       0.29   7        0        87670       65544.29    0.00        65544.29   
  37       2816928      1        3        454828       0.28   7        0        87658       64975.43    0.00        64975.43   
  38       2010896      1        3        251748       0.16   35       0        87582       7192.80     0.00        7192.80    
  39       2816356      1        2        419556       0.26   7        0        87472       59936.57    0.00        59936.57   
  40       2800277      1        10       400284       0.25   7        0        86268       57183.43    0.00        57183.43   
  41       2100365      1        9        127172       0.08   4        0        85900       31793.00    0.00        31793.00   
  42       2010697      1        8        510212       0.32   7        0        85556       72887.43    0.00        72887.43   
  43       2803506      1        10       500436       0.31   7        0        82854       71490.86    0.00        71490.86   
  44       2811827      1        6        407832       0.26   6        0        82682       67972.00    0.00        67972.00   
  45       2815180      1        3        380366       0.24   6        0        82262       63394.33    0.00        63394.33   
  46       2017556      1        3        356136       0.22   6        0        81844       59356.00    0.00        59356.00   
  47       2024381      1        1        329580       0.21   6        0        81736       54930.00    0.00        54930.00   
  48       2816925      1        3        481164       0.30   7        0        81138       68737.71    0.00        68737.71   
  49       2816337      1        5        407130       0.25   7        0        81130       58161.43    0.00        58161.43   
  50       2014442      1        6        411776       0.26   6        0        80660       68629.33    0.00        68629.33   
  51       2816929      1        4        377780       0.24   7        0        80560       53968.57    0.00        53968.57   
  52       2020963      1        2        349162       0.22   6        0        80030       58193.67    0.00        58193.67   
  53       2018589      1        6        389944       0.24   6        0        79976       64990.67    0.00        64990.67   
  54       2017706      1        6        379820       0.24   6        0        79712       63303.33    0.00        63303.33   
  55       2811828      1        12       398632       0.25   6        0        79672       66438.67    0.00        66438.67   
  56       2019378      1        12       430178       0.27   6        0        79658       71696.33    0.00        71696.33   
  57       2821471      1        2        345812       0.22   6        0        79578       57635.33    0.00        57635.33   
  58       2808578      1        3        375856       0.24   6        0        79458       62642.67    0.00        62642.67   
  59       2816352      1        5        377102       0.24   6        0        79190       62850.33    0.00        62850.33   
  60       2003394      1        8        370904       0.23   7        0        79156       52986.29    0.00        52986.29   
  61       2021418      1        9        355996       0.22   6        0        77576       59332.67    0.00        59332.67   
  62       2815533      1        3        418888       0.26   7        0        77454       59841.14    0.00        59841.14   
  63       2816619      1        2        77116        0.05   1        0        77116       77116.00    0.00        77116.00   
  64       2017452      1        3        357764       0.22   6        0        77086       59627.33    0.00        59627.33   
  65       2017454      1        12       378276       0.24   6        0        77038       63046.00    0.00        63046.00   
  66       2001328      1        13       622664       0.39   35       0        76766       17790.40    0.00        17790.40   
  67       2810058      1        3        384468       0.24   7        0        76628       54924.00    0.00        54924.00   
  68       2816328      1        5        395870       0.25   7        0        76344       56552.86    0.00        56552.86   
  69       2020998      1        5        245686       0.15   6        0        75468       40947.67    0.00        40947.67   
  70       2800278      1        4        593226       0.37   14       0        74576       42373.29    0.00        42373.29   
  71       2815568      1        2        370674       0.23   6        0        74268       61779.00    0.00        61779.00   
  72       2013154      1        5        412780       0.26   7        0        73454       58968.57    0.00        58968.57   
  73       2017076      1        9        360160       0.23   6        0        73412       60026.67    0.00        60026.67   
  74       2020399      1        5        403820       0.25   7        0        73222       57688.57    0.00        57688.57   
  75       2102437      1        9        324320       0.20   7        0        72696       46331.43    0.00        46331.43   
  76       2017036      1        3        372844       0.23   6        0        72692       62140.67    0.00        62140.67   
  77       2016706      1        20       390064       0.24   6        0        72624       65010.67    0.00        65010.67   
  78       2808793      1        3        72448        0.05   1        0        72448       72448.00    0.00        72448.00   
  79       2809363      1        3        309834       0.19   6        0        72186       51639.00    0.00        51639.00   
  80       2018055      1        3        72002        0.05   1        0        72002       72002.00    0.00        72002.00   
  81       2008377      1        5        320302       0.20   6        0        71764       53383.67    0.00        53383.67   
  82       2828986      1        2        312710       0.20   6        0        70606       52118.33    0.00        52118.33   
  83       2816922      1        5        411994       0.26   7        0        70410       58856.29    0.00        58856.29   
  84       2801587      1        1        541390       0.34   14       0        70284       38670.71    0.00        38670.71   
  85       2806468      1        2        309228       0.19   6        0        70166       51538.00    0.00        51538.00   
  86       2816846      1        3        310770       0.19   6        0        70008       51795.00    0.00        51795.00   
  87       2829848      1        2        301238       0.19   6        0        69614       50206.33    0.00        50206.33   
  88       2815764      1        5        314172       0.20   6        0        68344       52362.00    0.00        52362.00   
  89       2803760      1        3        68340        0.04   1        0        68340       68340.00    0.00        68340.00   
  90       2017614      1        2        316874       0.20   14       0        67966       22633.86    0.00        22633.86   
  91       2816930      1        4        354334       0.22   7        0        67702       50619.14    0.00        50619.14   
  92       2815758      1        4        305140       0.19   6        0        67366       50856.67    0.00        50856.67   
  93       2014026      1        1        277410       0.17   7        0        66954       39630.00    0.00        39630.00   
  94       2025230      1        2        302020       0.19   6        0        66460       50336.67    0.00        50336.67   
  95       2804095      1        2        66186        0.04   1        0        66186       66186.00    0.00        66186.00   
  96       2012328      1        6        71182        0.04   2        0        66048       35591.00    0.00        35591.00   
  97       2816847      1        6        303532       0.19   6        0        65942       50588.67    0.00        50588.67   
  98       2015872      1        6        391336       0.24   6        0        65554       65222.67    0.00        65222.67   
  99       2828060      1        4        301202       0.19   6        0        65388       50200.33    0.00        50200.33   
  100      2002743      1        9        626530       0.39   14       7        64866       44752.14    50398.00    39106.29   
  101      2100628      1        8        715470       0.45   70       0        64766       10221.00    0.00        10221.00   
  102      2819673      1        4        348002       0.22   7        0        64650       49714.57    0.00        49714.57   
  103      2025064      1        5        357768       0.22   7        0        64466       51109.71    0.00        51109.71   
  104      2800308      1        4        272676       0.17   14       0        63902       19476.86    0.00        19476.86   
  105      2103199      1        5        256898       0.16   28       0        63786       9174.93     0.00        9174.93    
  106      2803305      1        7        341212       0.21   7        0        63490       48744.57    0.00        48744.57   
  107      2000538      1        8        907058       0.57   42       0        63368       21596.62    0.00        21596.62   
  108      2816525      1        10       356396       0.22   7        0        62820       50913.71    0.00        50913.71   
  109      2804545      1        4        336302       0.21   14       0        62588       24021.57    0.00        24021.57   
  110      2804134      1        1        552264       0.35   14       0        62094       39447.43    0.00        39447.43   
  111      2816608      1        4        306146       0.19   6        0        62072       51024.33    0.00        51024.33   
  112      2019094      1        5        309056       0.19   6        0        62048       51509.33    0.00        51509.33   
  113      2008197      1        5        352626       0.22   7        0        61902       50375.14    0.00        50375.14   
  114      2017456      1        3        339938       0.21   6        0        61512       56656.33    0.00        56656.33   
  115      2801575      1        2        527508       0.33   14       0        61502       37679.14    0.00        37679.14   
  116      2002508      1        5        274938       0.17   14       0        61262       19638.43    0.00        19638.43   
  117      2810659      1        4        288312       0.18   6        0        61254       48052.00    0.00        48052.00   
  118      2801605      1        3        565444       0.35   14       0        61248       40388.86    0.00        40388.86   
  119      2023083      1        2        363192       0.23   7        0        61248       51884.57    0.00        51884.57   
  120      2815182      1        3        337144       0.21   6        0        61158       56190.67    0.00        56190.67   
  121      2012649      1        5        335536       0.21   7        0        61152       47933.71    0.00        47933.71   
  122      2020964      1        2        286048       0.18   6        0        61108       47674.67    0.00        47674.67   
  123      2812433      1        2        300096       0.19   6        0        61058       50016.00    0.00        50016.00   
  124      2820851      1        5        341412       0.21   7        0        60858       48773.14    0.00        48773.14   
  125      2801253      1        5        32

This file has been truncated. Go here to download in full.


keyword_perf.log - (15345 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/4/2019 -- 09:51:29
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              385164          70              0               23190           5502.00         0.00            5502.00        
  window           94972           14              0               26064           6783.00         0.00            6783.00        
  ipopts           256246          50              0               10292           5124.00         0.00            5124.00        
  flags            735868          147             14              23608           5005.00         4618.00         5046.00        
  fragbits         1232938         234             147             26222           5268.00         5191.00         5399.00        
  fragoffset       165216          35              0               5634            4720.00         0.00            4720.00        
  ttl              249710          44              2               28174           5675.00         8387.00         5546.00        
  itype            729654          145             7               22576           5032.00         4910.00         5038.00        
  icode            1613434         313             116             76110           5154.00         4968.00         5264.00        
  icmp_id          60264           8               0               16568           7533.00         0.00            7533.00        
  dsize            585594          112             112             21966           5228.00         5228.00         0.00           
  flow             6467558         1146            1132            64042           5643.00         5623.00         7279.00        
  threshold        152072          14              5               42784           10862.00        15289.00        8402.00        
  content          19843040        2839            1883            455772          6989.00         6333.00         8282.00        
  pcre             16079526        2224            2               51210           7230.00         32800.00        7206.00        
  byte_test        14391634        226             98              12364162        63679.00        140218.00       5079.00        
  byte_jump        13208           1               1               13208           13208.00        13208.00        0.00           
  sameip           394696          77              0               28150           5125.00         0.00            5125.00        
  isdataat         196588          36              12              29046           5460.00         4788.00         5797.00        
  flowbits         2583886         475             23              78658           5439.00         6312.00         5395.00        
  urilen           1966768         372             232             27610           5287.00         5333.00         5210.00        
  byte_extract     107354          14              7               31488           7668.00         7045.00         8290.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              385164          70              0               23190           5502.00         0.00            5502.00        
  window           94972           14              0               26064           6783.00         0.00            6783.00        
  ipopts           256246          50              0               10292           5124.00         0.00            5124.00        
  flags            735868          147             14              23608           5005.00         4618.00         5046.00        
  fragbits         1232938         234             147             26222           5268.00         5191.00         5399.00        
  fragoffset       165216          35              0               5634            4720.00         0.00            4720.00        
  ttl              249710          44              2               28174           5675.00         8387.00         5546.00        
  itype            729654          145             7               22576           5032.00         4910.00         5038.00        
  icode            1613434         313             116             76110           5154.00         4968.00         5264.00        
  icmp_id          60264           8               0               16568           7533.00         0.00            7533.00        
  dsize            585594          112             112             21966           5228.00         5228.00         0.00           
  flow             6467558         1146            1132            64042           5643.00         5623.00         7279.00        
  sameip           394696          77              0               28150           5125.00         0.00            5125.00        
  flowbits         2485704         460             8               78658           5403.00         5876.00         5395.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12032716        1587            996             455772          7582.00         6343.00         9668.00        
  pcre             11716088        1786            0               51210           6559.00         0.00            6559.00        
  byte_test        14391634        226             98              12364162        63679.00        140218.00       5079.00        
  byte_jump        13208           1               1               13208           13208.00        13208.00        0.00           
  isdataat         196588          36              12              29046           5460.00         4788.00         5797.00        
  byte_extract     107354          14              7               31488           7668.00         7045.00         8290.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         98182           15              15              9084            6545.00         6545.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        152072          14              5               42784           10862.00        15289.00        8402.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4011030         642             461             43558           6247.00         6283.00         6156.00        
  pcre             3133258         314             2               48008           9978.00         32800.00        9832.00        
  urilen           1966768         372             232             27610           5287.00         5333.00         5210.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          35552           7               0               5230            5078.00         0.00            5078.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          29982           2               0               25128           14991.00        0.00            14991.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2898950         461             349             27814           6288.00         6399.00         5943.00        
  pcre             953274          89              0               42066           10710.00        0.00            10710.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57462           8               0               7742            7182.00         0.00            7182.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          67906           12              12              6650            5658.00         5658.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          237690          44              8               17860           5402.00         5289.00         5427.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          402422          63              56              39552           6387.00         6459.00         5816.00        
  pcre             276906          35              0               22508           7911.00         0.00            7911.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          69330           13              1               6034            5333.00         5024.00         5358.00        


IDSDeathBlossom.py.log - (1219 bytes) - download
1
2
3
4
5
6
7
8
2019-08-04 09:51:02,149 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-04 09:51:02,875 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-04 09:51:02,876 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etproenall-all
2019-08-04 09:51:02,876 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-04 09:51:02,876 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-04 09:51:02,877 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/3c9ad4e530d550ef35fb6386a17d3dfe51cf25896b6b2454fe89507ba3b24642 -r /var/pcap/08042019.0951-f3b929b2955fe83f82d625078a1636f5c2f042641583f6cf96c2bcf33f548caa.pcap -vvv -k none
2019-08-04 09:51:29,357 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-04 09:51:29,358 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.2173149586