Filename: 84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 20.9128391743 seconds
Hash: 562741daf6b1da300e106f0bfe5cc515
Uploaded: 1551710401

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-03-04-T-14-40-22-03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap.txt - (20309 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/4/2019 -- 14:40:22. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        1063867      8.78   14       0        435586      75990.50    0.00        75990.50   
  2        2803760      1        3        538050       4.44   10       0        399362      53805.00    0.00        53805.00   
  3        2023620      1        3        562392       4.64   65       0        388836      8652.18     0.00        8652.18    
  4        2023622      1        3        671863       5.54   110      0        387345      6107.85     0.00        6107.85    
  5        2023623      1        3        548100       4.52   64       0        382910      8564.06     0.00        8564.06    
  6        2018983      1        7        92330        0.76   1        0        92330       92330.00    0.00        92330.00   
  7        2022054      1        3        91789        0.76   1        0        91789       91789.00    0.00        91789.00   
  8        2816927      1        3        89604        0.74   1        0        89604       89604.00    0.00        89604.00   
  9        2022049      1        3        85994        0.71   1        1        85994       85994.00    85994.00    0.00       
  10       2815817      1        5        84014        0.69   1        0        84014       84014.00    0.00        84014.00   
  11       2022503      1        2        77226        0.64   1        0        77226       77226.00    0.00        77226.00   
  12       2820851      1        5        72162        0.60   1        0        72162       72162.00    0.00        72162.00   
  13       2816909      1        2        69148        0.57   1        0        69148       69148.00    0.00        69148.00   
  14       2816525      1        10       64393        0.53   1        0        64393       64393.00    0.00        64393.00   
  15       2816940      1        2        63229        0.52   1        0        63229       63229.00    0.00        63229.00   
  16       2816910      1        2        61939        0.51   1        0        61939       61939.00    0.00        61939.00   
  17       2023315      1        2        61042        0.50   1        0        61042       61042.00    0.00        61042.00   
  18       2018358      1        7        59939        0.49   1        0        59939       59939.00    0.00        59939.00   
  19       2011894      1        19       57008        0.47   1        0        57008       57008.00    0.00        57008.00   
  20       2018452      1        15       56859        0.47   1        0        56859       56859.00    0.00        56859.00   
  21       2025064      1        5        54286        0.45   1        0        54286       54286.00    0.00        54286.00   
  22       2022339      1        2        53768        0.44   1        0        53768       53768.00    0.00        53768.00   
  23       2023670      1        3        52750        0.44   1        1        52750       52750.00    52750.00    0.00       
  24       2822979      1        3        51127        0.42   1        0        51127       51127.00    0.00        51127.00   
  25       2809850      1        2        109763       0.91   5        0        48498       21952.60    0.00        21952.60   
  26       2816928      1        3        47267        0.39   1        0        47267       47267.00    0.00        47267.00   
  27       2022220      1        2        46851        0.39   1        0        46851       46851.00    0.00        46851.00   
  28       2816929      1        4        44776        0.37   1        0        44776       44776.00    0.00        44776.00   
  29       2018958      1        18       44666        0.37   1        0        44666       44666.00    0.00        44666.00   
  30       2022914      1        1        157414       1.30   14       0        44608       11243.86    0.00        11243.86   
  31       2018981      1        4        44508        0.37   1        0        44508       44508.00    0.00        44508.00   
  32       2816327      1        4        44336        0.37   1        0        44336       44336.00    0.00        44336.00   
  33       2819673      1        4        44013        0.36   1        0        44013       44013.00    0.00        44013.00   
  34       2828122      1        2        43457        0.36   1        0        43457       43457.00    0.00        43457.00   
  35       2812916      1        6        42334        0.35   1        0        42334       42334.00    0.00        42334.00   
  36       2022609      1        2        42025        0.35   1        0        42025       42025.00    0.00        42025.00   
  37       2022502      1        4        40991        0.34   1        0        40991       40991.00    0.00        40991.00   
  38       2017613      1        9        40271        0.33   1        0        40271       40271.00    0.00        40271.00   
  39       2023875      1        2        38284        0.32   1        0        38284       38284.00    0.00        38284.00   
  40       2019344      1        5        38061        0.31   1        0        38061       38061.00    0.00        38061.00   
  41       2828060      1        4        37444        0.31   1        0        37444       37444.00    0.00        37444.00   
  42       2819934      1        2        35907        0.30   1        0        35907       35907.00    0.00        35907.00   
  43       2816922      1        5        34227        0.28   1        0        34227       34227.00    0.00        34227.00   
  44       2830124      1        1        34160        0.28   1        0        34160       34160.00    0.00        34160.00   
  45       2816925      1        3        33438        0.28   1        0        33438       33438.00    0.00        33438.00   
  46       2009702      1        5        241458       1.99   20       0        33215       12072.90    0.00        12072.90   
  47       2816328      1        5        31699        0.26   1        0        31699       31699.00    0.00        31699.00   
  48       2022207      1        4        30452        0.25   1        0        30452       30452.00    0.00        30452.00   
  49       2008120      1        4        320558       2.64   110      0        30323       2914.16     0.00        2914.16    
  50       2016858      1        10       29907        0.25   1        0        29907       29907.00    0.00        29907.00   
  51       2829644      1        1        29807        0.25   1        0        29807       29807.00    0.00        29807.00   
  52       2827575      1        2        29655        0.24   1        0        29655       29655.00    0.00        29655.00   
  53       2816660      1        3        29616        0.24   1        0        29616       29616.00    0.00        29616.00   
  54       2821615      1        2        29455        0.24   1        0        29455       29455.00    0.00        29455.00   
  55       2828986      1        2        29414        0.24   1        0        29414       29414.00    0.00        29414.00   
  56       2019693      1        5        29328        0.24   1        0        29328       29328.00    0.00        29328.00   
  57       2019881      1        3        29168        0.24   1        0        29168       29168.00    0.00        29168.00   
  58       2018496      1        9        28980        0.24   1        0        28980       28980.00    0.00        28980.00   
  59       2815324      1        2        28953        0.24   1        0        28953       28953.00    0.00        28953.00   
  60       2025162      1        2        28813        0.24   1        0        28813       28813.00    0.00        28813.00   
  61       2816924      1        4        28709        0.24   1        0        28709       28709.00    0.00        28709.00   
  62       2022262      1        3        28566        0.24   1        0        28566       28566.00    0.00        28566.00   
  63       2816356      1        2        28527        0.24   1        0        28527       28527.00    0.00        28527.00   
  64       2024767      1        2        28516        0.24   1        0        28516       28516.00    0.00        28516.00   
  65       2008118      1        3        175140       1.44   50       0        28497       3502.80     0.00        3502.80    
  66       2024771      1        1        28315        0.23   1        0        28315       28315.00    0.00        28315.00   
  67       2816526      1        13       27866        0.23   1        0        27866       27866.00    0.00        27866.00   
  68       2820031      1        2        27735        0.23   1        0        27735       27735.00    0.00        27735.00   
  69       2829848      1        2        27694        0.23   1        0        27694       27694.00    0.00        27694.00   
  70       2809859      1        6        27540        0.23   1        0        27540       27540.00    0.00        27540.00   
  71       2019011      1        3        63092        0.52   14       0        27533       4506.57     0.00        4506.57    
  72       2018242      1        5        27347        0.23   1        0        27347       27347.00    0.00        27347.00   
  73       2014703      1        9        193518       1.60   20       0        27100       9675.90     0.00        9675.90    
  74       2816931      1        3        26733        0.22   1        0        26733       26733.00    0.00        26733.00   
  75       2816930      1        4        26404        0.22   1        0        26404       26404.00    0.00        26404.00   
  76       2017552      1        6        39356        0.32   2        0        25952       19678.00    0.00        19678.00   
  77       2824408      1        2        23118        0.19   1        0        23118       23118.00    0.00        23118.00   
  78       2829607      1        1        22957        0.19   1        0        22957       22957.00    0.00        22957.00   
  79       2024178      1        2        22898        0.19   1        0        22898       22898.00    0.00        22898.00   
  80       2017363      1        2        22856        0.19   1        1        22856       22856.00    22856.00    0.00       
  81       2018010      1        5        22563        0.19   1        0        22563       22563.00    0.00        22563.00   
  82       2826256      1        2        22541        0.19   1        0        22541       22541.00    0.00        22541.00   
  83       2827279      1        5        22511        0.19   1        0        22511       22511.00    0.00        22511.00   
  84       2830035      1        2        22394        0.18   1        0        22394       22394.00    0.00        22394.00   
  85       2003657      1        18       22372        0.18   1        0        22372       22372.00    0.00        22372.00   
  86       2815201      1        2        22303        0.18   1        0        22303       22303.00    0.00        22303.00   
  87       2020380      1        3        22029        0.18   1        0        22029       22029.00    0.00        22029.00   
  88       2012612      1        16       22018        0.18   1        0        22018       22018.00    0.00        22018.00   
  89       2020705      1        4        21966        0.18   1        0        21966       21966.00    0.00        21966.00   
  90       2825063      1        2        21918        0.18   1        0        21918       21918.00    0.00        21918.00   
  91       2809267      1        8        21863        0.18   1        0        21863       21863.00    0.00        21863.00   
  92       2012707      1        5        21852        0.18   1        0        21852       21852.00    0.00        21852.00   
  93       2816165      1        5        21791        0.18   1        0        21791       21791.00    0.00        21791.00   
  94       2014701      1        12       224631       1.85   20       0        21694       11231.55    0.00        11231.55   
  95       2828008      1        2        21589        0.18   1        0        21589       21589.00    0.00        21589.00   
  96       2003492      1        30       21560        0.18   1        0        21560       21560.00    0.00        21560.00   
  97       2804626      1        9        21287        0.18   1        0        21287       21287.00    0.00        21287.00   
  98       2805260      1        4        21229        0.18   1        0        21229       21229.00    0.00        21229.00   
  99       2809682      1        5        20928        0.17   1        0        20928       20928.00    0.00        20928.00   
  100      2016223      1        10       20926        0.17   1        0        20926       20926.00    0.00        20926.00   
  101      2809547      1        5        20890        0.17   1        0        20890       20890.00    0.00        20890.00   
  102      2013075      1        8        43853        0.36   10       0        19992       4385.30     0.00        4385.30    
  103      2010140      1        7        582242       4.80   110      0        19515       5293.11     0.00        5293.11    
  104      2802876      1        3        18749        0.15   1        0        18749       18749.00    0.00        18749.00   
  105      2023618      1        3        63325        0.52   18       0        18019       3518.06     0.00        3518.06    
  106      2023616      1        3        36134        0.30   8        0        17147       4516.75     0.00        4516.75    
  107      2022543      1        1        16907        0.14   1        0        16907       16907.00    0.00        16907.00   
  108      2826281      1        2        142287       1.17   10       0        16584       14228.70    0.00        14228.70   
  109      2014702      1        9        164965       1.36   20       0        15787       8248.25     0.00        8248.25    
  110      2024513      1        5        15674        0.13   1        0        15674       15674.00    0.00        15674.00   
  111      2016537      1        2        15024        0.12   1        0        15024       15024.00    0.00        15024.00   
  112      2823937      1        13       14984        0.12   1        0        14984       14984.00    0.00        14984.00   
  113      2010143      1        3        359366       2.96   110      0        12135       3266.96     0.00        3266.96    
  114      2805211      1        1        119803       0.99   14       0        10215       8557.36     0.00        8557.36    
  115      2802081      1        1        51171        0.42   18       0        4850        2842.83     0.00        2842.83    
  116      2008117      1        3        67386        0.56   24       0        4076        2807.75     0.00        2807.75    
  117      2008116      1        4        39036        0.32   14       0        4062        2788.29     0.00        2788.29    
  118      2804586      1        2        4023         0.03   1        0        4023        4023.00     0.00        4023.00    
  119      2823788      1        4        29905        0.25   10       0        3855        2990.50     0.00        2990.50    
  120      2023612      1        4        44632        0.37   16       0        3829        2789.50     0.00        2789.50    
  121      2009243      1        2        136508       1.13   50       0        3757        2730.16     0.00        2730.16    
  122      2013739      1        15       238432       1.97   90       0        3717        2649.24     0.00        2649.24    
  123      2802822      1        1        66624        0.55   24       0        3712        2776.00     0.00        2776.00    
  124      2802205      1        3        38325        0.32   14       0        3698        2737.50     0.00        2737.50    
  125      2810793      1        5        36

This file has been truncated. Go here to download in full.


packet_stats.log - (13727 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10          1397879       12115196       4402465         44.0m    1.43
 IPv4       6            10         43241905       50321577      45528480        455.3m   14.74
 IPv4      17           110           908142       53024062      23534254          2.6b   83.83
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            89274         130144        101862          1.0m    1.62
TMM_FLOWWORKER              IPv4       6            10            69898        4646171        720696          7.2m   11.46
TMM_FLOWWORKER              IPv4      17           110           117645        8003814        401756         44.2m   70.30
TMM_RECEIVEPCAPFILE         IPv4       2            10             2557           3559          2847         28.5k    0.05
TMM_RECEIVEPCAPFILE         IPv4       6            10             2566           2982          2742         27.4k    0.04
TMM_RECEIVEPCAPFILE         IPv4      17           110             2558          10102          2888        317.8k    0.51
TMM_DECODEPCAPFILE          IPv4       2            10             2652        9665402        969099          9.7m   15.42
TMM_DECODEPCAPFILE          IPv4       6            10             2672          15841          4170         41.7k    0.07
TMM_DECODEPCAPFILE          IPv4      17           110             2665          30469          3094        340.3k    0.54

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            10             3043          32878          6301         63.0k  0.13  
flow                    IPv4      17           110             2661          39783          4203        462.4k  0.96  
stream                  IPv4       6            10             4141         332304         57188        571.9k  1.18  
app-layer               IPv4      17           110             2524        7810775         76957          8.5m  17.49 
detect                  IPv4       2            10            83892         121987         95654        956.5k  1.98  
detect                  IPv4       6            10            46430        4395521        591596          5.9m  12.23 
detect                  IPv4      17           110           102011        3187897        290141         31.9m  65.96 
tcp-prune               IPv4       6            10             2561          10118          3676         36.8k  0.08  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            11132          11132         11132         11.1k  8.21  
dns                     IPv4      17            22             3516          18391          5655        124.4k  91.79 
Proto detect            IPv4      17            28             2951          27595          5916        165.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            70712          70712         70712         70.7k  3.39  
LOGGER_UNIFIED2             IPv4       6             1           101895         101895        101895        101.9k  4.89  
LOGGER_JSON_ALERT           IPv4       6             1            97195          97195         97195         97.2k  4.67  
LOGGER_JSON_DNS             IPv4      17            20            27007         763929         81969          1.6m  78.71 
LOGGER_JSON_HTTP            IPv4       6             1           101815         101815        101815        101.8k  4.89  
LOGGER_JSON_FILE            IPv4       6             1            71823          71823         71823         71.8k  3.45  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             5             2658          63408         26445       132.2k  6.22  
payload                           IPv4      17           110             3142          52172          9904         1.1m  51.28 
stream                            IPv4       6             5             2564         155734         56252       281.3k  13.24 
http_uri                          IPv4       6             1            35815          35815         35815        35.8k  1.69  
http_request_line                 IPv4       6             1             7489           7489          7489         7.5k  0.35  
http_client_body                  IPv4       6             1             8724           8724          8724         8.7k  0.41  
http_header (request)             IPv4       6             1           183120         183120        183120       183.1k  8.62  
http_header (request trailer)     IPv4       6             1             2704           2704          2704         2.7k  0.13  
http_header_names (request)       IPv4       6             1            37792          37792         37792        37.8k  1.78  
http_accept (request)             IPv4       6             1             4047           4047          4047         4.0k  0.19  
http_referer (request)            IPv4       6             1             3577           3577          3577         3.6k  0.17  
http_content_len (request)        IPv4       6             1             3395           3395          3395         3.4k  0.16  
http_content_type (request)       IPv4       6             1             3476           3476          3476         3.5k  0.16  
http_protocol (request)           IPv4       6             1             5260           5260          5260         5.3k  0.25  
http_start (request)              IPv4       6             1            16938          16938         16938        16.9k  0.80  
http_raw_header (request)         IPv4       6             1            19207          19207         19207        19.2k  0.90  
http_method                       IPv4       6             1             7181           7181          7181         7.2k  0.34  
http_cookie (request)             IPv4       6             1             3734           3734          3734         3.7k  0.18  
http_raw_uri                      IPv4       6             1             5970           5970          5970         6.0k  0.28  
http_user_agent                   IPv4       6             1           110891         110891        110891       110.9k  5.22  
http_host                         IPv4       6             1            17654          17654         17654        17.7k  0.83  
dns_query                         IPv4      17            10             3339          12245          7219        72.2k  3.40  
http_response_line                IPv4       6             1            10055          10055         10055        10.1k  0.47  
http_header (response)            IPv4       6             1            33796          33796         33796        33.8k  1.59  
http_header (response trailer)    IPv4       6             1             2864           2864          2864         2.9k  0.13  
http_content_type (response)      IPv4       6             1             9248           9248          9248         9.2k  0.44  
http_raw_header (response)        IPv4       6             1             9280           9280          9280         9.3k  0.44  
http_cookie (response)            IPv4       6             1             3073           3073          3073         3.1k  0.14  
http_stat_code                    IPv4       6             1             4037           4037          4037         4.0k  0.19  
Total                             IPv4                   155                                         13706         2.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10            36668          66958         44810        448.1k  1.12  
PROF_DETECT_IPONLY          IPv4       6             2            36882          37966         37424         74.8k  0.19  
PROF_DETECT_IPONLY          IPv4      17            28            36779         430483         73977          2.1m  5.17  
PROF_DETECT_RULES           IPv4       2            10             2540           2907          2593         25.9k  0.06  
PROF_DETECT_RULES           IPv4       6            10             2774        3614284        409963          4.1m  10.23 
PROF_DETECT_RULES           IPv4      17           110            44246        2972711        160941         17.7m  44.18 
PROF_DETECT_STATEFUL_START    IPv4       6             3             5348        2075380        725373          2.2m  5.43  
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2512           2921          2626         26.3k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv4       6            10             2587           7379          4980         49.8k  0.12  
PROF_DETECT_STATEFUL_CONT    IPv4      17           110             2511         384382          7464        821.1k  2.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             6             2590           3285          2808         16.9k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            20             2624           3833          2832         56.7k  0.14  
PROF_DETECT_PREFILTER       IPv4       2            10             7798          27885         10976        109.8k  0.27  
PROF_DETECT_PREFILTER       IPv4       6            10             8343         733953        127310          1.3m  3.18  
PROF_DETECT_PREFILTER       IPv4      17           110            23924         436830         38366          4.2m  10.53 
PROF_DETECT_PF_PAYLOAD      IPv4       6             5            26789         166260         90629        453.1k  1.13  
PROF_DETECT_PF_PAYLOAD      IPv4      17           110             8266         396846         19001          2.1m  5.22  
PROF_DETECT_PF_TX           IPv4       6             6             2857         532328        107221        643.3k  1.61  
PROF_DETECT_PF_TX           IPv4      17            10             8611          35514         14778        147.8k  0.37  
PROF_DETECT_PF_SORT1        IPv4       6             4             2664          11830          5353         21.4k  0.05  
PROF_DETECT_PF_SORT1        IPv4      17           110             2573           8246          3431        377.5k  0.94  
PROF_DETECT_PF_SORT2        IPv4       2            10             2527           2781          2606         26.1k  0.07  
PROF_DETECT_PF_SORT2        IPv4       6            10             2564          20356          5910         59.1k  0.15  
PROF_DETECT_PF_SORT2        IPv4      17           110             2545           8972          2877        316.5k  0.79  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2530           2793          2652         26.5k  0.07  
PROF_DETECT_NONMPMLIST      IPv4       6            10             2606           3809          3072         30.7k  0.08  
PROF_DETECT_NONMPMLIST      IPv4      17           110             2525         385530          9745          1.1m  2.68  
PROF_DETECT_ALERT           IPv4       2            10             2526           3248          2685         26.9k  0.07  
PROF_DETECT_ALERT           IPv4       6            10             2545           9165          3331         33.3k  0.08  
PROF_DETECT_ALERT           IPv4      17           110             2530         387784          6290        691.9k  1.73  
PROF_DETECT_CLEANUP         IPv4       2            10             2516           3457          2647         26.5k  0.07  
PROF_DETECT_CLEANUP         IPv4       6            10             2595           5056          3174         31.7k  0.08  
PROF_DETECT_CLEANUP         IPv4      17           110             2525           5054          2787        306.6k  0.77  
PROF_DETECT_GETSGH          IPv4       2            10             2537           2962          2712         27.1k  0.07  
PROF_DETECT_GETSGH          IPv4       6            10             2578           6243          3422         34.2k  0.09  
PROF_DETECT_GETSGH          IPv4      17           110             2517          36289          4118        453.0k  1.13  


suricata-report-2019-03-04-T-14-40-22-03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap.txt - (17549 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/562741daf6b1da300e106f0bfe5cc51556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap -vvv -k none
elapsedtime:20.008258
stderr:
stdout:
4/3/2019 -- 14:40:02 - <Info> - Configuration node 'rule-files' redefined.
4/3/2019 -- 14:40:02 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/3/2019 -- 14:40:02 - <Info> - CPUs/cores online: 1
4/3/2019 -- 14:40:02 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31468 and 'request-body-inspect-window' set to 15903 after randomization.
4/3/2019 -- 14:40:02 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34044 and 'response-body-inspect-window' set to 16015 after randomization.
4/3/2019 -- 14:40:02 - <Config> - DNS request flood protection level: 500
4/3/2019 -- 14:40:02 - <Config> - DNS per flow memcap (state-memcap): 524288
4/3/2019 -- 14:40:02 - <Config> - DNS global memcap: 16777216
4/3/2019 -- 14:40:02 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/3/2019 -- 14:40:02 - <Config> - preallocated 1000 hosts of size 136
4/3/2019 -- 14:40:02 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/3/2019 -- 14:40:02 - <Config> - using magic-file /usr/share/file/magic
4/3/2019 -- 14:40:02 - <Config> - Core dump size is unlimited.
4/3/2019 -- 14:40:02 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/3/2019 -- 14:40:02 - <Config> - preallocated 1000 defrag trackers of size 168
4/3/2019 -- 14:40:02 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/3/2019 -- 14:40:02 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/3/2019 -- 14:40:02 - <Config> - stream "memcap": 33554432
4/3/2019 -- 14:40:02 - <Config> - stream "midstream" session pickups: disabled
4/3/2019 -- 14:40:02 - <Config> - stream "async-oneside": disabled
4/3/2019 -- 14:40:02 - <Config> - stream "checksum-validation": disabled
4/3/2019 -- 14:40:02 - <Config> - stream."inline": disabled
4/3/2019 -- 14:40:02 - <Config> - stream "bypass": disabled
4/3/2019 -- 14:40:02 - <Config> - stream "max-synack-queued": 5
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly "memcap": 134217728
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly "depth": 0
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly "toserver-chunk-size": 2468
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly "toclient-chunk-size": 2601
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly.raw: enabled
4/3/2019 -- 14:40:02 - <Config> - stream.reassembly "segment-prealloc": 2048
4/3/2019 -- 14:40:02 - <Config> - Delayed detect disabled
4/3/2019 -- 14:40:02 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/3/2019 -- 14:40:02 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/3/2019 -- 14:40:02 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/3/2019 -- 14:40:02 - <Config> - prefilter engines: MPM
4/3/2019 -- 14:40:02 - <Config> - IP reputation disabled
4/3/2019 -- 14:40:02 - <Perf> - Registered 148 keyword profiling counters.
4/3/2019 -- 14:40:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
4/3/2019 -- 14:40:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
4/3/2019 -- 14:40:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
4/3/2019 -- 14:40:07 - <Config> - No rules loaded from ET-icmp.rules.
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
4/3/2019 -- 14:40:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
4/3/2019 -- 14:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
4/3/2019 -- 14:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
4/3/2019 -- 14:40:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
4/3/2019 -- 14:40:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
4/3/2019 -- 14:40:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
4/3/2019 -- 14:40:14 - <Config> - No rules loaded from local.rules.
4/3/2019 -- 14:40:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
4/3/2019 -- 14:40:14 - <Info> - Threshold config parsed: 0 rule(s) found
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tcp-packet
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tcp-stream
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for udp-packet
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for other-ip
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_uri
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_request_line
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_client_body
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_response_line
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_header
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_header
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_header_names
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_header_names
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_accept
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_accept_enc
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_accept_lang
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_referer
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_connection
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_content_len
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_content_len
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_content_type
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_content_type
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_protocol
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_protocol
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_start
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_start
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_raw_header
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_raw_header
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_method
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_cookie
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_cookie
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_raw_uri
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_user_agent
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_host
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_raw_host
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_stat_msg
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_stat_code
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for dns_query
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tls_sni
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for dce_stub_data
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for dce_stub_data
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for ssh_protocol
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for ssh_protocol
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for ssh_software
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for ssh_software
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for file_data
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for file_data
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_request_line
4/3/2019 -- 14:40:14 - <Perf> - using shared mpm ctx' for http_response_line
4/3/2019 -- 14:40:14 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
4/3/2019 -- 14:40:14 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/3/2019 -- 14:40:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/3/2019 -- 14:40:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/3/2019 -- 14:40:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/3/2019 -- 14:40:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
4/3/2019 -- 14:40:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/3/2019 -- 14:40:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/3/2019 -- 14:40:18 - <Perf> - Unique rule groups: 104
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "toclient UDP packet": 17
4/3/2019 -- 14:40:18 - <Perf> - Builtin MPM "other IP packet": 3
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_header": 10
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_header": 6
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_start": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_method": 5
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver http_host": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toserver file_data": 1
4/3/2019 -- 14:40:18 - <Perf> - AppLayer MPM "toclient file_data": 7
4/3/2019 -- 14:40:21 - <Perf> - Registered 39590 rule profiling counters.
4/3/2019 -- 14:40:21 - <Info> - fast output device (regular) initialized: alert
4/3/2019 -- 14:40:21 - <Info> - eve-log output device (regular) initialized: eve.json
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'alert'
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'http'
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'dns'
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'tls'
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'files'
4/3/2019 -- 14:40:21 - <Config> - enabling 'eve-log' module 'ssh'
4/3/2019 -- 14:40:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/3/2019 -- 14:40:21 - <Info> - stats output device (regular) initialized: stats.log
4/3/2019 -- 14:40:21 - <Config> - AutoFP mode using "Hash" flow load balancer
4/3/2019 -- 14:40:21 - <Info> - reading pcap file /var/pcap/03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap
4/3/2019 -- 14:40:21 - <Config> - using 1 flow manager threads
4/3/2019 -- 14:40:21 - <Config> - using 1 flow recycler threads
4/3/2019 -- 14:40:21 - <Notice> - all 2 packet pro

This file has been truncated. Go here to download in full.


unified2.alert.1551710421 - (648 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
4\RËÁ­ÈSÀ¨8À¨8kPÀè\RË\RËÁ­ÌE¾È}À¨8À¨8kPÀPpHTTP/1.1 200 OK
Date: Thu, 31 Jan 2019 10:17:00 GMT
Content-Type: text/html
Connection: Close
Server: INetSim HTTP Server
Content-Length: 258

T\RË\RËÁ­8E*ÈÀ¨8À¨8kPÀPà$<html>
  <head>
    <title>INetSim default HTML page</title>
  </head>
  <body>
    <p></p>
    <p align="center">This is the default HTML page for INetSim HTTP server fake mode.</p>
    <p align="center">This file is an HTML document.</p>
  </body>
</html>


stats.log - (2835 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 3/4/2019 -- 14:40:22 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 151
decoder.bytes                              | Total                     | 15223
decoder.ipv4                               | Total                     | 130
decoder.ethernet                           | Total                     | 151
decoder.tcp                                | Total                     | 10
decoder.udp                                | Total                     | 110
decoder.avg_pkt_size                       | Total                     | 100
decoder.max_pkt_size                       | Total                     | 385
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 18
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 10
app_layer.tx.dns_udp                       | Total                     | 10
app_layer.flow.failed_udp                  | Total                     | 8
flow.spare                                 | Total                     | 9993
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880


eve.json - (8481 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{"timestamp":"2019-01-31T10:16:39.037492+0000","flow_id":1403465574617716,"pcap_cnt":68,"event_type":"dns","src_ip":"192.168.56.107","src_port":52032,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13877,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:39.224951+0000","flow_id":1403465574617716,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":52032,"proto":"UDP","dns":{"type":"answer","id":13877,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:39.744177+0000","flow_id":734640382368497,"pcap_cnt":76,"event_type":"dns","src_ip":"192.168.56.107","src_port":50089,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48259,"rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:39.941902+0000","flow_id":734640382368497,"pcap_cnt":81,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":50089,"proto":"UDP","dns":{"type":"answer","id":48259,"rcode":"NOERROR","rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:47.292692+0000","flow_id":1430158796879700,"pcap_cnt":110,"event_type":"dns","src_ip":"192.168.56.107","src_port":50412,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29891,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:47.366308+0000","flow_id":1992743678088932,"pcap_cnt":111,"event_type":"dns","src_ip":"192.168.56.107","src_port":60023,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41540,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:47.479324+0000","flow_id":1430158796879700,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":50412,"proto":"UDP","dns":{"type":"answer","id":29891,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:47.572731+0000","flow_id":1992743678088932,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":41540,"rcode":"NOERROR","rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:56.593970+0000","flow_id":660771240939570,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.56.107","src_port":57365,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60126,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:56.779319+0000","flow_id":660771240939570,"pcap_cnt":119,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":57365,"proto":"UDP","dns":{"type":"answer","id":60126,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:58.980805+0000","flow_id":740039157544773,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.56.107","src_port":53126,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1265,"rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:58.984769+0000","flow_id":1653024650561217,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.56.107","src_port":56915,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6839,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:16:59.172153+0000","flow_id":1653024650561217,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":56915,"proto":"UDP","dns":{"type":"answer","id":6839,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:59.182880+0000","flow_id":740039157544773,"pcap_cnt":131,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":53126,"proto":"UDP","dns":{"type":"answer","id":1265,"rcode":"NOERROR","rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:16:59.574911+0000","flow_id":514579144361407,"pcap_cnt":132,"event_type":"dns","src_ip":"192.168.56.107","src_port":61737,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1260,"rrname":"safe-naver-mail.pe.hu","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-31T10:17:00.008334+0000","flow_id":514579144361407,"pcap_cnt":133,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":61737,"proto":"UDP","dns":{"type":"answer","id":1260,"rcode":"NOERROR","rrname":"safe-naver-mail.pe.hu","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:17:00.033202+0000","flow_id":1448283559701162,"pcap_cnt":141,"event_type":"http","src_ip":"192.168.56.107","src_port":49178,"dest_ip":"192.168.56.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"safe-naver-mail.pe.hu","url":"\/Est\/down\/AlyacMonitor64","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-01-31T10:17:00.049581+0000","flow_id":1448283559701162,"pcap_cnt":143,"event_type":"alert","src_ip":"192.168.56.1","src_port":80,"dest_ip":"192.168.56.107","dest_port":49178,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017363,"rev":2,"signature":"ET INFO InetSim Response from External Source Possible SinkHole","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-01-31T10:17:00.049581+0000","flow_id":1448283559701162,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"192.168.56.1","src_port":80,"dest_ip":"192.168.56.107","dest_port":49178,"proto":"TCP","http":{"hostname":"safe-naver-mail.pe.hu","url":"\/Est\/down\/AlyacMonitor64","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":258},"app_proto":"http","fileinfo":{"filename":"\/Est\/down\/AlyacMonitor64","gaps":false,"state":"CLOSED","stored":false,"size":258,"tx_id":0}}
{"timestamp":"2019-01-31T10:17:10.091331+0000","flow_id":764447457436867,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.56.107","src_port":62989,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39568,"rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:17:10.093186+0000","flow_id":919001855585282,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.107","src_port":49783,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61220,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T10:17:10.281236+0000","flow_id":919001855585282,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":49783,"proto":"UDP","dns":{"type":"answer","id":61220,"rcode":"NOERROR","rrname":"110.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T10:17:10.294858+0000","flow_id":764447457436867,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":62989,"proto":"UDP","dns":{"type":"answer","id":39568,"rcode":"NOERROR","rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}


suricata-4.0.0-etpro-all-alert-2019-03-04-T-14-40-22-03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap.txt - (218 bytes) - download
1
01/31/2019-10:17:00.049581  [**] [1:2017363:2] ET INFO InetSim Response from External Source Possible SinkHole [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.1:80 -> 192.168.56.107:49178


keyword_perf.log - (13175 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/4/2019 -- 14:40:22
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             382769          92              92              67082           4160.00         4160.00         0.00           
  content          1705033         346             229             385704          4927.00         5733.00         3350.00        
  pcre             378801          33              8               36545           11478.00        14374.00        10552.00       
  byte_test        414469          140             72              22236           2960.00         2832.00         3096.00        
  byte_jump        47001           14              14              9524            3357.00         3357.00         0.00           
  isdataat         3308            1               0               3308            3308.00         0.00            3308.00        
  flowbits         25540           5               2               12874           5108.00         8313.00         2971.00        
  urilen           84461           27              10              3814            3128.00         3126.00         3129.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             382769          92              92              67082           4160.00         4160.00         0.00           
  flowbits         8914            3               0               3302            2971.00         0.00            2971.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          972508          188             120             385704          5172.00         6371.00         3058.00        
  pcre             85496           8               1               35201           10687.00        11009.00        10641.00       
  byte_test        414469          140             72              22236           2960.00         2832.00         3096.00        
  byte_jump        47001           14              14              9524            3357.00         3357.00         0.00           
  isdataat         3308            1               0               3308            3308.00         0.00            3308.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         16626           2               2               12874           8313.00         8313.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          117923          22              11              26402           5360.00         6754.00         3965.00        
  pcre             126493          13              1               14100           9730.00         11827.00        9555.00        
  urilen           84461           27              10              3814            3128.00         3126.00         3129.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3225            1               0               3225            3225.00         0.00            3225.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          385813          79              60              48327           4883.00         5194.00         3903.00        
  pcre             144964          9               4               36545           16107.00        18477.00        14211.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          67470           18              12              4876            3748.00         3764.00         3716.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3418            1               1               3418            3418.00         3418.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3236            1               1               3236            3236.00         3236.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7210            2               2               3623            3605.00         3605.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3218            1               1               3218            3218.00         3218.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8901            2               2               4796            4450.00         4450.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          125260          29              19              16183           4319.00         4808.00         3389.00        
  pcre             18251           2               2               11448           9125.00         9125.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             3597            1               0               3597            3597.00         0.00            3597.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6851            2               0               3617            3425.00         0.00            3425.00        


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-03-04 14:40:01,565 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-04 14:40:02,274 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-04 14:40:02,274 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-04 14:40:02,274 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-04 14:40:02,274 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-04 14:40:02,275 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/562741daf6b1da300e106f0bfe5cc51556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03042019.1440-84edc9b828de54d4bd00959fabf583a1392cb4c3eab3498c52818c96dc554b90.pcap -vvv -k none
2019-03-04 14:40:22,285 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-04 14:40:22,286 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.7283489704