Filename: network 2.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 20.6257650852 seconds
Hash: 5588942122de95797daeebf292acd631
Uploaded: 1562318823

Logfiles


suricata-report-2019-07-05-T-09-27-23-07052019.0927-network_2.pcap.txt - (16982 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5588942122de95797daeebf292acd63156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0927-network_2.pcap -vvv -k none
elapsedtime:19.607810
stderr:
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - /var/pcap/07052019.0927-network_2.pcap: No such file or directory

5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
stdout:
5/7/2019 -- 09:27:04 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 09:27:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 09:27:04 - <Info> - CPUs/cores online: 1
5/7/2019 -- 09:27:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33164 and 'request-body-inspect-window' set to 16453 after randomization.
5/7/2019 -- 09:27:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33121 and 'response-body-inspect-window' set to 16389 after randomization.
5/7/2019 -- 09:27:04 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 09:27:04 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 09:27:04 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 09:27:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 09:27:04 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 09:27:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 09:27:04 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 09:27:04 - <Config> - Core dump size is unlimited.
5/7/2019 -- 09:27:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 09:27:04 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 09:27:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 09:27:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 09:27:04 - <Config> - stream "memcap": 33554432
5/7/2019 -- 09:27:04 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 09:27:04 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 09:27:04 - <Config> - stream."inline": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "bypass": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "toserver-chunk-size": 2465
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "toclient-chunk-size": 2573
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 09:27:04 - <Config> - Delayed detect disabled
5/7/2019 -- 09:27:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 09:27:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 09:27:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 09:27:04 - <Config> - prefilter engines: MPM
5/7/2019 -- 09:27:04 - <Config> - IP reputation disabled
5/7/2019 -- 09:27:04 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 09:27:09 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 09:27:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 09:27:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 09:27:16 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 09:27:16 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 09:27:16 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:27:17 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 09:27:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 09:27:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 09:27:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 09:27:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 09:27:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 09:27:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 09:27:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 09:27:21 - <Perf> - Unique rule groups: 104
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 09:27:23 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 09:27:23 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 09:27:23 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 09:27:23 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 09:27:23 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 09:27:23 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 09:27:23 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 09:

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (19377 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
2019-07-05 09:27:03,561 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 09:27:04,306 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 09:27:04,306 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 09:27:04,306 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 09:27:04,307 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 09:27:04,307 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5588942122de95797daeebf292acd63156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0927-network_2.pcap -vvv -k none
2019-07-05 09:27:23,915 - WARNING - cmd_wrapper - /opt/IDSDeathBlossom/IDSDeathBlossom.py +106 - there was an error executing ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5588942122de95797daeebf292acd63156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0927-network_2.pcap -vvv -k none
2019-07-05 09:27:23,925 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - /var/pcap/07052019.0927-network_2.pcap: No such file or directory
2019-07-05 09:27:23,925 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
2019-07-05 09:27:23,925 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
2019-07-05 09:27:23,926 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +442 - suricata ran with errors
2019-07-05 09:27:23,926 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +449 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/5588942122de95797daeebf292acd63156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0927-network_2.pcap -vvv -k none; returncode:1; elapsed:19.607810; Errors:
- 5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - /var/pcap/07052019.0927-network_2.pcap: No such file or directory
- 5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
- 5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

 Warnings:
None
 stderr:
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - /var/pcap/07052019.0927-network_2.pcap: No such file or directory

5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
5/7/2019 -- 09:27:23 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

 stdout:
5/7/2019 -- 09:27:04 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 09:27:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 09:27:04 - <Info> - CPUs/cores online: 1
5/7/2019 -- 09:27:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33164 and 'request-body-inspect-window' set to 16453 after randomization.
5/7/2019 -- 09:27:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33121 and 'response-body-inspect-window' set to 16389 after randomization.
5/7/2019 -- 09:27:04 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 09:27:04 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 09:27:04 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 09:27:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 09:27:04 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 09:27:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 09:27:04 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 09:27:04 - <Config> - Core dump size is unlimited.
5/7/2019 -- 09:27:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 09:27:04 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 09:27:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 09:27:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 09:27:04 - <Config> - stream "memcap": 33554432
5/7/2019 -- 09:27:04 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 09:27:04 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 09:27:04 - <Config> - stream."inline": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "bypass": disabled
5/7/2019 -- 09:27:04 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "toserver-chunk-size": 2465
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "toclient-chunk-size": 2573
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 09:27:04 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 09:27:04 - <Config> - Delayed detect disabled
5/7/2019 -- 09:27:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 09:27:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 09:27:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 09:27:04 - <Config> - prefilter engines: MPM
5/7/2019 -- 09:27:04 - <Config> - IP reputation disabled
5/7/2019 -- 09:27:04 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 09:27:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 09:27:09 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 09:27:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 09:27:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 09:27:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 09:27:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 09:27:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 09:27:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 09:27:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 09:27:16 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 09:27:16 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 09:27:16 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:27:17 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:27:17 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 09:27:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 09:27:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 09:27:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 09:27:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 09:27:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 09:27:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 09:27:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 09:27:21 - <Perf> - Unique rule groups: 104
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 09:27:21 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 09:27:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2

This file has been truncated. Go here to download in full.