Filename: test.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: test-test
Runtime: 2.58715891838 seconds
Hash: 47b37c3ec412d284b54f0a53d31d73b2
Uploaded: 1510174793

Logfiles


packet_stats.log - (2022 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 


stats.log - (865 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
------------------------------------------------------------------------------------
Date: 11/8/2017 -- 20:59:56 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


keyword_perf.log - (706 bytes) - download
1
2
3
4
5
6
7
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/8/2017 -- 20:59:56
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 


suricata-report-2017-11-08-T-20-59-56-11082017.2059-test.pcap.txt - (11154 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /tmp/dugRwe -l /var/www/html/47b37c3ec412d284b54f0a53d31d73b2a52ea3486ccb528fafdad88d8d40b51a -r /var/pcap/11082017.2059-test.pcap -vvv -k none
elapsedtime:0.374693
stderr:
8/11/2017 -- 20:59:55 - <Error> - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 an interface has a snapshot length 262144 different from the type of the first interface
stdout:
8/11/2017 -- 20:59:55 - <Notice> - This is Suricata version 4.0.0 RELEASE
8/11/2017 -- 20:59:55 - <Info> - CPUs/cores online: 1
8/11/2017 -- 20:59:55 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31684 and 'request-body-inspect-window' set to 16803 after randomization.
8/11/2017 -- 20:59:55 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31131 and 'response-body-inspect-window' set to 16271 after randomization.
8/11/2017 -- 20:59:55 - <Config> - DNS request flood protection level: 500
8/11/2017 -- 20:59:55 - <Config> - DNS per flow memcap (state-memcap): 524288
8/11/2017 -- 20:59:55 - <Config> - DNS global memcap: 16777216
8/11/2017 -- 20:59:55 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
8/11/2017 -- 20:59:55 - <Config> - preallocated 1000 hosts of size 136
8/11/2017 -- 20:59:55 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:55 - <Config> - using magic-file /usr/share/file/magic
8/11/2017 -- 20:59:55 - <Config> - Core dump size is unlimited.
8/11/2017 -- 20:59:55 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
8/11/2017 -- 20:59:55 - <Config> - preallocated 1000 defrag trackers of size 168
8/11/2017 -- 20:59:55 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
8/11/2017 -- 20:59:55 - <Config> - stream "prealloc-sessions": 2048 (per thread)
8/11/2017 -- 20:59:55 - <Config> - stream "memcap": 33554432
8/11/2017 -- 20:59:55 - <Config> - stream "midstream" session pickups: disabled
8/11/2017 -- 20:59:55 - <Config> - stream "async-oneside": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "checksum-validation": disabled
8/11/2017 -- 20:59:55 - <Config> - stream."inline": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "bypass": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "max-synack-queued": 5
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "memcap": 134217728
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "depth": 0
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "toserver-chunk-size": 2502
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "toclient-chunk-size": 2651
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly.raw: enabled
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "segment-prealloc": 2048
8/11/2017 -- 20:59:55 - <Config> - Delayed detect disabled
8/11/2017 -- 20:59:55 - <Config> - pattern matchers: MPM: ac, SPM: bm
8/11/2017 -- 20:59:55 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
8/11/2017 -- 20:59:55 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
8/11/2017 -- 20:59:55 - <Config> - prefilter engines: MPM
8/11/2017 -- 20:59:55 - <Config> - IP reputation disabled
8/11/2017 -- 20:59:55 - <Perf> - Registered 148 keyword profiling counters.
8/11/2017 -- 20:59:55 - <Config> - Loading rule file: /tmp/tmpLBYBDH
8/11/2017 -- 20:59:55 - <Info> - 1 rule files processed. 2 rules successfully loaded, 0 rules failed
8/11/2017 -- 20:59:55 - <Info> - Threshold config parsed: 0 rule(s) found
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tcp-packet
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tcp-stream
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for udp-packet
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for other-ip
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_uri
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_request_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_client_body
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_response_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header_names
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header_names
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept_enc
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept_lang
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_referer
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_connection
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_len
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_len
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_type
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_type
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_start
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_start
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_method
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_cookie
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_cookie
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_uri
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_user_agent
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_host
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_host
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_stat_msg
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_stat_code
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dns_query
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_sni
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_issuer
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_subject
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_serial
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dce_stub_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dce_stub_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_software
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_software
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for file_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for file_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_request_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_response_line
8/11/2017 -- 20:59:55 - <Info> - 2 signatures processed. 0 are IP-only rules, 1 are inspecting packet payload, 1 inspect application layer, 0 are decoder event only
8/11/2017 -- 20:59:55 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
8/11/2017 -- 20:59:55 - <Perf> - TCP toserver: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - TCP toclient: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - UDP toserver: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - UDP toclient: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - Unique rule groups: 4
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver TCP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient TCP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver TCP stream": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient TCP stream": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver UDP packet": 1
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient UDP packet": 1
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "other IP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - AppLayer MPM "toserver dns_query": 1
8/11/2017 -- 20:59:55 - <Perf> - Registered 2 rule profiling counters.
8/11/2017 -- 20:59:55 - <Info> - fast output device (regular) initialized: alert
8/11/2017 -- 20:59:55 - <Info> - eve-log output device (regular) initialized: eve.json
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'alert'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'http'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'dns'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'tls'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'files'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'ssh'
8/11/2017 -- 20:59:55 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
8/11/2017 -- 20:59:55 - <Info> - stats output device (regular) initialized: stats.log
8/11/2017 -- 20:59:55 - <Config> - AutoFP mode using "Hash" flow load balancer
8/11/2017 -- 20:59:55 - <Info> - reading pcap file /var/pcap/11082017.2059-test.pcap
8/11/2017 -- 20:59:55 - <Config> - using 1 flow manager threads
8/11/2017 -- 20:59:55 - <Config> - using 1 flow recycler threads
8/11/2017 -- 20:59:55 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
8/11/2017 -- 20:59:55 - <Notice> - Signal Received.  Stopping engine.
8/11/2017 -- 20:59:55 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
8/11/2017 -- 20:59:55 - <Info> - time elapsed 0.056s
8/11/2017 -- 20:59:56 - <Perf> - 0 flows processed
8/11/2017 -- 20:59:56 - <Notice> - Pcap-file module read 0 packets, 0 bytes
8/11/2017 -- 20:59:56 - <Perf> - AutoFP - Total flow handler queues - 1
8/11/2017 -- 20:59:56 - <Info> - Alerts: 0
8/11/2017 -- 20:59:56 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:56 - <Perf> - Done dumping profiling data.
8/11/2017 -- 20:59:56 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:56 - <Perf> - Dumping profiling data for 2 rules.
8/11/2017 -- 20:59:56 - <Perf> - Done dumping profiling data.
8/11/2017 -- 20:59:56 - <Perf> - Done dumping keyword profiling data.
8/11/2017 -- 20:59:56 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
- 8/11/2017 -- 20:59:55 - <Error> - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 an interface has a snapshot length 262144 different from the type of the first interface
warnings:


IDSDeathBlossom.py.log - (12819 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
2017-11-08 20:59:54,049 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2017-11-08 20:59:55,635 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2017-11-08 20:59:55,635 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-test-test
2017-11-08 20:59:55,638 - INFO - generate_config - /opt/IDSDeathBlossom/IDSDeathBlossom.py +162 - Loading glob result: ['/tmp/tmpLBYBDH']
2017-11-08 20:59:55,639 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2017-11-08 20:59:55,639 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2017-11-08 20:59:55,639 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /tmp/dugRwe -l /var/www/html/47b37c3ec412d284b54f0a53d31d73b2a52ea3486ccb528fafdad88d8d40b51a -r /var/pcap/11082017.2059-test.pcap -vvv -k none
2017-11-08 20:59:56,032 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
8/11/2017 -- 20:59:55 - <Error> - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 an interface has a snapshot length 262144 different from the type of the first interface
2017-11-08 20:59:56,035 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2017-11-08 20:59:56,035 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /tmp/dugRwe -l /var/www/html/47b37c3ec412d284b54f0a53d31d73b2a52ea3486ccb528fafdad88d8d40b51a -r /var/pcap/11082017.2059-test.pcap -vvv -k none; returncode:0; elapsed:0.374693; Errors:
- 8/11/2017 -- 20:59:55 - <Error> - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 an interface has a snapshot length 262144 different from the type of the first interface

 Warnings:
None
 stderr:
8/11/2017 -- 20:59:55 - <Error> - [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -1 an interface has a snapshot length 262144 different from the type of the first interface

 stdout:
8/11/2017 -- 20:59:55 - <Notice> - This is Suricata version 4.0.0 RELEASE
8/11/2017 -- 20:59:55 - <Info> - CPUs/cores online: 1
8/11/2017 -- 20:59:55 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31684 and 'request-body-inspect-window' set to 16803 after randomization.
8/11/2017 -- 20:59:55 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31131 and 'response-body-inspect-window' set to 16271 after randomization.
8/11/2017 -- 20:59:55 - <Config> - DNS request flood protection level: 500
8/11/2017 -- 20:59:55 - <Config> - DNS per flow memcap (state-memcap): 524288
8/11/2017 -- 20:59:55 - <Config> - DNS global memcap: 16777216
8/11/2017 -- 20:59:55 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
8/11/2017 -- 20:59:55 - <Config> - preallocated 1000 hosts of size 136
8/11/2017 -- 20:59:55 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:55 - <Config> - using magic-file /usr/share/file/magic
8/11/2017 -- 20:59:55 - <Config> - Core dump size is unlimited.
8/11/2017 -- 20:59:55 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
8/11/2017 -- 20:59:55 - <Config> - preallocated 1000 defrag trackers of size 168
8/11/2017 -- 20:59:55 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
8/11/2017 -- 20:59:55 - <Config> - stream "prealloc-sessions": 2048 (per thread)
8/11/2017 -- 20:59:55 - <Config> - stream "memcap": 33554432
8/11/2017 -- 20:59:55 - <Config> - stream "midstream" session pickups: disabled
8/11/2017 -- 20:59:55 - <Config> - stream "async-oneside": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "checksum-validation": disabled
8/11/2017 -- 20:59:55 - <Config> - stream."inline": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "bypass": disabled
8/11/2017 -- 20:59:55 - <Config> - stream "max-synack-queued": 5
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "memcap": 134217728
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "depth": 0
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "toserver-chunk-size": 2502
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "toclient-chunk-size": 2651
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly.raw: enabled
8/11/2017 -- 20:59:55 - <Config> - stream.reassembly "segment-prealloc": 2048
8/11/2017 -- 20:59:55 - <Config> - Delayed detect disabled
8/11/2017 -- 20:59:55 - <Config> - pattern matchers: MPM: ac, SPM: bm
8/11/2017 -- 20:59:55 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
8/11/2017 -- 20:59:55 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
8/11/2017 -- 20:59:55 - <Config> - prefilter engines: MPM
8/11/2017 -- 20:59:55 - <Config> - IP reputation disabled
8/11/2017 -- 20:59:55 - <Perf> - Registered 148 keyword profiling counters.
8/11/2017 -- 20:59:55 - <Config> - Loading rule file: /tmp/tmpLBYBDH
8/11/2017 -- 20:59:55 - <Info> - 1 rule files processed. 2 rules successfully loaded, 0 rules failed
8/11/2017 -- 20:59:55 - <Info> - Threshold config parsed: 0 rule(s) found
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tcp-packet
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tcp-stream
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for udp-packet
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for other-ip
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_uri
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_request_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_client_body
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_response_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header_names
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_header_names
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept_enc
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_accept_lang
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_referer
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_connection
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_len
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_len
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_type
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_content_type
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_start
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_start
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_header
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_method
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_cookie
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_cookie
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_uri
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_user_agent
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_host
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_raw_host
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_stat_msg
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_stat_code
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dns_query
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_sni
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_issuer
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_subject
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for tls_cert_serial
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dce_stub_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for dce_stub_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_protocol
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_software
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for ssh_software
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for file_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for file_data
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_request_line
8/11/2017 -- 20:59:55 - <Perf> - using shared mpm ctx' for http_response_line
8/11/2017 -- 20:59:55 - <Info> - 2 signatures processed. 0 are IP-only rules, 1 are inspecting packet payload, 1 inspect application layer, 0 are decoder event only
8/11/2017 -- 20:59:55 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
8/11/2017 -- 20:59:55 - <Perf> - TCP toserver: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - TCP toclient: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - UDP toserver: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - UDP toclient: 1 port groups, 1 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - OTHER toserver: 0 proto groups, 0 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - OTHER toclient: 0 proto groups, 0 unique SGH's, 0 copies
8/11/2017 -- 20:59:55 - <Perf> - Unique rule groups: 4
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver TCP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient TCP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver TCP stream": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient TCP stream": 0
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toserver UDP packet": 1
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "toclient UDP packet": 1
8/11/2017 -- 20:59:55 - <Perf> - Builtin MPM "other IP packet": 0
8/11/2017 -- 20:59:55 - <Perf> - AppLayer MPM "toserver dns_query": 1
8/11/2017 -- 20:59:55 - <Perf> - Registered 2 rule profiling counters.
8/11/2017 -- 20:59:55 - <Info> - fast output device (regular) initialized: alert
8/11/2017 -- 20:59:55 - <Info> - eve-log output device (regular) initialized: eve.json
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'alert'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'http'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'dns'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'tls'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'files'
8/11/2017 -- 20:59:55 - <Config> - enabling 'eve-log' module 'ssh'
8/11/2017 -- 20:59:55 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
8/11/2017 -- 20:59:55 - <Info> - stats output device (regular) initialized: stats.log
8/11/2017 -- 20:59:55 - <Config> - AutoFP mode using "Hash" flow load balancer
8/11/2017 -- 20:59:55 - <Info> - reading pcap file /var/pcap/11082017.2059-test.pcap
8/11/2017 -- 20:59:55 - <Config> - using 1 flow manager threads
8/11/2017 -- 20:59:55 - <Config> - using 1 flow recycler threads
8/11/2017 -- 20:59:55 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
8/11/2017 -- 20:59:55 - <Notice> - Signal Received.  Stopping engine.
8/11/2017 -- 20:59:55 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
8/11/2017 -- 20:59:55 - <Info> - time elapsed 0.056s
8/11/2017 -- 20:59:56 - <Perf> - 0 flows processed
8/11/2017 -- 20:59:56 - <Notice> - Pcap-file module read 0 packets, 0 bytes
8/11/2017 -- 20:59:56 - <Perf> - AutoFP - Total flow handler queues - 1
8/11/2017 -- 20:59:56 - <Info> - Alerts: 0
8/11/2017 -- 20:59:56 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:56 - <Perf> - Done dumping profiling data.
8/11/2017 -- 20:59:56 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
8/11/2017 -- 20:59:56 - <Perf> - Dumping profiling data for 2 rules.
8/11/2017 -- 20:59:56 - <Perf> - Done dumping profiling data.
8/11/2017 -- 20:59:56 - <Perf> - Done dumping keyword profiling data.
8/11/2017 -- 20:59:56 - <Info> - cleaning up signature grouping structure... complete

 
2017-11-08 20:59:56,040 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 2.02854609489


suricata-4.0.0-test-test-perf.txt-2017-11-08-T-20-59-56-11082017.2059-test.pcap.txt - (470 bytes) - download
1
2
3
4
5
  --------------------------------------------------------------------------
  Date: 11/8/2017 -- 20:59:56. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------