1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 1 2 287588416 287677016 287632716 575.3m 0.47
IPv4 6 624 153378 292093206 186537658 116.4b 94.38
IPv4 17 47 11942570 259637768 134959320 6.3b 5.14
IPv6 17 1 13065690 13065690 13065690 13.1m 0.01
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 1 2 96778 106278 101528 203.1k 0.06
TMM_FLOWWORKER IPv4 6 624 113694 17433864 447301 279.1m 83.44
TMM_FLOWWORKER IPv4 17 47 274940 8490736 1027436 48.3m 14.44
TMM_RECEIVEPCAPFILE IPv4 1 2 4580 4792 4686 9.4k 0.00
TMM_RECEIVEPCAPFILE IPv4 6 595 4430 18324 4888 2.9m 0.87
TMM_RECEIVEPCAPFILE IPv4 17 47 4460 5576 4816 226.4k 0.07
TMM_DECODEPCAPFILE IPv4 1 2 4912 17798 11355 22.7k 0.01
TMM_DECODEPCAPFILE IPv4 6 595 4560 20358 4925 2.9m 0.88
TMM_DECODEPCAPFILE IPv4 17 47 4602 32260 5439 255.7k 0.08
TMM_FLOWWORKER IPv6 17 1 511158 511158 511158 511.2k 0.15
TMM_RECEIVEPCAPFILE IPv6 17 1 4724 4724 4724 4.7k 0.00
TMM_DECODEPCAPFILE IPv6 17 1 22466 22466 22466 22.5k 0.01
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 1 2 5402 8054 6728 13.5k 0.00
flow IPv4 6 595 4784 41052 6110 3.6m 1.23
flow IPv4 17 47 4936 44530 7482 351.7k 0.12
stream IPv4 6 624 4630 1183504 27284 17.0m 5.76
app-layer IPv4 17 47 4494 63096 26250 1.2m 0.42
detect IPv4 1 2 77428 79390 78409 156.8k 0.05
detect IPv4 6 624 76470 17381648 376364 234.9m 79.49
detect IPv4 17 47 238428 5787858 733025 34.5m 11.66
tcp-prune IPv4 6 624 4450 39746 5156 3.2m 1.09
flow IPv6 17 1 12904 12904 12904 12.9k 0.00
app-layer IPv6 17 1 14710 14710 14710 14.7k 0.00
detect IPv6 17 1 464252 464252 464252 464.3k 0.16
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 15 5768 34678 18970 284.6k 29.10
tls IPv4 6 44 4538 21958 6240 274.6k 28.08
dns IPv4 17 44 5770 27974 9514 418.6k 42.81
Proto detect IPv4 6 3 4630 18834 9634 28.9k
Proto detect IPv4 17 45 5466 34658 9462 425.8k
Proto detect IPv6 17 1 5298 5298 5298 5.3k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 44 31776 7442914 247894 10.9m 71.67
LOGGER_JSON_HTTP IPv4 6 13 61352 528116 124730 1.6m 10.65
LOGGER_JSON_TLS IPv4 6 22 36014 110478 60062 1.3m 8.68
LOGGER_JSON_FILE IPv4 6 10 69414 281288 136867 1.4m 8.99
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 315 4486 207902 34736 10.9m 28.99
payload IPv4 17 47 6712 107482 39880 1.9m 4.97
stream IPv4 6 315 4428 695734 55184 17.4m 46.06
http_uri IPv4 6 13 9772 111042 46629 606.2k 1.61
http_request_line IPv4 6 13 6512 11982 9710 126.2k 0.33
http_client_body IPv4 6 13 4900 6152 5376 69.9k 0.19
http_header (request) IPv4 6 13 40604 132646 76768 998.0k 2.64
http_header (request trailer) IPv4 6 13 4484 5596 4608 59.9k 0.16
http_header_names (request) IPv4 6 13 17204 42430 24596 319.7k 0.85
http_accept (request) IPv4 6 13 5376 19024 8064 104.8k 0.28
http_referer (request) IPv4 6 13 4848 6556 5254 68.3k 0.18
http_content_len (request) IPv4 6 13 4824 7228 5317 69.1k 0.18
http_content_type (request) IPv4 6 13 4966 5872 5350 69.6k 0.18
http_protocol (request) IPv4 6 13 5952 8682 7279 94.6k 0.25
http_start (request) IPv4 6 13 12800 945070 90313 1.2m 3.11
http_raw_header (request) IPv4 6 13 19714 47748 23947 311.3k 0.82
http_method IPv4 6 13 6230 10808 8155 106.0k 0.28
http_cookie (request) IPv4 6 13 4820 15344 6588 85.6k 0.23
http_raw_uri IPv4 6 13 5980 14336 10537 137.0k 0.36
http_user_agent IPv4 6 13 12460 40620 22180 288.3k 0.76
http_host IPv4 6 13 5912 15238 10162 132.1k 0.35
dns_query IPv4 17 22 4798 96828 17801 391.6k 1.04
tls_sni IPv4 6 28 4990 14306 7840 219.5k 0.58
http_response_line IPv4 6 13 5356 18154 10054 130.7k 0.35
http_header (response) IPv4 6 13 17696 85384 53315 693.1k 1.84
http_header (response trailer) IPv4 6 13 4502 9236 4903 63.7k 0.17
http_content_type (response) IPv4 6 13 5624 25454 11408 148.3k 0.39
http_raw_header (response) IPv4 6 13 13410 36494 18611 241.9k 0.64
http_cookie (response) IPv4 6 13 5040 11034 6942 90.3k 0.24
http_stat_code IPv4 6 13 4790 14154 6229 81.0k 0.21
tls_cert_issuer IPv4 6 22 5842 34366 11476 252.5k 0.67
tls_cert_subject IPv4 6 22 5020 24412 8720 191.9k 0.51
tls_cert_serial IPv4 6 22 4970 25800 8185 180.1k 0.48
Total IPv4 1118 33725 37.7m
payload IPv6 17 1 37180 37180 37180 37.2k 0.10
Total IPv6 1 37180 37.2k
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 70 5346 148456 45311 3.2m 1.06
PROF_DETECT_IPONLY IPv4 17 45 5566 231122 46599 2.1m 0.70
PROF_DETECT_RULES IPv4 1 2 4732 4788 4760 9.5k 0.00
PROF_DETECT_RULES IPv4 6 624 4430 12144246 161929 101.0m 33.91
PROF_DETECT_RULES IPv4 17 47 130430 5592654 474011 22.3m 7.48
PROF_DETECT_STATEFUL_START IPv4 6 53 8924 10598428 441918 23.4m 7.86
PROF_DETECT_STATEFUL_CONT IPv4 1 2 4678 4702 4690 9.4k 0.00
PROF_DETECT_STATEFUL_CONT IPv4 6 624 4414 217516 15521 9.7m 3.25
PROF_DETECT_STATEFUL_CONT IPv4 17 47 4696 62516 10238 481.2k 0.16
PROF_DETECT_STATEFUL_UPDATE IPv4 6 463 4458 20534 4784 2.2m 0.74
PROF_DETECT_STATEFUL_UPDATE IPv4 17 44 4528 8130 5125 225.5k 0.08
PROF_DETECT_PREFILTER IPv4 1 2 13670 13964 13817 27.6k 0.01
PROF_DETECT_PREFILTER IPv4 6 624 13546 1827854 97368 60.8m 20.39
PROF_DETECT_PREFILTER IPv4 17 47 47366 521488 106497 5.0m 1.68
PROF_DETECT_PF_PAYLOAD IPv4 6 315 23022 714218 104258 32.8m 11.02
PROF_DETECT_PF_PAYLOAD IPv4 17 47 15672 116648 49656 2.3m 0.78
PROF_DETECT_PF_TX IPv4 6 463 4480 1370566 25342 11.7m 3.94
PROF_DETECT_PF_TX IPv4 17 22 13914 106390 28456 626.0k 0.21
PROF_DETECT_PF_SORT1 IPv4 6 275 4458 40192 5575 1.5m 0.51
PROF_DETECT_PF_SORT1 IPv4 17 47 4864 36464 7108 334.1k 0.11
PROF_DETECT_PF_SORT2 IPv4 1 2 4418 4664 4541 9.1k 0.00
PROF_DETECT_PF_SORT2 IPv4 6 624 4404 34138 5194 3.2m 1.09
PROF_DETECT_PF_SORT2 IPv4 17 47 4488 6952 5374 252.6k 0.08
PROF_DETECT_NONMPMLIST IPv4 1 2 4678 4680 4679 9.4k 0.00
PROF_DETECT_NONMPMLIST IPv4 6 624 4436 28054 5042 3.1m 1.06
PROF_DETECT_NONMPMLIST IPv4 17 47 4504 7192 5228 245.7k 0.08
PROF_DETECT_ALERT IPv4 1 2 4436 4636 4536 9.1k 0.00
PROF_DETECT_ALERT IPv4 6 624 4424 22926 4734 3.0m 0.99
PROF_DETECT_ALERT IPv4 17 47 4440 20074 5226 245.6k 0.08
PROF_DETECT_CLEANUP IPv4 1 2 4472 4548 4510 9.0k 0.00
PROF_DETECT_CLEANUP IPv4 6 624 4456 25964 5113 3.2m 1.07
PROF_DETECT_CLEANUP IPv4 17 47 4466 21476 6207 291.8k 0.10
PROF_DETECT_GETSGH IPv4 1 2 4688 4714 4701 9.4k 0.00
PROF_DETECT_GETSGH IPv4 6 624 4428 37844 5667 3.5m 1.19
PROF_DETECT_GETSGH IPv4 17 47 4448 25812 10301 484.2k 0.16
PROF_DETECT_IPONLY IPv6 17 1 28888 28888 28888 28.9k 0.01
PROF_DETECT_RULES IPv6 17 1 236932 236932 236932 236.9k 0.08
PROF_DETECT_STATEFUL_CONT IPv6 17 1 4502 4502 4502 4.5k 0.00
PROF_DETECT_PREFILTER IPv6 17 1 76700 76700 76700 76.7k 0.03
PROF_DETECT_PF_PAYLOAD IPv6 17 1 46402 46402 46402 46.4k 0.02
PROF_DETECT_PF_SORT1 IPv6 17 1 6156 6156 6156 6.2k 0.00
PROF_DETECT_PF_SORT2 IPv6 17 1 5968 5968 5968 6.0k 0.00
PROF_DETECT_NONMPMLIST IPv6 17 1 5258 5258 5258 5.3k 0.00
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | ------------------------------------------------------------------------------------
Date: 10/14/2019 -- 09:13:24 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 653
decoder.bytes | Total | 221364
decoder.ipv4 | Total | 644
decoder.ipv6 | Total | 1
decoder.ethernet | Total | 653
decoder.tcp | Total | 595
decoder.udp | Total | 48
decoder.icmpv4 | Total | 2
decoder.avg_pkt_size | Total | 338
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 35
flow.udp | Total | 24
tcp.sessions | Total | 35
tcp.syn | Total | 35
tcp.synack | Total | 35
tcp.rst | Total | 30
tcp.overlap | Total | 1
detect.mpm_list | Total | 4
detect.nonmpm_list | Total | 3
detect.fnonmpm_list | Total | 1
detect.match_list | Total | 5
app_layer.flow.http | Total | 10
app_layer.tx.http | Total | 13
app_layer.flow.tls | Total | 22
app_layer.flow.dns_udp | Total | 22
app_layer.tx.dns_udp | Total | 22
app_layer.flow.failed_udp | Total | 2
flow_mgr.new_pruned | Total | 2
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 54
flow_mgr.flows_notimeout | Total | 52
flow_mgr.flows_timeout | Total | 2
flow_mgr.flows_removed | Total | 2
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65483
flow_mgr.rows_maxlen | Total | 2
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7091296
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | {"timestamp":"2019-09-11T16:18:39.422494+0000","flow_id":2088595860976222,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.240.22","src_port":60830,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18062,"rrname":"bit.ly","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:39.423065+0000","flow_id":2088595860976222,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":60830,"proto":"UDP","dns":{"type":"answer","id":18062,"rcode":"NOERROR","rrname":"bit.ly","rrtype":"A","ttl":164,"rdata":"67.199.248.10"}}
{"timestamp":"2019-09-11T16:18:39.423065+0000","flow_id":2088595860976222,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":60830,"proto":"UDP","dns":{"type":"answer","id":18062,"rcode":"NOERROR","rrname":"bit.ly","rrtype":"A","ttl":164,"rdata":"67.199.248.11"}}
{"timestamp":"2019-09-11T16:18:42.706150+0000","flow_id":1949580654713898,"pcap_cnt":18,"event_type":"http","src_ip":"192.168.240.22","src_port":49340,"dest_ip":"67.199.248.10","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"bit.ly","url":"\/2SjS8Kt","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T16:18:40.467002+0000","flow_id":1271134735573050,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.240.22","src_port":56814,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23492,"rrname":"a.o333o.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:40.498805+0000","flow_id":1271134735573050,"pcap_cnt":20,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":56814,"proto":"UDP","dns":{"type":"answer","id":23492,"rcode":"NOERROR","rrname":"a.o333o.com","rrtype":"A","ttl":899,"rdata":"159.89.180.198"}}
{"timestamp":"2019-09-11T16:18:40.635642+0000","flow_id":1781417652562067,"pcap_cnt":36,"event_type":"tls","src_ip":"192.168.240.22","src_port":49342,"dest_ip":"159.89.180.198","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL, CN=a.o333o.com","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}
{"timestamp":"2019-09-11T16:18:40.636340+0000","flow_id":1797422848293443,"pcap_cnt":42,"event_type":"tls","src_ip":"192.168.240.22","src_port":49343,"dest_ip":"159.89.180.198","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL, CN=a.o333o.com","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}
{"timestamp":"2019-09-11T16:18:40.989636+0000","flow_id":299250208479684,"pcap_cnt":49,"event_type":"dns","src_ip":"192.168.240.22","src_port":59480,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29578,"rrname":"ocsp.comodoca.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:40.990595+0000","flow_id":299250208479684,"pcap_cnt":50,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":59480,"proto":"UDP","dns":{"type":"answer","id":29578,"rcode":"NOERROR","rrname":"ocsp.comodoca.com","rrtype":"CNAME","ttl":461,"rdata":"t3j2g9x7.stackpathcdn.com"}}
{"timestamp":"2019-09-11T16:18:40.990595+0000","flow_id":299250208479684,"pcap_cnt":50,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":59480,"proto":"UDP","dns":{"type":"answer","id":29578,"rcode":"NOERROR","rrname":"t3j2g9x7.stackpathcdn.com","rrtype":"A","ttl":461,"rdata":"151.139.128.14"}}
{"timestamp":"2019-09-11T16:18:41.000272+0000","flow_id":2140792598626576,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.240.22","src_port":55180,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4298,"rrname":"ocsp.usertrust.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:41.001642+0000","flow_id":2140792598626576,"pcap_cnt":52,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":55180,"proto":"UDP","dns":{"type":"answer","id":4298,"rcode":"NOERROR","rrname":"ocsp.usertrust.com","rrtype":"CNAME","ttl":696,"rdata":"t3j2g9x7.stackpathcdn.com"}}
{"timestamp":"2019-09-11T16:18:41.001642+0000","flow_id":2140792598626576,"pcap_cnt":52,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":55180,"proto":"UDP","dns":{"type":"answer","id":4298,"rcode":"NOERROR","rrname":"t3j2g9x7.stackpathcdn.com","rrtype":"A","ttl":300,"rdata":"151.139.128.14"}}
{"timestamp":"2019-09-11T16:18:41.021346+0000","flow_id":891906303436522,"pcap_cnt":64,"event_type":"http","src_ip":"192.168.240.22","src_port":49344,"dest_ip":"151.139.128.14","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.usertrust.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-09-11T16:18:42.211807+0000","flow_id":1275547814545972,"pcap_cnt":68,"event_type":"http","src_ip":"192.168.240.22","src_port":49345,"dest_ip":"151.139.128.14","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.comodoca.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-09-11T16:18:42.575474+0000","flow_id":1949580654713898,"pcap_cnt":78,"event_type":"fileinfo","src_ip":"67.199.248.10","src_port":80,"dest_ip":"192.168.240.22","dest_port":49340,"proto":"TCP","http":{"hostname":"bit.ly","url":"\/2SjS8Kt","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":301,"redirect":"https:\/\/a.o333o.com\/api\/direct\/110983","length":124},"app_proto":"http","fileinfo":{"filename":"\/2SjS8Kt","gaps":false,"state":"CLOSED","stored":false,"size":124,"tx_id":0}}
{"timestamp":"2019-09-11T16:18:42.575522+0000","flow_id":1949580654713898,"pcap_cnt":79,"event_type":"http","src_ip":"192.168.240.22","src_port":49340,"dest_ip":"67.199.248.10","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"bit.ly","url":"\/2Kkp9Uw","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2019-09-11T16:18:44.950724+0000","flow_id":611425611710916,"pcap_cnt":80,"event_type":"dns","src_ip":"192.168.240.22","src_port":64153,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":59138,"rrname":"postlnk.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:42.596743+0000","flow_id":611425611710916,"pcap_cnt":81,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64153,"proto":"UDP","dns":{"type":"answer","id":59138,"rcode":"NOERROR","rrname":"postlnk.com","rrtype":"A","ttl":64,"rdata":"188.72.202.42"}}
{"timestamp":"2019-09-11T16:18:42.596743+0000","flow_id":611425611710916,"pcap_cnt":81,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64153,"proto":"UDP","dns":{"type":"answer","id":59138,"rcode":"NOERROR","rrname":"postlnk.com","rrtype":"A","ttl":64,"rdata":"188.72.202.23"}}
{"timestamp":"2019-09-11T16:18:42.596743+0000","flow_id":611425611710916,"pcap_cnt":81,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64153,"proto":"UDP","dns":{"type":"answer","id":59138,"rcode":"NOERROR","rrname":"postlnk.com","rrtype":"A","ttl":64,"rdata":"78.140.191.91"}}
{"timestamp":"2019-09-11T16:18:42.806789+0000","flow_id":1448579162224792,"pcap_cnt":94,"event_type":"tls","src_ip":"192.168.240.22","src_port":49347,"dest_ip":"188.72.202.42","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.postlnk.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-09-11T16:18:45.193089+0000","flow_id":648046650208055,"pcap_cnt":97,"event_type":"tls","src_ip":"192.168.240.22","src_port":49346,"dest_ip":"188.72.202.42","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.postlnk.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-09-11T16:18:43.133786+0000","flow_id":1766600015547034,"pcap_cnt":104,"event_type":"dns","src_ip":"192.168.240.22","src_port":61419,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49876,"rrname":"isrg.trustid.ocsp.identrust.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:43.152213+0000","flow_id":1766600015547034,"pcap_cnt":105,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":61419,"proto":"UDP","dns":{"type":"answer","id":49876,"rcode":"NOERROR","rrname":"isrg.trustid.ocsp.identrust.com","rrtype":"CNAME","ttl":11,"rdata":"isrg.trustid.ocsp.identrust.com.edgesuite.net"}}
{"timestamp":"2019-09-11T16:18:43.152213+0000","flow_id":1766600015547034,"pcap_cnt":105,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":61419,"proto":"UDP","dns":{"type":"answer","id":49876,"rcode":"NOERROR","rrname":"isrg.trustid.ocsp.identrust.com.edgesuite.net","rrtype":"CNAME","ttl":14496,"rdata":"a279.dscq.akamai.net"}}
{"timestamp":"2019-09-11T16:18:43.152213+0000","flow_id":1766600015547034,"pcap_cnt":105,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":61419,"proto":"UDP","dns":{"type":"answer","id":49876,"rcode":"NOERROR","rrname":"a279.dscq.akamai.net","rrtype":"A","ttl":19,"rdata":"23.222.248.144"}}
{"timestamp":"2019-09-11T16:18:43.152213+0000","flow_id":1766600015547034,"pcap_cnt":105,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":61419,"proto":"UDP","dns":{"type":"answer","id":49876,"rcode":"NOERROR","rrname":"a279.dscq.akamai.net","rrtype":"A","ttl":19,"rdata":"23.222.248.195"}}
{"timestamp":"2019-09-11T16:18:43.292628+0000","flow_id":767509018274373,"pcap_cnt":113,"event_type":"http","src_ip":"192.168.240.22","src_port":49348,"dest_ip":"23.222.248.144","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"isrg.trustid.ocsp.identrust.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-09-11T16:18:45.728715+0000","flow_id":1647994493804171,"pcap_cnt":114,"event_type":"dns","src_ip":"192.168.240.22","src_port":51388,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11212,"rrname":"api.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:45.729881+0000","flow_id":1647994493804171,"pcap_cnt":115,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":51388,"proto":"UDP","dns":{"type":"answer","id":11212,"rcode":"NOERROR","rrname":"api.bing.com","rrtype":"CNAME","ttl":3262,"rdata":"api-bing-com.e-0001.e-msedge.net"}}
{"timestamp":"2019-09-11T16:18:45.729881+0000","flow_id":1647994493804171,"pcap_cnt":115,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":51388,"proto":"UDP","dns":{"type":"answer","id":11212,"rcode":"NOERROR","rrname":"api-bing-com.e-0001.e-msedge.net","rrtype":"CNAME","ttl":483,"rdata":"e-0001.e-msedge.net"}}
{"timestamp":"2019-09-11T16:18:45.729881+0000","flow_id":1647994493804171,"pcap_cnt":115,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":51388,"proto":"UDP","dns":{"type":"answer","id":11212,"rcode":"NOERROR","rrname":"e-0001.e-msedge.net","rrtype":"A","ttl":124,"rdata":"13.107.5.80"}}
{"timestamp":"2019-09-11T16:18:43.336266+0000","flow_id":270132477895050,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.240.22","src_port":64938,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22905,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:43.337122+0000","flow_id":78100195124450,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.240.22","src_port":51722,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18638,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:45.738117+0000","flow_id":668756982711109,"pcap_cnt":118,"event_type":"dns","src_ip":"192.168.240.22","src_port":49302,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39209,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:43.340850+0000","flow_id":747387096347506,"pcap_cnt":119,"event_type":"dns","src_ip":"192.168.240.22","src_port":56138,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":58420,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-11T16:18:45.739165+0000","flow_id":270132477895050,"pcap_cnt":120,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64938,"proto":"UDP","dns":{"type":"answer","id":22905,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":2812,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-09-11T16:18:45.739165+0000","flow_id":270132477895050,"pcap_cnt":120,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64938,"proto":"UDP","dns":{"type":"answer","id":22905,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":7,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-09-11T16:18:45.739165+0000","flow_id":270132477895050,"pcap_cnt":120,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64938,"proto":"UDP","dns":{"type":"answer","id":22905,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":35,"rdata":"204.79.197.200"}}
{"timestamp":"2019-09-11T16:18:45.739165+0000","flow_id":270132477895050,"pcap_cnt":120,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":64938,"proto":"UDP","dns":{"type":"answer","id":22905,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":35,"rdata":"13.107.21.200"}}
{"timestamp":"2019-09-11T16:18:43.354193+0000","flow_id":668756982711109,"pcap_cnt":121,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":49302,"proto":"UDP","dns":{"type":"answer","id":39209,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":2183,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-09-11T16:18:43.354193+0000","flow_id":668756982711109,"pcap_cnt":121,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":49302,"proto":"UDP","dns":{"type":"answer","id":39209,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":59,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-09-11T16:18:43.354193+0000","flow_id":668756982711109,"pcap_cnt":121,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":49302,"proto":"UDP","dns":{"type":"answer","id":39209,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":41,"rdata":"204.79.197.200"}}
{"timestamp":"2019-09-11T16:18:43.354193+0000","flow_id":668756982711109,"pcap_cnt":121,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":49302,"proto":"UDP","dns":{"type":"answer","id":39209,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":41,"rdata":"13.107.21.200"}}
{"timestamp":"2019-09-11T16:18:45.757282+0000","flow_id":747387096347506,"pcap_cnt":122,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.22","dest_port":56138,"proto":"UDP","dns":{"type":"answer","id":58420,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":3059,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-09-11T16:18:45.757282+0000","flow_id":747387096347506,"pcap_cnt":122,"event_type":"dns
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | --------------------------------------------------------------------------------------------------------------------------------
Date: 10/14/2019 -- 09:13:24
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 3126844 557 557 34486 5613.00 5613.00 0.00
content 33723794 3558 1205 8089008 9478.00 17890.00 5170.00
pcre 2669520 292 30 56686 9142.00 13754.00 8614.00
byte_test 1465722 246 109 185524 5958.00 7194.00 4974.00
byte_jump 210994 31 8 47178 6806.00 4941.00 7454.00
isdataat 110068 22 0 6940 5003.00 0.00 5003.00
flowbits 208464 42 4 8910 4963.00 7456.00 4701.00
urilen 523316 92 19 25070 5688.00 6540.00 5466.00
byte_extract 899070 182 182 22886 4939.00 4939.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 3126844 557 557 34486 5613.00 5613.00 0.00
flowbits 183418 39 1 5766 4703.00 4778.00 4701.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 19584664 2619 810 5324550 7477.00 12955.00 5025.00
pcre 1335510 200 7 56686 6677.00 13879.00 6416.00
byte_test 1465722 246 109 185524 5958.00 7194.00 4974.00
byte_jump 210994 31 8 47178 6806.00 4941.00 7454.00
isdataat 110068 22 0 6940 5003.00 0.00 5003.00
byte_extract 899070 182 182 22886 4939.00 4939.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 25046 3 3 8910 8348.00 8348.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 771674 120 74 22698 6430.00 6628.00 6112.00
pcre 721778 44 0 51810 16404.00 0.00 16404.00
urilen 523316 92 19 25070 5688.00 6540.00 5466.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 41128 8 0 5372 5141.00 0.00 5141.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 10886458 371 232 8089008 29343.00 43284.00 6075.00
pcre 525646 40 15 41296 13141.00 15260.00 11869.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 453334 74 20 26924 6126.00 6823.00 5867.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_content_type
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 43242 8 8 6226 5405.00 5405.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 37364 7 1 6534 5337.00 5254.00 5351.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_user_agent
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 172898 29 12 17424 5962.00 7077.00 5174.00
pcre 86586 8 8 29978 10823.00 10823.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_stat_code
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 41352 8 0 5976 5169.00 0.00 5169.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: tls_cert_issuer
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 261844 48 48 8624 5455.00 5455.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: tls_cert_subject
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 1429836 266 0 24114 5375.00 0.00 5375.00
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4d373a681dff06a2be342c7bac2eaeb456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10142019.0912-7ca939fe838c1cf42db2569f3e01857cc8de740555dd129038932e67b0bfa4ca_network.pcap -vvv -k none
elapsedtime:23.597763
stderr:
stdout:
14/10/2019 -- 09:13:00 - <Info> - Configuration node 'rule-files' redefined.
14/10/2019 -- 09:13:00 - <Notice> - This is Suricata version 4.0.0 RELEASE
14/10/2019 -- 09:13:00 - <Info> - CPUs/cores online: 1
14/10/2019 -- 09:13:00 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31412 and 'request-body-inspect-window' set to 16347 after randomization.
14/10/2019 -- 09:13:00 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34398 and 'response-body-inspect-window' set to 16473 after randomization.
14/10/2019 -- 09:13:00 - <Config> - DNS request flood protection level: 500
14/10/2019 -- 09:13:00 - <Config> - DNS per flow memcap (state-memcap): 524288
14/10/2019 -- 09:13:00 - <Config> - DNS global memcap: 16777216
14/10/2019 -- 09:13:00 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
14/10/2019 -- 09:13:00 - <Config> - preallocated 1000 hosts of size 136
14/10/2019 -- 09:13:00 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
14/10/2019 -- 09:13:00 - <Config> - using magic-file /usr/share/file/magic
14/10/2019 -- 09:13:00 - <Config> - Core dump size is unlimited.
14/10/2019 -- 09:13:00 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
14/10/2019 -- 09:13:00 - <Config> - preallocated 1000 defrag trackers of size 168
14/10/2019 -- 09:13:00 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
14/10/2019 -- 09:13:00 - <Config> - stream "prealloc-sessions": 2048 (per thread)
14/10/2019 -- 09:13:00 - <Config> - stream "memcap": 33554432
14/10/2019 -- 09:13:00 - <Config> - stream "midstream" session pickups: disabled
14/10/2019 -- 09:13:00 - <Config> - stream "async-oneside": disabled
14/10/2019 -- 09:13:00 - <Config> - stream "checksum-validation": disabled
14/10/2019 -- 09:13:00 - <Config> - stream."inline": disabled
14/10/2019 -- 09:13:00 - <Config> - stream "bypass": disabled
14/10/2019 -- 09:13:00 - <Config> - stream "max-synack-queued": 5
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly "memcap": 134217728
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly "depth": 0
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly "toserver-chunk-size": 2674
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly "toclient-chunk-size": 2576
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly.raw: enabled
14/10/2019 -- 09:13:00 - <Config> - stream.reassembly "segment-prealloc": 2048
14/10/2019 -- 09:13:00 - <Config> - Delayed detect disabled
14/10/2019 -- 09:13:00 - <Config> - pattern matchers: MPM: ac, SPM: bm
14/10/2019 -- 09:13:00 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
14/10/2019 -- 09:13:00 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
14/10/2019 -- 09:13:00 - <Config> - prefilter engines: MPM
14/10/2019 -- 09:13:00 - <Config> - IP reputation disabled
14/10/2019 -- 09:13:00 - <Perf> - Registered 148 keyword profiling counters.
14/10/2019 -- 09:13:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
14/10/2019 -- 09:13:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
14/10/2019 -- 09:13:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
14/10/2019 -- 09:13:05 - <Config> - No rules loaded from ET-icmp.rules.
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
14/10/2019 -- 09:13:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
14/10/2019 -- 09:13:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
14/10/2019 -- 09:13:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
14/10/2019 -- 09:13:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
14/10/2019 -- 09:13:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
14/10/2019 -- 09:13:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
14/10/2019 -- 09:13:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
14/10/2019 -- 09:13:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
14/10/2019 -- 09:13:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
14/10/2019 -- 09:13:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
14/10/2019 -- 09:13:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
14/10/2019 -- 09:13:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
14/10/2019 -- 09:13:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
14/10/2019 -- 09:13:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
14/10/2019 -- 09:13:13 - <Config> - No rules loaded from local.rules.
14/10/2019 -- 09:13:13 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
14/10/2019 -- 09:13:13 - <Info> - Threshold config parsed: 0 rule(s) found
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tcp-packet
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tcp-stream
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for udp-packet
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for other-ip
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_uri
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_request_line
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_client_body
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_response_line
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_header
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_header
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_header_names
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_header_names
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_accept
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_accept_enc
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_accept_lang
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_referer
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_connection
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_content_len
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_content_len
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_content_type
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_content_type
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_protocol
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_protocol
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_start
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_start
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_raw_header
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_raw_header
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_method
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_cookie
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_cookie
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_raw_uri
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_user_agent
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_host
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_raw_host
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_stat_msg
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_stat_code
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for dns_query
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tls_sni
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for tls_cert_serial
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for dce_stub_data
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for dce_stub_data
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for ssh_protocol
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for ssh_protocol
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for ssh_software
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for ssh_software
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for file_data
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for file_data
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_request_line
14/10/2019 -- 09:13:14 - <Perf> - using shared mpm ctx' for http_response_line
14/10/2019 -- 09:13:14 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
14/10/2019 -- 09:13:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
14/10/2019 -- 09:13:14 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
14/10/2019 -- 09:13:14 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
14/10/2019 -- 09:13:14 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
14/10/2019 -- 09:13:14 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
14/10/2019 -- 09:13:14 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
14/10/2019 -- 09:13:14 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
14/10/2019 -- 09:13:19 - <Perf> - Unique rule groups: 104
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toserver TCP packet": 35
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toclient TCP packet": 17
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toserver TCP stream": 33
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toclient TCP stream": 19
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toserver UDP packet": 27
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "toclient UDP packet": 17
14/10/2019 -- 09:13:19 - <Perf> - Builtin MPM "other IP packet": 3
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_uri": 14
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_request_line": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_client_body": 6
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_response_line": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_header": 10
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_header": 6
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_header_names": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_accept": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_referer": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_content_len": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_content_type": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_content_type": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_protocol": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_start": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_method": 5
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_cookie": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_cookie": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver http_host": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver dns_query": 4
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver tls_sni": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toserver file_data": 1
14/10/2019 -- 09:13:19 - <Perf> - AppLayer MPM "toclient file_data": 7
14/10/2019 -- 09:13:21 - <Perf> - Registered 39590 rule profiling counters.
14/10/2019 -- 09:13:21 - <Info> - fast output device (regular) initialized: alert
14/10/2019 -- 09:13:22 - <Info> - eve-log output device (regular) initialized: eve.json
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'alert'
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'http'
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'dns'
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'tls'
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'files'
14/10/2019 -- 09:13:22 - <Config> - enabling 'eve-log' module 'ssh'
14/10/2019 -- 09:13:22 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
14/10/2019 -- 09:13:22 - <Info> - stats output device (regular) initialized: stats.log
14/
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 10/14/2019 -- 09:13:24. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2816909 1 2 8498134 8.29 4 0 8188496 2124533.50 0.00 2124533.50
2 2022543 1 1 5906440 5.76 22 0 5353828 268474.55 0.00 268474.55
3 2021749 1 6 8937272 8.71 26 0 617012 343741.23 0.00 343741.23
4 2822213 1 2 5001760 4.88 36 0 499528 138937.78 0.00 138937.78
5 2024601 1 2 723290 0.71 4 0 474336 180822.50 0.00 180822.50
6 2816927 1 3 648466 0.63 4 0 465234 162116.50 0.00 162116.50
7 2824408 1 2 618404 0.60 4 0 463086 154601.00 0.00 154601.00
8 2819673 1 4 612570 0.60 4 0 461786 153142.50 0.00 153142.50
9 2814979 1 2 5753188 5.61 36 0 430876 159810.78 0.00 159810.78
10 2814978 1 2 5639834 5.50 36 0 409956 156662.06 0.00 156662.06
11 2014701 1 12 1203248 1.17 44 0 245636 27346.55 0.00 27346.55
12 2018005 1 6 2961612 2.89 36 0 209378 82267.00 0.00 82267.00
13 2025330 1 1 837776 0.82 9 0 143402 93086.22 0.00 93086.22
14 2022480 1 2 466244 0.45 4 0 133186 116561.00 0.00 116561.00
15 2016809 1 5 117728 0.11 1 0 117728 117728.00 0.00 117728.00
16 2821615 1 2 661990 0.65 13 0 112092 50922.31 0.00 50922.31
17 2825567 1 3 606268 0.59 9 0 109068 67363.11 0.00 67363.11
18 2827202 1 3 589612 0.57 9 0 106050 65512.44 0.00 65512.44
19 2020964 1 2 104194 0.10 1 0 104194 104194.00 0.00 104194.00
20 2816910 1 2 388294 0.38 4 0 103750 97073.50 0.00 97073.50
21 2025064 1 5 290354 0.28 4 0 103746 72588.50 0.00 72588.50
22 2024720 1 3 564338 0.55 9 0 101528 62704.22 0.00 62704.22
23 2816940 1 2 368910 0.36 4 0 97092 92227.50 0.00 92227.50
24 2021067 1 2 97084 0.09 1 1 97084 97084.00 97084.00 0.00
25 2018457 1 1 1332604 1.30 24 0 95356 55525.17 0.00 55525.17
26 2821839 1 2 305110 0.30 4 0 95328 76277.50 0.00 76277.50
27 2019378 1 12 93114 0.09 1 0 93114 93114.00 0.00 93114.00
28 2829214 1 2 544126 0.53 9 0 92808 60458.44 0.00 60458.44
29 2815254 1 7 621884 0.61 8 0 92212 77735.50 0.00 77735.50
30 2825453 1 2 541380 0.53 9 0 92022 60153.33 0.00 60153.33
31 2021075 1 2 91372 0.09 1 1 91372 91372.00 91372.00 0.00
32 2020661 1 3 528312 0.52 8 0 90382 66039.00 0.00 66039.00
33 2017877 1 3 90204 0.09 1 0 90204 90204.00 0.00 90204.00
34 2809850 1 2 347516 0.34 7 0 88994 49645.14 0.00 49645.14
35 2816933 1 2 87356 0.09 1 0 87356 87356.00 0.00 87356.00
36 2811390 1 2 86856 0.08 1 0 86856 86856.00 0.00 86856.00
37 2816895 1 2 118630 0.12 2 0 84064 59315.00 0.00 59315.00
38 2019094 1 5 83644 0.08 1 0 83644 83644.00 0.00 83644.00
39 2816327 1 4 273176 0.27 4 0 82966 68294.00 0.00 68294.00
40 2816928 1 3 216446 0.21 4 0 81838 54111.50 0.00 54111.50
41 2017556 1 3 80804 0.08 1 0 80804 80804.00 0.00 80804.00
42 2014442 1 6 80640 0.08 1 0 80640 80640.00 0.00 80640.00
43 2018789 1 3 493340 0.48 36 0 79004 13703.89 0.00 13703.89
44 2023818 1 2 78232 0.08 1 1 78232 78232.00 78232.00 0.00
45 2813027 1 3 77986 0.08 1 0 77986 77986.00 0.00 77986.00
46 2021952 1 2 77542 0.08 1 0 77542 77542.00 0.00 77542.00
47 2828060 1 4 216742 0.21 4 0 75126 54185.50 0.00 54185.50
48 2022112 1 2 73886 0.07 1 0 73886 73886.00 0.00 73886.00
49 2816356 1 2 544088 0.53 9 0 73874 60454.22 0.00 60454.22
50 2020295 1 6 400882 0.39 8 0 73684 50110.25 0.00 50110.25
51 2816707 1 2 73330 0.07 1 0 73330 73330.00 0.00 73330.00
52 2024771 1 1 593698 0.58 11 0 73228 53972.55 0.00 53972.55
53 2816847 1 6 72514 0.07 1 0 72514 72514.00 0.00 72514.00
54 2821471 1 2 72296 0.07 1 0 72296 72296.00 0.00 72296.00
55 2017454 1 12 72206 0.07 1 0 72206 72206.00 0.00 72206.00
56 2024142 1 2 71462 0.07 1 0 71462 71462.00 0.00 71462.00
57 2024135 1 2 70942 0.07 1 0 70942 70942.00 0.00 70942.00
58 2811905 1 3 70364 0.07 1 0 70364 70364.00 0.00 70364.00
59 2022090 1 3 69982 0.07 1 0 69982 69982.00 0.00 69982.00
60 2016706 1 20 69676 0.07 1 0 69676 69676.00 0.00 69676.00
61 2022502 1 4 600472 0.59 13 0 68620 46190.15 0.00 46190.15
62 2017036 1 3 68202 0.07 1 0 68202 68202.00 0.00 68202.00
63 2810487 1 1 220114 0.21 7 0 67212 31444.86 0.00 31444.86
64 2015877 1 6 66918 0.07 1 0 66918 66918.00 0.00 66918.00
65 2020496 1 2 452536 0.44 9 0 66532 50281.78 0.00 50281.78
66 2012707 1 5 338166 0.33 8 0 66100 42270.75 0.00 42270.75
67 2017076 1 9 65940 0.06 1 0 65940 65940.00 0.00 65940.00
68 2816925 1 3 208302 0.20 4 0 65770 52075.50 0.00 52075.50
69 2815817 1 5 224210 0.22 4 0 64938 56052.50 0.00 56052.50
70 2823077 1 4 64828 0.06 1 0 64828 64828.00 0.00 64828.00
71 2816922 1 5 225634 0.22 4 0 64814 56408.50 0.00 56408.50
72 2024321 1 2 64536 0.06 1 0 64536 64536.00 0.00 64536.00
73 2809363 1 3 64344 0.06 1 0 64344 64344.00 0.00 64344.00
74 2816525 1 10 232078 0.23 4 0 64286 58019.50 0.00 58019.50
75 2019343 1 3 205190 0.20 4 0 63892 51297.50 0.00 51297.50
76 2816608 1 4 63690 0.06 1 0 63690 63690.00 0.00 63690.00
77 2820851 1 5 244996 0.24 4 0 62752 61249.00 0.00 61249.00
78 2812433 1 2 61736 0.06 1 0 61736 61736.00 0.00 61736.00
79 2828986 1 2 201310 0.20 4 0 61566 50327.50 0.00 50327.50
80 2017456 1 3 61432 0.06 1 0 61432 61432.00 0.00 61432.00
81 2022467 1 2 167906 0.16 4 0 61364 41976.50 0.00 41976.50
82 2830036 1 1 382070 0.37 10 0 60968 38207.00 0.00 38207.00
83 2014703 1 9 724248 0.71 44 0 60900 16460.18 0.00 16460.18
84 2025191 1 1 706580 0.69 33 0 60830 21411.52 0.00 21411.52
85 2816931 1 3 196310 0.19 4 0 60656 49077.50 0.00 49077.50
86 2815664 1 3 59980 0.06 1 0 59980 59980.00 0.00 59980.00
87 2811542 1 1 439146 0.43 16 0 59584 27446.62 0.00 27446.62
88 2816924 1 4 202590 0.20 4 0 59022 50647.50 0.00 50647.50
89 2827575 1 2 227502 0.22 4 0 59004 56875.50 0.00 56875.50
90 2021413 1 2 58978 0.06 1 0 58978 58978.00 0.00 58978.00
91 2021718 1 4 57828 0.06 1 0 57828 57828.00 0.00 57828.00
92 2021399 1 3 57736 0.06 1 0 57736 57736.00 0.00 57736.00
93 2815568 1 2 57572 0.06 1 0 57572 57572.00 0.00 57572.00
94 2816846 1 3 57184 0.06 1 0 57184 57184.00 0.00 57184.00
95 2022901 1 2 57130 0.06 1 0 57130 57130.00 0.00 57130.00
96 2025193 1 1 726154 0.71 33 0 56812 22004.67 0.00 22004.67
97 2024141 1 2 56402 0.05 1 0 56402 56402.00 0.00 56402.00
98 2024133 1 2 56388 0.05 1 0 56388 56388.00 0.00 56388.00
99 2024134 1 2 56286 0.05 1 0 56286 56286.00 0.00 56286.00
100 2017119 1 4 56146 0.05 1 0 56146 56146.00 0.00 56146.00
101 2024227 1 3 731200 0.71 33 0 55958 22157.58 0.00 22157.58
102 2807970 1 8 55752 0.05 1 0 55752 55752.00 0.00 55752.00
103 2021953 1 2 55712 0.05 1 0 55712 55712.00 0.00 55712.00
104 2024140 1 2 55428 0.05 1 0 55428 55428.00 0.00 55428.00
105 2020963 1 2 55396 0.05 1 0 55396 55396.00 0.00 55396.00
106 2024138 1 2 55350 0.05 1 0 55350 55350.00 0.00 55350.00
107 2807793 1 4 55314 0.05 1 0 55314 55314.00 0.00 55314.00
108 2024137 1 2 55048 0.05 1 0 55048 55048.00 0.00 55048.00
109 2024136 1 2 54990 0.05 1 0 54990 54990.00 0.00 54990.00
110 2811826 1 7 54872 0.05 1 0 54872 54872.00 0.00 54872.00
111 2021418 1 9 54736 0.05 1 0 54736 54736.00 0.00 54736.00
112 2019115 1 5 54050 0.05 1 0 54050 54050.00 0.00 54050.00
113 2820461 1 2 53818 0.05 1 0 53818 53818.00 0.00 53818.00
114 2806659 1 4 347310 0.34 9 0 53678 38590.00 0.00 38590.00
115 2024139 1 2 53658 0.05 1 0 53658 53658.00 0.00 53658.00
116 2025194 1 1 656388 0.64 33 0 53356 19890.55 0.00 19890.55
117 2012612 1 16 380926 0.37 10 0 52742 38092.60 0.00 38092.60
118 2827279 1 5 495370 0.48 13 0 52374 38105.38 0.00 38105.38
119 2828008 1 2 485098 0.47 13 0 52274 37315.23 0.00 37315.23
120 2025192 1 1 687836 0.67 33 0 51802 20843.52 0.00 20843.52
121 2007880 1 7 332248 0.32 9 0 51254 36916.44 0.00 36916.44
122 2828823 1 2 89860 0.09 2 0 50712 44930.00 0.00 44930.00
123 2815156 1 2 50286 0.05 1 0 50286 50286.00 0.00 50286.00
124 2017552 1 6 1007744 0.98 33 0 49884 30537.70 0.00 30537.70
125 2828190 1 2
|
1 2 3 4 5 6 7 8 | 2019-10-14 09:13:00,022 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-14 09:13:00,729 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-14 09:13:00,729 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-14 09:13:00,730 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-14 09:13:00,730 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-14 09:13:00,730 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4d373a681dff06a2be342c7bac2eaeb456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10142019.0912-7ca939fe838c1cf42db2569f3e01857cc8de740555dd129038932e67b0bfa4ca_network.pcap -vvv -k none
2019-10-14 09:13:24,330 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-14 09:13:24,331 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.3236570358
|