Filename: cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.0555078983 seconds
Hash: 64272d87d1fbb72eef73aff7e4c45351
Uploaded: 1557124615

Logfiles


suricata-4.0.0-etpro-all-alert-2019-05-06-T-06-37-17-05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap.txt - (225 bytes) - download
1
05/01/2019-16:00:15.209131  [**] [1:2812668:2] ETPRO POLICY Remote Utilities Access Tool Activity [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.146:49355 -> 108.163.130.184:5655


packet_stats.log - (15690 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           357           120975      154189626      94995527         33.9b   85.10
 IPv4      17           109          3650787      152867078      42462391          4.6b   11.61
 IPv6      17            32          3836709      153998227      40863680          1.3b    3.28
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           357            66693        7541896        346858        123.8m   68.85
TMM_FLOWWORKER              IPv4      17           109           118840        5228469        294565         32.1m   17.85
TMM_RECEIVEPCAPFILE         IPv4       6           344             2553          27857          3089          1.1m    0.59
TMM_RECEIVEPCAPFILE         IPv4      17           109             2547          13696          2987        325.6k    0.18
TMM_DECODEPCAPFILE          IPv4       6           344             2656          27547          2992          1.0m    0.57
TMM_DECODEPCAPFILE          IPv4      17           109             2682          20758          2995        326.5k    0.18
TMM_FLOWWORKER              IPv6      17            32           109664       16155561        655434         21.0m   11.66
TMM_RECEIVEPCAPFILE         IPv6      17            32             2546           3014          2768         88.6k    0.05
TMM_DECODEPCAPFILE          IPv6      17            32             2699          16100          3273        104.8k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           344             2853          32846          3412          1.2m  0.75  
flow                    IPv4      17           109             2688          14776          3531        384.9k  0.25  
stream                  IPv4       6           357             2757        1201569         13329          4.8m  3.05  
app-layer               IPv4      17           109             2531          34209          5201        567.0k  0.36  
detect                  IPv4       6           357            44974        4525292        287070        102.5m  65.59 
detect                  IPv4      17           109           102490        5087084        230669         25.1m  16.09 
tcp-prune               IPv4       6           357             2556          35174          3166          1.1m  0.72  
flow                    IPv6      17            32             2843       15939120        502625         16.1m  10.29 
app-layer               IPv6      17            32             2534          12686          5910        189.1k  0.12  
detect                  IPv6      17            32            92584         224011        135750          4.3m  2.78  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            10             2941          55179         13581        135.8k  23.66 
http                    IPv4      17             4             9440          75849         43983        175.9k  30.65 
tls                     IPv4       6             4             2934           4223          3426         13.7k  2.39  
dns                     IPv4      17            12             4492           9883          6057         72.7k  12.66 
http                    IPv6      17             4             9440          75849         43983        175.9k  30.65 
Proto detect            IPv4      17            29             2765          17054          4741        137.5k
Proto detect            IPv6      17            15             2825           6301          3794         56.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            41769          41769         41769         41.8k  0.69  
LOGGER_UNIFIED2             IPv4       6             1           126468         126468        126468        126.5k  2.08  
LOGGER_JSON_ALERT           IPv4       6             1            55800          55800         55800         55.8k  0.92  
LOGGER_JSON_DNS             IPv4      17            12            35254        3994594        390934          4.7m  77.12 
LOGGER_JSON_HTTP            IPv4       6             6            61531         113393         88346        530.1k  8.71  
LOGGER_JSON_TLS             IPv4       6             2             3205           3299          3252          6.5k  0.11  
LOGGER_JSON_FILE            IPv4       6             5            64833         280009        126216        631.1k  10.37 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           221             2586         118468         17311         3.8m  12.74 
payload                           IPv4      17           109             3177          80854          9374         1.0m  3.40  
stream                            IPv4       6           221             2547         461690         34489         7.6m  25.39 
http_uri                          IPv4       6             6            14061          54098         30174       181.0k  0.60  
http_request_line                 IPv4       6             6             4601           8504          6343        38.1k  0.13  
http_client_body                  IPv4       6             6             2819           4221          3269        19.6k  0.07  
http_header (request)             IPv4       6             6            19107          78313         50573       303.4k  1.01  
http_header (request trailer)     IPv4       6             6             2617           3850          2839        17.0k  0.06  
http_header_names (request)       IPv4       6             6             9572          25832         17839       107.0k  0.36  
http_accept (request)             IPv4       6             6             3321           4870          3877        23.3k  0.08  
http_referer (request)            IPv4       6             6             2857           3979          3277        19.7k  0.07  
http_content_len (request)        IPv4       6             6             3027           4185          3481        20.9k  0.07  
http_content_type (request)       IPv4       6             6             3045           3382          3245        19.5k  0.06  
http_protocol (request)           IPv4       6             6             3585           6001          4712        28.3k  0.09  
http_start (request)              IPv4       6             6             6728          17515         11382        68.3k  0.23  
http_raw_header (request)         IPv4       6             6             8633          23477         14447        86.7k  0.29  
http_method                       IPv4       6             6             3915          37025         11268        67.6k  0.23  
http_cookie (request)             IPv4       6             6             3008           5307          3719        22.3k  0.07  
http_raw_uri                      IPv4       6             6             4201           8230          6404        38.4k  0.13  
http_user_agent                   IPv4       6             6             6126          50834         21137       126.8k  0.42  
http_host                         IPv4       6             6             4028           9044          6889        41.3k  0.14  
dns_query                         IPv4      17             6             6530          35969         12987        77.9k  0.26  
tls_sni                           IPv4       6             6             2577          43275         12118        72.7k  0.24  
http_response_line                IPv4       6             6             3660          13620          7557        45.3k  0.15  
http_header (response)            IPv4       6             6            20546          47665         35498       213.0k  0.71  
http_header (response trailer)    IPv4       6             6             2617           2940          2726        16.4k  0.05  
http_content_type (response)      IPv4       6             6             4933          23906         10452        62.7k  0.21  
http_raw_header (response)        IPv4       6           188             4417          18110          5556         1.0m  3.48  
http_cookie (response)            IPv4       6             6             3018           4161          3411        20.5k  0.07  
http_stat_code                    IPv4       6             6             2770           4706          3805        22.8k  0.08  
tls_cert_issuer                   IPv4       6             2             2608           2615          2611         5.2k  0.02  
tls_cert_subject                  IPv4       6             2             2609           2730          2669         5.3k  0.02  
tls_cert_serial                   IPv4       6             2             2628           2768          2698         5.4k  0.02  
file_data (http response)         IPv4       6           182             2575        1351116         79587        14.5m  48.25 
Total                             IPv4                  1083                                         27493        29.8m
payload                           IPv6      17            32             3207          25018          7608       243.5k  0.81  
Total                             IPv6                    32                                          7608       243.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            16             6412          54883         33264        532.2k  0.29  
PROF_DETECT_IPONLY          IPv4      17            29            37580          93352         47035          1.4m  0.74  
PROF_DETECT_RULES           IPv4       6           357             2553        4002322        127407         45.5m  24.71 
PROF_DETECT_RULES           IPv4      17           109            44489         663938        100264         10.9m  5.94  
PROF_DETECT_STATEFUL_START    IPv4       6           159             5110        1973729        200995         32.0m  17.36 
PROF_DETECT_STATEFUL_CONT    IPv4       6           357             2520          34541         10468          3.7m  2.03  
PROF_DETECT_STATEFUL_CONT    IPv4      17           109             2514          46358          3690        402.3k  0.22  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           312             2560          26521          2797        872.7k  0.47  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             2619          30155          5202         62.4k  0.03  
PROF_DETECT_PREFILTER       IPv4       6           357             7896        1512837        108098         38.6m  20.97 
PROF_DETECT_PREFILTER       IPv4      17           109            23882         110892         33941          3.7m  2.01  
PROF_DETECT_PF_PAYLOAD      IPv4       6           221            13655         472836         59849         13.2m  7.19  
PROF_DETECT_PF_PAYLOAD      IPv4      17           109             8247          86533         14690          1.6m  0.87  
PROF_DETECT_PF_TX           IPv4       6           312             2560        1364526         62836         19.6m  10.65 
PROF_DETECT_PF_TX           IPv4      17             6            12381          41960         19005        114.0k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6           117             2579          18264          3266        382.2k  0.21  
PROF_DETECT_PF_SORT1        IPv4      17           109             2610          15938          3483        379.7k  0.21  
PROF_DETECT_PF_SORT2        IPv4       6           357             2532          34245          3002          1.1m  0.58  
PROF_DETECT_PF_SORT2        IPv4      17           109             2551           4456          2801        305.4k  0.17  
PROF_DETECT_NONMPMLIST      IPv4       6           357             2551          17211          2895          1.0m  0.56  
PROF_DETECT_NONMPMLIST      IPv4      17           109             2529          33133          3089        336.7k  0.18  
PROF_DETECT_ALERT           IPv4       6           357             2524          16391          2787        995.2k  0.54  
PROF_DETECT_ALERT           IPv4      17           109             2531          10876          2720        296.5k  0.16  
PROF_DETECT_CLEANUP         IPv4       6           357             2560          15642          2991          1.1m  0.58  
PROF_DETECT_CLEANUP         IPv4      17           109             2527           5895          2748        299.6k  0.16  
PROF_DETECT_GETSGH          IPv4       6           357             2528          47212          3185          1.1m  0.62  
PROF_DETECT_GETSGH          IPv4      17           109             2531          25209          4059        442.5k  0.24  
PROF_DETECT_IPONLY          IPv6      17            15             3008           8946          5036         75.5k  0.04  
PROF_DETECT_RULES           IPv6      17            32            33990         125238         59322          1.9m  1.03  
PROF_DETECT_STATEFUL_CONT    IPv6      17            32             2517           3467          2807         89.8k  0.05  
PROF_DETECT_PREFILTER       IPv6      17            32            24519          71257         30342        971.0k  0.53  
PROF_DETECT_PF_PAYLOAD      IPv6      17            32             8334          30791         12918        413.4k  0.22  
PROF_DETECT_PF_SORT1        IPv6      17            32             2630           4498          3118         99.8k  0.05  
PROF_DETECT_PF_SORT2        IPv6      17            32             2558           4742          2806         89.8k  0.05  
PROF_DETECT_NONMPMLIST      IPv6      17            32             2540           3575          2808         89.9k  0.05  
PROF_DETECT_ALERT           IPv6      17            32             2535          31988          3571        114.3k  0.06  
PROF_DETECT_CLEANUP         IPv6      17            32             2528          18548          3372        107.9k  0.06  
PROF_DETECT_GETSGH          IPv6      17            32             2529          17049          5859        187.5k  0.10  


suricata-4.0.0-etpro-all-perf.txt-2019-05-06-T-06-37-17-05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap.txt - (39381 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 06:37:17. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2815453      1        4        19179542     39.26  42       0        1026567     456655.76   0.00        456655.76  
  2        2014363      1        7        445975       0.91   4        0        406367      111493.75   0.00        111493.75  
  3        2018342      1        2        8496803      17.39  56       0        317037      151728.62   0.00        151728.62  
  4        2811745      1        4        1452581      2.97   14       0        192248      103755.79   0.00        103755.79  
  5        2821615      1        2        234111       0.48   6        0        78339       39018.50    0.00        39018.50   
  6        2805348      1        4        255173       0.52   5        0        77851       51034.60    0.00        51034.60   
  7        2023623      1        3        258104       0.53   68       0        77079       3795.65     0.00        3795.65    
  8        2022652      1        2        72209        0.15   1        1        72209       72209.00    72209.00    0.00       
  9        2015877      1        6        50580        0.10   1        0        50580       50580.00    0.00        50580.00   
  10       2100566      1        5        64415        0.13   6        0        49864       10735.83    0.00        10735.83   
  11       2017552      1        6        1380857      2.83   98       0        49611       14090.38    0.00        14090.38   
  12       2014635      1        1        84439        0.17   2        0        47244       42219.50    0.00        42219.50   
  13       2815254      1        7        175496       0.36   4        0        46849       43874.00    0.00        43874.00   
  14       2816747      1        2        46775        0.10   1        0        46775       46775.00    0.00        46775.00   
  15       2807793      1        4        46593        0.10   1        0        46593       46593.00    0.00        46593.00   
  16       2816636      1        2        46402        0.09   1        0        46402       46402.00    0.00        46402.00   
  17       2828986      1        2        45784        0.09   1        0        45784       45784.00    0.00        45784.00   
  18       2019141      1        3        45379        0.09   1        0        45379       45379.00    0.00        45379.00   
  19       2020295      1        6        123956       0.25   4        0        45173       30989.00    0.00        30989.00   
  20       2019821      1        8        44888        0.09   1        1        44888       44888.00    44888.00    0.00       
  21       2014405      1        10       44567        0.09   1        0        44567       44567.00    0.00        44567.00   
  22       2812668      1        2        60966        0.12   2        1        44373       30483.00    44373.00    16593.00   
  23       2815664      1        3        43771        0.09   1        0        43771       43771.00    0.00        43771.00   
  24       2017119      1        4        43170        0.09   1        0        43170       43170.00    0.00        43170.00   
  25       2828060      1        4        42782        0.09   1        0        42782       42782.00    0.00        42782.00   
  26       2830036      1        1        144342       0.30   6        0        42597       24057.00    0.00        24057.00   
  27       2011290      1        7        42303        0.09   1        0        42303       42303.00    0.00        42303.00   
  28       2017935      1        3        48165        0.10   3        1        42197       16055.00    42197.00    2984.00    
  29       2809360      1        2        41663        0.09   1        0        41663       41663.00    0.00        41663.00   
  30       2816621      1        2        41608        0.09   1        0        41608       41608.00    0.00        41608.00   
  31       2021304      1        4        41426        0.08   1        0        41426       41426.00    0.00        41426.00   
  32       2827365      1        1        41093        0.08   1        0        41093       41093.00    0.00        41093.00   
  33       2021418      1        9        40923        0.08   1        0        40923       40923.00    0.00        40923.00   
  34       2014442      1        6        38868        0.08   1        0        38868       38868.00    0.00        38868.00   
  35       2014634      1        1        73317        0.15   2        0        38383       36658.50    0.00        36658.50   
  36       2024771      1        1        1023094      2.09   187      0        36933       5471.09     0.00        5471.09    
  37       2816895      1        2        36561        0.07   1        0        36561       36561.00    0.00        36561.00   
  38       2012707      1        5        111548       0.23   4        0        36103       27887.00    0.00        27887.00   
  39       2811577      1        2        91748        0.19   8        0        35955       11468.50    0.00        11468.50   
  40       2812896      1        5        35898        0.07   1        0        35898       35898.00    0.00        35898.00   
  41       2012649      1        5        35795        0.07   1        0        35795       35795.00    0.00        35795.00   
  42       2012612      1        16       144557       0.30   6        0        35543       24092.83    0.00        24092.83   
  43       2809087      1        2        35502        0.07   1        0        35502       35502.00    0.00        35502.00   
  44       2024367      1        2        35468        0.07   1        0        35468       35468.00    0.00        35468.00   
  45       2812801      1        2        35328        0.07   1        0        35328       35328.00    0.00        35328.00   
  46       2826616      1        2        35290        0.07   1        0        35290       35290.00    0.00        35290.00   
  47       2811826      1        7        35189        0.07   1        0        35189       35189.00    0.00        35189.00   
  48       2018789      1        3        65233        0.13   2        0        35160       32616.50    0.00        32616.50   
  49       2816356      1        2        197468       0.40   6        0        35082       32911.33    0.00        32911.33   
  50       2823915      1        3        35054        0.07   1        0        35054       35054.00    0.00        35054.00   
  51       2815220      1        2        34966        0.07   1        0        34966       34966.00    0.00        34966.00   
  52       2814182      1        2        34882        0.07   1        0        34882       34882.00    0.00        34882.00   
  53       2815568      1        2        34840        0.07   1        0        34840       34840.00    0.00        34840.00   
  54       2022914      1        1        328177       0.67   33       0        34447       9944.76     0.00        9944.76    
  55       2825273      1        2        34394        0.07   1        0        34394       34394.00    0.00        34394.00   
  56       2021413      1        2        34331        0.07   1        0        34331       34331.00    0.00        34331.00   
  57       2807970      1        8        34020        0.07   1        0        34020       34020.00    0.00        34020.00   
  58       2020963      1        2        33961        0.07   1        0        33961       33961.00    0.00        33961.00   
  59       2009702      1        5        152141       0.31   12       0        33609       12678.42    0.00        12678.42   
  60       2824909      1        2        33462        0.07   1        0        33462       33462.00    0.00        33462.00   
  61       2023316      1        2        39131        0.08   3        0        33364       13043.67    0.00        13043.67   
  62       2007880      1        7        119122       0.24   5        0        33053       23824.40    0.00        23824.40   
  63       2022502      1        4        137414       0.28   6        0        32908       22902.33    0.00        22902.33   
  64       2819934      1        2        32543        0.07   1        0        32543       32543.00    0.00        32543.00   
  65       2806802      1        2        236006       0.48   11       0        32226       21455.09    0.00        21455.09   
  66       2014376      1        3        58604        0.12   4        0        31246       14651.00    0.00        14651.00   
  67       2809012      1        4        30962        0.06   1        0        30962       30962.00    0.00        30962.00   
  68       2810481      1        4        421666       0.86   22       0        30805       19166.64    0.00        19166.64   
  69       2822697      1        2        30791        0.06   1        0        30791       30791.00    0.00        30791.00   
  70       2830471      1        2        30211        0.06   1        0        30211       30211.00    0.00        30211.00   
  71       2829260      1        1        29972        0.06   1        0        29972       29972.00    0.00        29972.00   
  72       2021531      1        2        29946        0.06   1        0        29946       29946.00    0.00        29946.00   
  73       2815156      1        2        29835        0.06   1        0        29835       29835.00    0.00        29835.00   
  74       2022543      1        1        108412       0.22   6        0        29647       18068.67    0.00        18068.67   
  75       2824942      1        2        29531        0.06   1        0        29531       29531.00    0.00        29531.00   
  76       2829091      1        2        29435        0.06   1        0        29435       29435.00    0.00        29435.00   
  77       2012328      1        6        58111        0.12   4        0        29404       14527.75    0.00        14527.75   
  78       2019094      1        5        29356        0.06   1        0        29356       29356.00    0.00        29356.00   
  79       2820673      1        2        29260        0.06   1        0        29260       29260.00    0.00        29260.00   
  80       2024758      1        4        29236        0.06   1        0        29236       29236.00    0.00        29236.00   
  81       2829848      1        2        29212        0.06   1        0        29212       29212.00    0.00        29212.00   
  82       2020496      1        2        111706       0.23   4        0        29185       27926.50    0.00        27926.50   
  83       2809709      1        4        29179        0.06   1        0        29179       29179.00    0.00        29179.00   
  84       2803760      1        3        109121       0.22   6        0        29034       18186.83    0.00        18186.83   
  85       2824387      1        2        29032        0.06   1        0        29032       29032.00    0.00        29032.00   
  86       2816777      1        3        28769        0.06   1        0        28769       28769.00    0.00        28769.00   
  87       2014303      1        2        28711        0.06   1        0        28711       28711.00    0.00        28711.00   
  88       2821471      1        2        28664        0.06   1        0        28664       28664.00    0.00        28664.00   
  89       2815924      1        2        28656        0.06   1        0        28656       28656.00    0.00        28656.00   
  90       2825236      1        2        28628        0.06   1        0        28628       28628.00    0.00        28628.00   
  91       2811905      1        3        28617        0.06   1        0        28617       28617.00    0.00        28617.00   
  92       2823858      1        3        28586        0.06   1        0        28586       28586.00    0.00        28586.00   
  93       2017261      1        3        28541        0.06   1        0        28541       28541.00    0.00        28541.00   
  94       2008377      1        5        28386        0.06   1        0        28386       28386.00    0.00        28386.00   
  95       2809363      1        3        28358        0.06   1        0        28358       28358.00    0.00        28358.00   
  96       2020181      1        8        28292        0.06   1        0        28292       28292.00    0.00        28292.00   
  97       2020964      1        2        28186        0.06   1        0        28186       28186.00    0.00        28186.00   
  98       2822633      1        3        28049        0.06   1        0        28049       28049.00    0.00        28049.00   
  99       2021399      1        3        27892        0.06   1        0        27892       27892.00    0.00        27892.00   
  100      2815180      1        3        27820        0.06   1        0        27820       27820.00    0.00        27820.00   
  101      2823218      1        2        27818        0.06   1        0        27818       27818.00    0.00        27818.00   
  102      2021718      1        4        27713        0.06   1        0        27713       27713.00    0.00        27713.00   
  103      2020962      1        3        27632        0.06   1        0        27632       27632.00    0.00        27632.00   
  104      2022901      1        2        27626        0.06   1        0        27626       27626.00    0.00        27626.00   
  105      2017948      1        2        27414        0.06   1        0        27414       27414.00    0.00        27414.00   
  106      2826043      1        4        27413        0.06   1        0        27413       27413.00    0.00        27413.00   
  107      2014702      1        9        115863       0.24   12       0        27330       9655.25     0.00        9655.25    
  108      2815181      1        3        27024        0.06   1        0        27024       27024.00    0.00        27024.00   
  109      2010140      1        7        698350       1.43   129      0        26989       5413.57     0.00        5413.57    
  110      2016537      1        2        1286338      2.63   92       0        26971       13981.93    0.00        13981.93   
  111      2812433      1        2        26678        0.05   1        0        26678       26678.00    0.00        26678.00   
  112      2815182      1        3        26582        0.05   1        0        26582       26582.00    0.00        26582.00   
  113      2820364      1        5        25540        0.05   1        0        25540       25540.00    0.00        25540.00   
  114      2802876      1        3        25151        0.05   1        0        25151       25151.00    0.00        25151.00   
  115      2001330      1        8        554777       1.14   190      0        25039       2919.88     0.00        2919.88    
  116      2014701      1        12       146368       0.30   12       0        24226       12197.33    0.00        12197.33   
  117      2828008      1        2        125683       0.26   6        0        23705       20947.17    0.00        20947.17   
  118      2827279      1        5        129106       0.26   6        0        23287       21517.67    0.00        21517.67   
  119      2826256      1        2        126344       0.26   6        0        23257       21057.33    0.00        21057.33   
  120      2024829      1        2        136808       0.28   7        0        23023       19544.00    0.00        19544.00   
  121      2024178      1        2        22909        0.05   1        0        22909       22909.00    0.00        22909.00   
  122      2815547      1        2        22802        0.05   1        0        22802       22802.00    0.00        22802.00   
  123      2012249      1        4        22609        0.05   1        0        22609       22609.00    0.00        22609.00   
  124      2816165      1        5        124824       0.26   6        0        22294       20804.00    0.00        20804.00   
  125      2810084      1        2        21

This file has been truncated. Go here to download in full.


stats.log - (3292 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 06:37:17 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 568
decoder.bytes                              | Total                     | 261247
decoder.ipv4                               | Total                     | 453
decoder.ipv6                               | Total                     | 32
decoder.ethernet                           | Total                     | 568
decoder.tcp                                | Total                     | 344
decoder.udp                                | Total                     | 141
decoder.avg_pkt_size                       | Total                     | 459
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 8
flow.udp                                   | Total                     | 38
tcp.sessions                               | Total                     | 8
tcp.syn                                    | Total                     | 8
tcp.synack                                 | Total                     | 8
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 5
app_layer.tx.http                          | Total                     | 6
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 6
app_layer.tx.dns_udp                       | Total                     | 6
app_layer.flow.failed_udp                  | Total                     | 32
flow_mgr.new_pruned                        | Total                     | 28
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 40
flow_mgr.flows_notimeout                   | Total                     | 12
flow_mgr.flows_timeout                     | Total                     | 28
flow_mgr.flows_removed                     | Total                     | 28
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65496
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7087552


eve.json - (11522 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{"timestamp":"2019-05-01T16:00:15.069990+0000","flow_id":883512396681574,"pcap_cnt":86,"event_type":"dns","src_ip":"192.168.100.146","src_port":53784,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9454,"rrname":"id.remoteutilities.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:15.085937+0000","flow_id":883512396681574,"pcap_cnt":87,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":53784,"proto":"UDP","dns":{"type":"answer","id":9454,"rcode":"NOERROR","rrname":"id.remoteutilities.com","rrtype":"A","ttl":710,"rdata":"108.163.130.184"}}
{"timestamp":"2019-05-01T16:00:15.209131+0000","flow_id":810888794699947,"pcap_cnt":94,"event_type":"alert","src_ip":"192.168.100.146","src_port":49355,"dest_ip":"108.163.130.184","dest_port":5655,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2812668,"rev":2,"signature":"ETPRO POLICY Remote Utilities Access Tool Activity","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2019-05-01T16:00:15.415331+0000","flow_id":1021161803568739,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.100.146","src_port":52287,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63399,"rrname":"ocsp.digicert.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:15.420928+0000","flow_id":1021161803568739,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":52287,"proto":"UDP","dns":{"type":"answer","id":63399,"rcode":"NOERROR","rrname":"ocsp.digicert.com","rrtype":"CNAME","ttl":18113,"rdata":"cs9.wac.phicdn.net"}}
{"timestamp":"2019-05-01T16:00:15.420928+0000","flow_id":1021161803568739,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":52287,"proto":"UDP","dns":{"type":"answer","id":63399,"rcode":"NOERROR","rrname":"cs9.wac.phicdn.net","rrtype":"A","ttl":910,"rdata":"93.184.220.29"}}
{"timestamp":"2019-05-01T16:00:15.661984+0000","flow_id":845763929141173,"pcap_cnt":109,"event_type":"http","src_ip":"192.168.100.146","src_port":49358,"dest_ip":"93.184.220.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-05-01T16:00:18.450468+0000","flow_id":1545164993781668,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.100.146","src_port":59651,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21739,"rrname":"ca80628.tmweb.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:18.516613+0000","flow_id":1545164993781668,"pcap_cnt":131,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":59651,"proto":"UDP","dns":{"type":"answer","id":21739,"rcode":"NOERROR","rrname":"ca80628.tmweb.ru","rrtype":"A","ttl":599,"rdata":"92.53.96.130"}}
{"timestamp":"2019-05-01T16:00:18.622115+0000","flow_id":753598226136611,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.100.146","src_port":62075,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47894,"rrname":"vh74.timeweb.ru","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:18.679852+0000","flow_id":753598226136611,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":62075,"proto":"UDP","dns":{"type":"answer","id":47894,"rcode":"NOERROR","rrname":"vh74.timeweb.ru","rrtype":"A","ttl":599,"rdata":"92.53.96.130"}}
{"timestamp":"2019-05-01T16:00:18.818247+0000","flow_id":1409624415859705,"pcap_cnt":154,"event_type":"http","src_ip":"192.168.100.146","src_port":49400,"dest_ip":"92.53.96.130","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ca80628.tmweb.ru","url":"\/f.php?data=818-352-909-295&id_k=1","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-01T16:00:24.636238+0000","flow_id":845763929141173,"pcap_cnt":187,"event_type":"fileinfo","src_ip":"93.184.220.29","src_port":80,"dest_ip":"192.168.100.146","dest_port":49358,"proto":"TCP","http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":471},"app_proto":"http","fileinfo":{"filename":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w=","gaps":false,"state":"CLOSED","stored":false,"size":471,"tx_id":0}}
{"timestamp":"2019-05-01T16:00:24.852012+0000","flow_id":845763929141173,"pcap_cnt":191,"event_type":"http","src_ip":"192.168.100.146","src_port":49358,"dest_ip":"93.184.220.29","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1"}}
{"timestamp":"2019-05-01T16:00:24.867174+0000","flow_id":1470831995155547,"pcap_cnt":192,"event_type":"http","src_ip":"192.168.100.146","src_port":49497,"dest_ip":"93.184.220.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAel6FxdGxjhRtc9T%2FDD5e4%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-05-01T16:00:24.878333+0000","flow_id":1470831995155547,"pcap_cnt":193,"event_type":"fileinfo","src_ip":"93.184.220.29","src_port":80,"dest_ip":"192.168.100.146","dest_port":49497,"proto":"TCP","http":{"hostname":"ocsp.digicert.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAel6FxdGxjhRtc9T%2FDD5e4%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":471},"app_proto":"http","fileinfo":{"filename":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl+rBFlJbvzLXU1bGW08VysJ2wQUj+h+8G0yagAFI8dwl2o6kP9r6tQCEAel6FxdGxjhRtc9T\/DD5e4=","gaps":false,"state":"CLOSED","stored":false,"size":471,"tx_id":0}}
{"timestamp":"2019-05-01T16:00:28.027308+0000","flow_id":1870998393350828,"pcap_cnt":214,"event_type":"dns","src_ip":"192.168.100.146","src_port":51069,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42031,"rrname":"crl3.digicert.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:28.033381+0000","flow_id":1870998393350828,"pcap_cnt":215,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":51069,"proto":"UDP","dns":{"type":"answer","id":42031,"rcode":"NOERROR","rrname":"crl3.digicert.com","rrtype":"CNAME","ttl":8264,"rdata":"cs9.wac.phicdn.net"}}
{"timestamp":"2019-05-01T16:00:28.033381+0000","flow_id":1870998393350828,"pcap_cnt":215,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":51069,"proto":"UDP","dns":{"type":"answer","id":42031,"rcode":"NOERROR","rrname":"cs9.wac.phicdn.net","rrtype":"A","ttl":2096,"rdata":"93.184.220.29"}}
{"timestamp":"2019-05-01T16:00:28.333956+0000","flow_id":776378733333779,"pcap_cnt":358,"event_type":"http","src_ip":"192.168.100.146","src_port":49552,"dest_ip":"93.184.220.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"crl3.digicert.com","url":"\/EVCodeSigningSHA2-g1.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/x-pkcs7-crl"}}
{"timestamp":"2019-05-01T16:00:33.967415+0000","flow_id":1789415489913591,"pcap_cnt":375,"event_type":"dns","src_ip":"192.168.100.146","src_port":64262,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35849,"rrname":"crl4.digicert.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-01T16:00:33.972961+0000","flow_id":1789415489913591,"pcap_cnt":376,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":64262,"proto":"UDP","dns":{"type":"answer","id":35849,"rcode":"NOERROR","rrname":"crl4.digicert.com","rrtype":"CNAME","ttl":12020,"rdata":"digicert.cachefly.net"}}
{"timestamp":"2019-05-01T16:00:33.972961+0000","flow_id":1789415489913591,"pcap_cnt":376,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":64262,"proto":"UDP","dns":{"type":"answer","id":35849,"rcode":"NOERROR","rrname":"digicert.cachefly.net","rrtype":"CNAME","ttl":19316,"rdata":"digicert.edgefly.com"}}
{"timestamp":"2019-05-01T16:00:33.972961+0000","flow_id":1789415489913591,"pcap_cnt":376,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.146","dest_port":64262,"proto":"UDP","dns":{"type":"answer","id":35849,"rcode":"NOERROR","rrname":"digicert.edgefly.com","rrtype":"A","ttl":12108,"rdata":"66.225.197.197"}}
{"timestamp":"2019-05-01T16:00:34.271323+0000","flow_id":2069601976442382,"pcap_cnt":519,"event_type":"http","src_ip":"192.168.100.146","src_port":49644,"dest_ip":"66.225.197.197","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"crl4.digicert.com","url":"\/EVCodeSigningSHA2-g1.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/x-pkcs7-crl"}}
{"timestamp":"2019-05-01T16:00:59.452959+0000","flow_id":1409624415859705,"event_type":"fileinfo","src_ip":"92.53.96.130","src_port":80,"dest_ip":"192.168.100.146","dest_port":49400,"proto":"TCP","http":{"hostname":"ca80628.tmweb.ru","url":"\/f.php?data=818-352-909-295&id_k=1","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":302,"redirect":"https:\/\/vh74.timeweb.ru\/parking\/?ref=ca80628.tmweb.ru","length":154},"app_proto":"http","fileinfo":{"filename":"\/f.php","gaps":false,"state":"CLOSED","stored":false,"size":154,"tx_id":0}}
{"timestamp":"2019-05-01T16:00:59.452959+0000","flow_id":776378733333779,"event_type":"fileinfo","src_ip":"93.184.220.29","src_port":80,"dest_ip":"192.168.100.146","dest_port":49552,"proto":"TCP","http":{"hostname":"crl3.digicert.com","url":"\/EVCodeSigningSHA2-g1.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/x-pkcs7-crl","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":109208},"app_proto":"http","fileinfo":{"filename":"\/EVCodeSigningSHA2-g1.crl","gaps":false,"state":"CLOSED","stored":false,"size":109208,"tx_id":0}}
{"timestamp":"2019-05-01T16:00:59.452959+0000","flow_id":2069601976442382,"event_type":"fileinfo","src_ip":"66.225.197.197","src_port":80,"dest_ip":"192.168.100.146","dest_port":49644,"proto":"TCP","http":{"hostname":"crl4.digicert.com","url":"\/EVCodeSigningSHA2-g1.crl","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/x-pkcs7-crl","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":109208},"app_proto":"http","fileinfo":{"filename":"\/EVCodeSigningSHA2-g1.crl","gaps":false,"state":"CLOSED","stored":false,"size":109208,"tx_id":0}}


keyword_perf.log - (11653 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 06:37:17
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            3748            1               1               3748            3748.00         3748.00         0.00           
  flow             1705225         566             566             16134           3012.00         3012.00         0.00           
  content          6521201         1146            405             154187          5690.00         10521.00        3049.00        
  pcre             3698261         1233            0               46790           2999.00         0.00            2999.00        
  byte_test        537672          169             56              24777           3181.00         3484.00         3031.00        
  byte_jump        21690           7               7               4086            3098.00         3098.00         0.00           
  isdataat         17457           6               0               3485            2909.00         0.00            2909.00        
  flowbits         76280           24              4               7507            3178.00         5079.00         2798.00        
  urilen           88567           28              7               3697            3163.00         3303.00         3116.00        
  byte_extract     20565           4               4               10642           5141.00         5141.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            3748            1               1               3748            3748.00         3748.00         0.00           
  flow             1705225         566             566             16134           3012.00         3012.00         0.00           
  flowbits         60465           21              1               4504            2879.00         4504.00         2798.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          586288          173             107             7581            3388.00         3516.00         3182.00        
  pcre             84432           9               0               24512           9381.00         0.00            9381.00        
  byte_test        537672          169             56              24777           3181.00         3484.00         3031.00        
  byte_jump        21690           7               7               4086            3098.00         3098.00         0.00           
  isdataat         17457           6               0               3485            2909.00         0.00            2909.00        
  byte_extract     20565           4               4               10642           5141.00         5141.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         15815           3               3               7507            5271.00         5271.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          281922          74              37              4940            3809.00         3733.00         3886.00        
  pcre             141631          18              0               21998           7868.00         0.00            7868.00        
  urilen           88567           28              7               3697            3163.00         3303.00         3116.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12710           4               0               3524            3177.00         0.00            3177.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4852246         687             154             154187          7062.00         21645.00        2849.00        
  pcre             3398653         1197            0               46790           2839.00         0.00            2839.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          538738          136             87              24216           3961.00         3846.00         4165.00        
  pcre             73545           9               0               18307           8171.00         0.00            8171.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          123130          36              4               4463            3420.00         3553.00         3403.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7242            2               2               3689            3621.00         3621.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21134           7               2               3295            3019.00         3289.00         2911.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          84376           23              10              5519            3668.00         4410.00         3097.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13415           4               2               3553            3353.00         3310.00         3397.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 06:36:55,423 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 06:36:56,114 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 06:36:56,114 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-06 06:36:56,114 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 06:36:56,114 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 06:36:56,115 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/64272d87d1fbb72eef73aff7e4c4535156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap -vvv -k none
2019-05-06 06:37:17,299 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 06:37:17,300 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.8942508698


unified2.alert.1557124635 - (1333 bytes) - download
1
2
4\ɏ0ë*êü!À¨d’l£‚¸ÀËñ\ɏ\ɏ0ëÕRT6>ÿRTJ¯EÇg@€à3À¨d’l£‚¸ÀËVê`s5…¨P”»ï»¿<?xml version="1.0" encoding="UTF-8"?>
<rman_message version="68001"><code>1</code><string_param></string_param><string_param_2></string_param_2><int_param>1</int_param><data>77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxyb21fdmVyc2lvbiB2ZXJzaW9uPSI2ODAwMSI+PHByb2R1Y3Q+UlVUPC9wcm9kdWN0Pjx2ZXJzaW9uPjY4MDAxPC92ZXJzaW9uPjx0ZXh0X3ZlcnNpb24+Ni44LjAuMTwvdGV4dF92ZXJzaW9uPjxiZXRhX3ZlcnNpb24+MDwvYmV0YV92ZXJzaW9uPjxwcm90b2NvbF92ZXJzaW9uPjU8L3Byb3RvY29sX3ZlcnNpb24+PGtpbmQ+MTwva2luZD48aWQ+ODE4LTM1Mi05MDktMjk1PC9pZD48ZGV2aWNlX25hbWU+VXNlci1QQzwvZGV2aWNlX25hbWU+PGNvdW50cnlfY29kZT4yNDQ8L2NvdW50cnlfY29kZT48dXNlcl9kYXRhPjNDNTg1MEVGMjI3QkIyMDZFNTA3NTUxQzQ3MUVFOERGPC91c2VyX2RhdGE+PHN5c3RlbV9oYXNoPjA4Q0FDN0UyNTQ0MTMzRjNBODIzMEZENUY5MzM0QkMzMUFEQTY5NkVFNUYzMzczQjVEODUzMzZCNTcxRDRFRkQ5MEVGQjU5NzJFRUNFMzg3N0M3QUNENDUyODBGRUJCQTJCMjMzMDZCOENDRkYwRDhDNUUyOTJCQ0M3OEY2MjAzPC9zeXN0ZW1faGFzaD48c3luY19kYXRhPkM4Q0VBOEJBRDQxODFBMjFBNDU4QzVGNkU1MTIwN0Y0PC9zeW5jX2RhdGE+PHJhdGlvPjA8L3JhdGlvPjx0cmlhbF9zdGF0ZT4wPC90cmlhbF9zdGF0ZT48YnBoX3ZlcnNpb24+ZmFsc2U8L2JwaF92ZXJzaW9uPjxsaWNlbnNlX2tleT48L2xpY2Vuc2Vfa2V5PjxkYXlzX2xlZnQ+MDwvZGF5c19sZWZ0Pjwvcm9tX3ZlcnNpb24+DQo=</data></rman_message>


suricata-report-2019-05-06-T-06-37-17-05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap.txt - (17494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/64272d87d1fbb72eef73aff7e4c4535156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap -vvv -k none
elapsedtime:21.182322
stderr:
stdout:
6/5/2019 -- 06:36:56 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 06:36:56 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 06:36:56 - <Info> - CPUs/cores online: 1
6/5/2019 -- 06:36:56 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33666 and 'request-body-inspect-window' set to 16664 after randomization.
6/5/2019 -- 06:36:56 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32910 and 'response-body-inspect-window' set to 15838 after randomization.
6/5/2019 -- 06:36:56 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 06:36:56 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 06:36:56 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 06:36:56 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 06:36:56 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 06:36:56 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 06:36:56 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 06:36:56 - <Config> - Core dump size is unlimited.
6/5/2019 -- 06:36:56 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 06:36:56 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 06:36:56 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 06:36:56 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 06:36:56 - <Config> - stream "memcap": 33554432
6/5/2019 -- 06:36:56 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 06:36:56 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 06:36:56 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 06:36:56 - <Config> - stream."inline": disabled
6/5/2019 -- 06:36:56 - <Config> - stream "bypass": disabled
6/5/2019 -- 06:36:56 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly "toserver-chunk-size": 2647
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly "toclient-chunk-size": 2470
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 06:36:56 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 06:36:56 - <Config> - Delayed detect disabled
6/5/2019 -- 06:36:56 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 06:36:56 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 06:36:56 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 06:36:56 - <Config> - prefilter engines: MPM
6/5/2019 -- 06:36:56 - <Config> - IP reputation disabled
6/5/2019 -- 06:36:56 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 06:36:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
6/5/2019 -- 06:36:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
6/5/2019 -- 06:36:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
6/5/2019 -- 06:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
6/5/2019 -- 06:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
6/5/2019 -- 06:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
6/5/2019 -- 06:37:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
6/5/2019 -- 06:37:01 - <Config> - No rules loaded from ET-icmp.rules.
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
6/5/2019 -- 06:37:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
6/5/2019 -- 06:37:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
6/5/2019 -- 06:37:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
6/5/2019 -- 06:37:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
6/5/2019 -- 06:37:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
6/5/2019 -- 06:37:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
6/5/2019 -- 06:37:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
6/5/2019 -- 06:37:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
6/5/2019 -- 06:37:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
6/5/2019 -- 06:37:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
6/5/2019 -- 06:37:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
6/5/2019 -- 06:37:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
6/5/2019 -- 06:37:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
6/5/2019 -- 06:37:08 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 06:37:08 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
6/5/2019 -- 06:37:08 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 06:37:08 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 06:37:08 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
6/5/2019 -- 06:37:08 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 06:37:08 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
6/5/2019 -- 06:37:08 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
6/5/2019 -- 06:37:08 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
6/5/2019 -- 06:37:08 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
6/5/2019 -- 06:37:08 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
6/5/2019 -- 06:37:09 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 06:37:12 - <Perf> - Unique rule groups: 104
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toserver TCP packet": 35
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toclient TCP packet": 17
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toserver TCP stream": 33
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toclient TCP stream": 19
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toserver UDP packet": 27
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "toclient UDP packet": 17
6/5/2019 -- 06:37:12 - <Perf> - Builtin MPM "other IP packet": 3
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_uri": 14
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_header": 10
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_header": 6
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_header_names": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_protocol": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_method": 5
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver tls_sni": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 06:37:12 - <Perf> - AppLayer MPM "toclient file_data": 7
6/5/2019 -- 06:37:15 - <Perf> - Registered 39590 rule profiling counters.
6/5/2019 -- 06:37:15 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 06:37:15 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 06:37:15 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 06:37:15 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 06:37:15 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 06:37:15 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 06:37:15 - <Info> - reading pcap file /var/pcap/05062019.0636-cb79161e-5cc3-44e3-a657-b448dc4c4785.pcap
6/5/2019 -- 06:37:15 - <Config> - using 1 flow manager threads
6/5/2019 -- 06:37:15 - <Config> - using 1 flow recycler threads
6/5/2019 -- 06:37:15 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.