Filename: pcap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 37.6107299328 seconds
Hash: 6a0eb3361addad42d5d5bb92da9edd77
Uploaded: 1563443583

Logfiles


suricata-report-2019-07-18-T-09-53-41-07182019.0953-pcap.pcap.txt - (17642 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6a0eb3361addad42d5d5bb92da9edd7756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07182019.0953-pcap.pcap -vvv -k none
elapsedtime:22.153074
stderr:
stdout:
18/7/2019 -- 09:53:19 - <Info> - Configuration node 'rule-files' redefined.
18/7/2019 -- 09:53:19 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/7/2019 -- 09:53:19 - <Info> - CPUs/cores online: 1
18/7/2019 -- 09:53:19 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33699 and 'request-body-inspect-window' set to 16851 after randomization.
18/7/2019 -- 09:53:19 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33639 and 'response-body-inspect-window' set to 16158 after randomization.
18/7/2019 -- 09:53:19 - <Config> - DNS request flood protection level: 500
18/7/2019 -- 09:53:19 - <Config> - DNS per flow memcap (state-memcap): 524288
18/7/2019 -- 09:53:19 - <Config> - DNS global memcap: 16777216
18/7/2019 -- 09:53:19 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/7/2019 -- 09:53:19 - <Config> - preallocated 1000 hosts of size 136
18/7/2019 -- 09:53:19 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/7/2019 -- 09:53:19 - <Config> - using magic-file /usr/share/file/magic
18/7/2019 -- 09:53:19 - <Config> - Core dump size is unlimited.
18/7/2019 -- 09:53:19 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/7/2019 -- 09:53:19 - <Config> - preallocated 1000 defrag trackers of size 168
18/7/2019 -- 09:53:19 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/7/2019 -- 09:53:19 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/7/2019 -- 09:53:19 - <Config> - stream "memcap": 33554432
18/7/2019 -- 09:53:19 - <Config> - stream "midstream" session pickups: disabled
18/7/2019 -- 09:53:19 - <Config> - stream "async-oneside": disabled
18/7/2019 -- 09:53:19 - <Config> - stream "checksum-validation": disabled
18/7/2019 -- 09:53:19 - <Config> - stream."inline": disabled
18/7/2019 -- 09:53:19 - <Config> - stream "bypass": disabled
18/7/2019 -- 09:53:19 - <Config> - stream "max-synack-queued": 5
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly "memcap": 134217728
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly "depth": 0
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly "toserver-chunk-size": 2623
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly "toclient-chunk-size": 2598
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly.raw: enabled
18/7/2019 -- 09:53:19 - <Config> - stream.reassembly "segment-prealloc": 2048
18/7/2019 -- 09:53:19 - <Config> - Delayed detect disabled
18/7/2019 -- 09:53:19 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/7/2019 -- 09:53:19 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/7/2019 -- 09:53:19 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/7/2019 -- 09:53:19 - <Config> - prefilter engines: MPM
18/7/2019 -- 09:53:19 - <Config> - IP reputation disabled
18/7/2019 -- 09:53:19 - <Perf> - Registered 148 keyword profiling counters.
18/7/2019 -- 09:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/7/2019 -- 09:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/7/2019 -- 09:53:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/7/2019 -- 09:53:24 - <Config> - No rules loaded from ET-icmp.rules.
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/7/2019 -- 09:53:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/7/2019 -- 09:53:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/7/2019 -- 09:53:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/7/2019 -- 09:53:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/7/2019 -- 09:53:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/7/2019 -- 09:53:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/7/2019 -- 09:53:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/7/2019 -- 09:53:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/7/2019 -- 09:53:31 - <Config> - No rules loaded from local.rules.
18/7/2019 -- 09:53:31 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/7/2019 -- 09:53:31 - <Info> - Threshold config parsed: 0 rule(s) found
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tcp-packet
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tcp-stream
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for udp-packet
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for other-ip
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_uri
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_request_line
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_client_body
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_response_line
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_header
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_header
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_header_names
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_header_names
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_accept
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_accept_enc
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_accept_lang
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_referer
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_connection
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_content_len
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_content_len
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_content_type
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_content_type
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_protocol
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_protocol
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_start
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_start
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_raw_header
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_raw_header
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_method
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_cookie
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_cookie
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_raw_uri
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_user_agent
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_host
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_raw_host
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_stat_msg
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_stat_code
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for dns_query
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tls_sni
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for dce_stub_data
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for dce_stub_data
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for ssh_protocol
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for ssh_protocol
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for ssh_software
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for ssh_software
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for file_data
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for file_data
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_request_line
18/7/2019 -- 09:53:32 - <Perf> - using shared mpm ctx' for http_response_line
18/7/2019 -- 09:53:32 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/7/2019 -- 09:53:32 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/7/2019 -- 09:53:32 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/7/2019 -- 09:53:32 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/7/2019 -- 09:53:32 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/7/2019 -- 09:53:32 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/7/2019 -- 09:53:32 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/7/2019 -- 09:53:32 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/7/2019 -- 09:53:38 - <Perf> - Unique rule groups: 104
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/7/2019 -- 09:53:38 - <Perf> - Builtin MPM "other IP packet": 3
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_header": 10
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_header": 6
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_start": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_method": 5
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver http_host": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toserver file_data": 1
18/7/2019 -- 09:53:38 - <Perf> - AppLayer MPM "toclient file_data": 7
18/7/2019 -- 09:53:40 - <Perf> - Registered 39590 rule profiling counters.
18/7/2019 -- 09:53:40 - <Info> - fast output device (regular) initialized: alert
18/7/2019 -- 09:53:40 - <Info> - eve-log output device (regular) initialized: eve.json
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'alert'
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'http'
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'dns'
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'tls'
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'files'
18/7/2019 -- 09:53:40 - <Config> - enabling 'eve-log' module 'ssh'
18/7/2019 -- 09:53:40 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/7/2019 -- 09:53:40 - <Info> - stats output device (regular) initialized: stats.log
18/7/2019 -- 09:53:40 - <Config> - AutoFP mode using "Hash" flow load balancer
18/7/2019 -- 09:53:40 - <Info> - reading pcap file /var/pcap/07182019.0953-pcap.pcap
18/7/2019 -- 09:53:40 - <Config> - using 1 flow manager threads
18/7/2019 -- 09:53:40 - <Config> - us

This file has been truncated. Go here to download in full.


packet_stats.log - (12024 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            61          6315094      105697910      67110333          4.1b   75.62
 IPv4      17            29          3702232       98761900      45501943          1.3b   24.38
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            61           121322       21655848       1206047         73.6m   73.32
TMM_FLOWWORKER              IPv4      17            29           222328        7646736        891315         25.8m   25.76
TMM_RECEIVEPCAPFILE         IPv4       6            58             4448           6276          5078        294.6k    0.29
TMM_RECEIVEPCAPFILE         IPv4      17            29             4462          22118          5546        160.8k    0.16
TMM_DECODEPCAPFILE          IPv4       6            58             4560          17486          5097        295.7k    0.29
TMM_DECODEPCAPFILE          IPv4      17            29             4574          34140          5969        173.1k    0.17

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            58             4882          11528          5663        328.5k  0.38  
flow                    IPv4      17            29             4590          61186          8896        258.0k  0.30  
stream                  IPv4       6            61             5342        1590574         81880          5.0m  5.81  
app-layer               IPv4      17            29             4428          57694         11757        341.0k  0.40  
detect                  IPv4       6            61            79172       20632658       1015182         61.9m  71.98 
detect                  IPv4      17            29           194878        2588232        616071         17.9m  20.77 
tcp-prune               IPv4       6            61             4462          10906          5171        315.4k  0.37  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             5120           7872          6496         13.0k  20.67 
http                    IPv4      17             1             8192           8192          8192          8.2k  13.03 
dns                     IPv4      17             3             8862          23330         13894         41.7k  66.30 
Proto detect            IPv4       6             1            15996          15996         15996         16.0k
Proto detect            IPv4      17             9             5038          41494         13021        117.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             3            60984        6659128       2260437          6.8m  68.56 
LOGGER_JSON_HTTP            IPv4       6             6            44602         915728        231175          1.4m  14.02 
LOGGER_JSON_FILE            IPv4       6            11            58848         756502        156598          1.7m  17.42 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            42             4854         594126         63988         2.7m  25.53 
payload                           IPv4      17            29             5514         907962         67864         2.0m  18.69 
stream                            IPv4       6            42             4424         545530         53576         2.3m  21.37 
http_uri                          IPv4       6             6            23524          60392         39560       237.4k  2.25  
http_request_line                 IPv4       6             6             9116          14888         11517        69.1k  0.66  
http_client_body                  IPv4       6             6             6298          11976          8466        50.8k  0.48  
http_header (request)             IPv4       6             6            54528         176138        106899       641.4k  6.09  
http_header (request trailer)     IPv4       6             6             4514           5340          4718        28.3k  0.27  
http_header_names (request)       IPv4       6             6            14514         889706        169622         1.0m  9.67  
http_accept (request)             IPv4       6             6             5222          10520          7774        46.6k  0.44  
http_referer (request)            IPv4       6             6             4978           6666          5479        32.9k  0.31  
http_content_len (request)        IPv4       6             6             5072           6134          5400        32.4k  0.31  
http_content_type (request)       IPv4       6             6             4902           6084          5284        31.7k  0.30  
http_protocol (request)           IPv4       6             6             5984          12802          7804        46.8k  0.44  
http_start (request)              IPv4       6             6            15244          36318         25820       154.9k  1.47  
http_raw_header (request)         IPv4       6             6            17982          69004         30159       181.0k  1.72  
http_method                       IPv4       6             6             6240          11800          8324        49.9k  0.47  
http_cookie (request)             IPv4       6             6             5122           5812          5395        32.4k  0.31  
http_raw_uri                      IPv4       6             6             6512          12866          9049        54.3k  0.52  
http_user_agent                   IPv4       6             6            20884          73070         44736       268.4k  2.55  
http_host                         IPv4       6             6             6852          22520         13028        78.2k  0.74  
dns_query                         IPv4      17             2            14148          16034         15091        30.2k  0.29  
http_response_line                IPv4       6             5             7566          12312          9159        45.8k  0.43  
http_header (response)            IPv4       6             5            25306          86332         47524       237.6k  2.26  
http_header (response trailer)    IPv4       6             5             4506           5086          4675        23.4k  0.22  
http_content_type (response)      IPv4       6             5             8820          15122         10405        52.0k  0.49  
http_raw_header (response)        IPv4       6             8             7270          21300         11948        95.6k  0.91  
http_cookie (response)            IPv4       6             5             4944           7578          5543        27.7k  0.26  
http_stat_code                    IPv4       6             5             6768          11510          8300        41.5k  0.39  
file_data (http response)         IPv4       6             3             4828           5108          4967        14.9k  0.14  
Total                             IPv4                   264                                         39881        10.5m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            10304         474996        246635        986.5k  0.89  
PROF_DETECT_IPONLY          IPv4      17             9            29550         471310        127093          1.1m  1.03  
PROF_DETECT_RULES           IPv4       6            61             4464       18479390        693969         42.3m  38.03 
PROF_DETECT_RULES           IPv4      17            29            93964        1574464        367884         10.7m  9.59  
PROF_DETECT_STATEFUL_START    IPv4       6            26             8918       10514756        823590         21.4m  19.24 
PROF_DETECT_STATEFUL_CONT    IPv4       6            61             4480          62948         11109        677.7k  0.61  
PROF_DETECT_STATEFUL_CONT    IPv4      17            29             4416         166486         10756        311.9k  0.28  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            52             4466          22370          5690        295.9k  0.27  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             3             5430         422050        144348        433.0k  0.39  
PROF_DETECT_PREFILTER       IPv4       6            61            13694        2072270        210367         12.8m  11.53 
PROF_DETECT_PREFILTER       IPv4      17            29            41670         949962        117641          3.4m  3.07  
PROF_DETECT_PF_PAYLOAD      IPv4       6            42            26752         615216        132109          5.5m  4.99  
PROF_DETECT_PF_PAYLOAD      IPv4      17            29            14554         917400         84190          2.4m  2.19  
PROF_DETECT_PF_TX           IPv4       6            52             4598        1463394        104980          5.5m  4.90  
PROF_DETECT_PF_TX           IPv4      17             2            24446          26030         25238         50.5k  0.05  
PROF_DETECT_PF_SORT1        IPv4       6            39             4456          20210          6657        259.6k  0.23  
PROF_DETECT_PF_SORT1        IPv4      17            29             4530           8276          5927        171.9k  0.15  
PROF_DETECT_PF_SORT2        IPv4       6            61             4450          26286          5541        338.0k  0.30  
PROF_DETECT_PF_SORT2        IPv4      17            29             4440           6182          5088        147.6k  0.13  
PROF_DETECT_NONMPMLIST      IPv4       6            61             4486         420964         12082        737.0k  0.66  
PROF_DETECT_NONMPMLIST      IPv4      17            29             4420           6080          4909        142.4k  0.13  
PROF_DETECT_ALERT           IPv4       6            61             4418           6054          4761        290.4k  0.26  
PROF_DETECT_ALERT           IPv4      17            29             4422          20284          5231        151.7k  0.14  
PROF_DETECT_CLEANUP         IPv4       6            61             4472          21992          5381        328.2k  0.29  
PROF_DETECT_CLEANUP         IPv4      17            29             4412           8150          5005        145.2k  0.13  
PROF_DETECT_GETSGH          IPv4       6            61             4406          20110          5476        334.1k  0.30  
PROF_DETECT_GETSGH          IPv4      17            29             4414          33592          8552        248.0k  0.22  


suricata-4.0.0-etpro-all-perf.txt-2019-07-18-T-09-53-41-07182019.0953-pcap.pcap.txt - (19926 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/18/2019 -- 09:53:41. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2821561      1        2        1203348      3.15   5        0        1002276     240669.60   0.00        240669.60  
  2        2025064      1        5        1311774      3.44   6        0        992120      218629.00   0.00        218629.00  
  3        2816525      1        10       1334832      3.50   6        0        910514      222472.00   0.00        222472.00  
  4        2816910      1        2        1367176      3.58   6        0        909692      227862.67   0.00        227862.67  
  5        2806457      1        5        1145614      3.00   6        0        888430      190935.67   0.00        190935.67  
  6        2017613      1        9        1147348      3.01   6        0        888036      191224.67   0.00        191224.67  
  7        2814959      1        4        1111636      2.91   6        0        876716      185272.67   0.00        185272.67  
  8        2816931      1        3        1159572      3.04   6        0        874618      193262.00   0.00        193262.00  
  9        2018958      1        18       1052340      2.76   6        0        862878      175390.00   0.00        175390.00  
  10       2821641      1        2        1021770      2.68   6        0        855608      170295.00   0.00        170295.00  
  11       2011894      1        19       758954       1.99   6        0        485034      126492.33   0.00        126492.33  
  12       2010143      1        3        551086       1.44   28       0        422012      19681.64    0.00        19681.64   
  13       2023626      1        3        546922       1.43   29       0        419534      18859.38    0.00        18859.38   
  14       2816922      1        5        597898       1.57   6        0        307898      99649.67    0.00        99649.67   
  15       2816909      1        2        667374       1.75   6        0        167244      111229.00   0.00        111229.00  
  16       2805348      1        4        1152816      3.02   14       0        133602      82344.00    0.00        82344.00   
  17       2816940      1        2        635532       1.67   6        0        115514      105922.00   0.00        105922.00  
  18       2816809      1        2        429748       1.13   6        0        98916       71624.67    0.00        71624.67   
  19       2816925      1        3        362002       0.95   6        0        91932       60333.67    0.00        60333.67   
  20       2828060      1        4        296138       0.78   5        0        90994       59227.60    0.00        59227.60   
  21       2816895      1        2        396904       1.04   6        0        89202       66150.67    0.00        66150.67   
  22       2828986      1        2        373724       0.98   8        0        84338       46715.50    0.00        46715.50   
  23       2828122      1        2        393132       1.03   6        0        82804       65522.00    0.00        65522.00   
  24       2816327      1        4        419686       1.10   6        0        81924       69947.67    0.00        69947.67   
  25       2018981      1        4        351608       0.92   6        0        79528       58601.33    0.00        58601.33   
  26       2021214      1        2        349492       0.92   6        0        79188       58248.67    0.00        58248.67   
  27       2018358      1        7        360250       0.94   6        0        78498       60041.67    0.00        60041.67   
  28       2829848      1        2        333090       0.87   8        0        78018       41636.25    0.00        41636.25   
  29       2018452      1        15       357124       0.94   6        0        76988       59520.67    0.00        59520.67   
  30       2816928      1        3        395416       1.04   6        0        75854       65902.67    0.00        65902.67   
  31       2022502      1        4        402960       1.06   6        0        74758       67160.00    0.00        67160.00   
  32       2820851      1        5        365950       0.96   6        0        73958       60991.67    0.00        60991.67   
  33       2815817      1        5        308256       0.81   6        0        73642       51376.00    0.00        51376.00   
  34       2022609      1        2        73264        0.19   1        0        73264       73264.00    0.00        73264.00   
  35       2816927      1        3        391918       1.03   6        0        72624       65319.67    0.00        65319.67   
  36       2016858      1        10       307756       0.81   6        0        71246       51292.67    0.00        51292.67   
  37       2018496      1        9        292676       0.77   6        0        69238       48779.33    0.00        48779.33   
  38       2816924      1        4        318004       0.83   6        0        66330       53000.67    0.00        53000.67   
  39       2018983      1        7        284924       0.75   6        0        63962       47487.33    0.00        47487.33   
  40       2821615      1        2        298320       0.78   6        0        63946       49720.00    0.00        49720.00   
  41       2018010      1        5        236550       0.62   6        0        63902       39425.00    0.00        39425.00   
  42       2808344      1        3        296872       0.78   6        0        61550       49478.67    0.00        49478.67   
  43       2015808      1        6        241100       0.63   6        0        61466       40183.33    0.00        40183.33   
  44       2815325      1        3        288386       0.76   6        0        59818       48064.33    0.00        48064.33   
  45       2809547      1        5        226028       0.59   6        0        59640       37671.33    0.00        37671.33   
  46       2816328      1        5        326908       0.86   6        0        58730       54484.67    0.00        54484.67   
  47       2014380      1        4        396920       1.04   12       0        57950       33076.67    0.00        33076.67   
  48       2819673      1        4        274466       0.72   6        0        56952       45744.33    0.00        45744.33   
  49       2019881      1        3        280112       0.73   6        0        55976       46685.33    0.00        46685.33   
  50       2823077      1        4        279982       0.73   6        0        55856       46663.67    0.00        46663.67   
  51       2828008      1        2        230028       0.60   6        0        55304       38338.00    0.00        38338.00   
  52       2024178      1        2        237954       0.62   6        0        53488       39659.00    0.00        39659.00   
  53       2816929      1        4        272846       0.72   6        0        52160       45474.33    0.00        45474.33   
  54       2012612      1        16       228228       0.60   6        0        51686       38038.00    0.00        38038.00   
  55       2022973      1        1        75582        0.20   2        0        51546       37791.00    0.00        37791.00   
  56       2804626      1        9        241128       0.63   6        0        50984       40188.00    0.00        40188.00   
  57       2019344      1        5        278806       0.73   6        0        50662       46467.67    0.00        46467.67   
  58       2816526      1        13       276126       0.72   6        0        50476       46021.00    0.00        46021.00   
  59       2024771      1        1        230108       0.60   5        0        50164       46021.60    0.00        46021.60   
  60       2003657      1        18       234326       0.61   6        0        49534       39054.33    0.00        39054.33   
  61       2017552      1        6        608420       1.59   21       0        49294       28972.38    0.00        28972.38   
  62       2816930      1        4        268112       0.70   6        0        49118       44685.33    0.00        44685.33   
  63       2816356      1        2        49090        0.13   1        0        49090       49090.00    0.00        49090.00   
  64       2018242      1        5        266580       0.70   6        0        48936       44430.00    0.00        44430.00   
  65       2003492      1        30       219802       0.58   6        0        48672       36633.67    0.00        36633.67   
  66       2827580      1        7        222056       0.58   6        0        47614       37009.33    0.00        37009.33   
  67       2809859      1        6        46862        0.12   1        0        46862       46862.00    0.00        46862.00   
  68       2821642      1        2        218098       0.57   6        0        46028       36349.67    0.00        36349.67   
  69       2020705      1        4        212462       0.56   6        0        42942       35410.33    0.00        35410.33   
  70       2014090      1        7        216244       0.57   6        0        42410       36040.67    0.00        36040.67   
  71       2020698      1        2        42146        0.11   1        0        42146       42146.00    0.00        42146.00   
  72       2016537      1        2        395530       1.04   15       0        41136       26368.67    0.00        26368.67   
  73       2014701      1        12       80520        0.21   3        0        38774       26840.00    0.00        26840.00   
  74       2827279      1        5        210840       0.55   6        0        38698       35140.00    0.00        35140.00   
  75       2826256      1        2        216916       0.57   6        0        38648       36152.67    0.00        36152.67   
  76       2021813      1        6        205418       0.54   6        0        37248       34236.33    0.00        34236.33   
  77       2816669      1        4        174364       0.46   5        0        37212       34872.80    0.00        34872.80   
  78       2809682      1        5        206284       0.54   6        0        37058       34380.67    0.00        34380.67   
  79       2816165      1        5        202842       0.53   6        0        36764       33807.00    0.00        33807.00   
  80       2821643      1        2        202668       0.53   6        0        36232       33778.00    0.00        33778.00   
  81       2016223      1        10       203484       0.53   6        0        36174       33914.00    0.00        33914.00   
  82       2805260      1        4        201350       0.53   6        0        35190       33558.33    0.00        33558.33   
  83       2821644      1        4        202038       0.53   6        0        35160       33673.00    0.00        33673.00   
  84       2810055      1        2        76872        0.20   10       0        29722       7687.20     0.00        7687.20    
  85       2803760      1        3        56524        0.15   2        0        28808       28262.00    0.00        28262.00   
  86       2022543      1        1        28474        0.07   1        0        28474       28474.00    0.00        28474.00   
  87       2826281      1        2        55334        0.15   2        0        28008       27667.00    0.00        27667.00   
  88       2014702      1        9        52678        0.14   3        0        24454       17559.33    0.00        17559.33   
  89       2014703      1        9        53600        0.14   3        0        23950       17866.67    0.00        17866.67   
  90       2023624      1        3        154702       0.41   29       0        22564       5334.55     0.00        5334.55    
  91       2828877      1        1        129838       0.34   25       0        20888       5193.52     0.00        5193.52    
  92       2828876      1        1        75466        0.20   12       0        20844       6288.83     0.00        6288.83    
  93       2021407      1        4        47094        0.12   6        0        18860       7849.00     0.00        7849.00    
  94       2019017      1        3        78958        0.21   14       0        17530       5639.86     0.00        5639.86    
  95       2023620      1        3        98438        0.26   20       0        10158       4921.90     0.00        4921.90    
  96       2816920      1        1        31622        0.08   6        0        7786        5270.33     0.00        5270.33    
  97       2023625      1        3        65668        0.17   14       0        7316        4690.57     0.00        4690.57    
  98       2019011      1        3        69032        0.18   14       0        7044        4930.86     0.00        4930.86    
  99       2008118      1        3        6980         0.02   1        0        6980        6980.00     0.00        6980.00    
  100      2008119      1        3        56236        0.15   11       0        6744        5112.36     0.00        5112.36    
  101      2810793      1        5        31030        0.08   6        0        6738        5171.67     0.00        5171.67    
  102      2804587      1        2        30592        0.08   6        0        6660        5098.67     0.00        5098.67    
  103      2008116      1        4        73294        0.19   14       0        6626        5235.29     0.00        5235.29    
  104      2811445      1        4        32048        0.08   6        0        6586        5341.33     0.00        5341.33    
  105      2008120      1        4        131146       0.34   27       0        6436        4857.26     0.00        4857.26    
  106      2008117      1        3        69778        0.18   14       0        6394        4984.14     0.00        4984.14    
  107      2100361      1        17       34088        0.09   6        0        6382        5681.33     0.00        5681.33    
  108      2013926      1        8        31372        0.08   6        0        6310        5228.67     0.00        5228.67    
  109      2802880      1        3        26580        0.07   5        0        6286        5316.00     0.00        5316.00    
  110      2802823      1        1        58754        0.15   11       0        6222        5341.27     0.00        5341.27    
  111      2802205      1        3        68602        0.18   14       0        6206        4900.14     0.00        4900.14    
  112      2023627      1        3        142222       0.37   29       0        6176        4904.21     0.00        4904.21    
  113      2009702      1        5        16364        0.04   3        0        6130        5454.67     0.00        5454.67    
  114      2023622      1        3        111430       0.29   24       0        6090        4642.92     0.00        4642.92    
  115      2802822      1        1        68204        0.18   14       0        6046        4871.71     0.00        4871.71    
  116      2020388      1        8        33206        0.09   6        0        5942        5534.33     0.00        5534.33    
  117      2801347      1        5        29068        0.08   6        0        5890        4844.67     0.00        4844.67    
  118      2010140      1        7        130760       0.34   28       0        5890        4670.00     0.00        4670.00    
  119      2101529      1        12       29324        0.08   6        0        5854        4887.33     0.00        4887.33    
  120      2823788      1        4        11228        0.03   2        0        5822        5614.00     0.00        5614.00    
  121      2025200      1        1        15376        0.04   3        0        5796        5125.33     0.00        5125.33    
  122      2100540      1        12       50372        0.13   10       0        5786        5037.20     0.00        5037.20    
  123      2016181      1        2        10208        0.03   2        0        5724        5104.00     0.00        5104.00    
  124      2100540      1        12       48698        0.13   10       0        5666        4869.80     0.00        4869.80    
  125      2804589      1        3        2

This file has been truncated. Go here to download in full.


stats.log - (2830 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 7/18/2019 -- 09:53:41 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 96
decoder.bytes                              | Total                     | 32481
decoder.ipv4                               | Total                     | 87
decoder.ethernet                           | Total                     | 96
decoder.tcp                                | Total                     | 58
decoder.udp                                | Total                     | 29
decoder.avg_pkt_size                       | Total                     | 338
decoder.max_pkt_size                       | Total                     | 1156
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 8
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 6
flow.spare                                 | Total                     | 9995
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (12541 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
{"timestamp":"2016-05-24T04:26:19.267609+0000","flow_id":1187510540244313,"pcap_cnt":11,"event_type":"dns","src_ip":"192.168.56.118","src_port":1025,"dest_ip":"78.46.218.253","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11741,"rrname":"store.ufmsecret.org","rrtype":"A","tx_id":0}}
{"timestamp":"2016-05-24T04:26:20.263684+0000","flow_id":600010553820676,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.56.118","src_port":1025,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11741,"rrname":"store.ufmsecret.org","rrtype":"A","tx_id":0}}
{"timestamp":"2016-05-24T04:26:20.466334+0000","flow_id":600010553820676,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.118","dest_port":1025,"proto":"UDP","dns":{"type":"answer","id":11741,"rcode":"NOERROR","rrname":"store.ufmsecret.org","rrtype":"A","ttl":1799,"rdata":"98.124.243.36"}}
{"timestamp":"2016-05-24T04:26:40.376514+0000","flow_id":1932442554314574,"pcap_cnt":33,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/answer.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAZoZmlqYWlsb3kw&type=124134","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1232},"app_proto":"http","fileinfo":{"filename":"\/images\/answer.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":0}}
{"timestamp":"2016-05-24T04:26:40.376567+0000","flow_id":1932442554314574,"pcap_cnt":34,"event_type":"http","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/answer.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAZoZmlqYWlsb3kw&type=124134","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html"}}
{"timestamp":"2016-05-24T04:27:00.821596+0000","flow_id":1932442554314574,"pcap_cnt":47,"event_type":"fileinfo","src_ip":"98.124.243.36","src_port":80,"dest_ip":"192.168.56.118","dest_port":1058,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/answer.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAZoZmlqYWlsb3kw&type=124134","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":3764},"app_proto":"http","fileinfo":{"filename":"\/images\/answer.aspx","gaps":false,"state":"CLOSED","stored":false,"size":3764,"tx_id":0}}
{"timestamp":"2016-05-24T04:27:00.825380+0000","flow_id":1932442554314574,"pcap_cnt":52,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/callback.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2dpb2lhbWBlMA==&type=123615","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1232},"app_proto":"http","fileinfo":{"filename":"\/images\/callback.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":1}}
{"timestamp":"2016-05-24T04:27:00.972101+0000","flow_id":1932442554314574,"pcap_cnt":55,"event_type":"http","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/callback.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2dpb2lhbWBlMA==&type=123615","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html"}}
{"timestamp":"2016-05-24T04:27:21.404513+0000","flow_id":1932442554314574,"pcap_cnt":60,"event_type":"fileinfo","src_ip":"98.124.243.36","src_port":80,"dest_ip":"192.168.56.118","dest_port":1058,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/callback.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2dpb2lhbWBlMA==&type=123615","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":3768},"app_proto":"http","fileinfo":{"filename":"\/images\/callback.aspx","gaps":false,"state":"CLOSED","stored":false,"size":3768,"tx_id":1}}
{"timestamp":"2016-05-24T04:27:21.407595+0000","flow_id":1932442554314574,"pcap_cnt":65,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/exsites.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2RkY2tsbGVnZTA=&type=123055","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1232},"app_proto":"http","fileinfo":{"filename":"\/images\/exsites.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":2}}
{"timestamp":"2016-05-24T04:27:21.602001+0000","flow_id":1932442554314574,"pcap_cnt":68,"event_type":"http","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/exsites.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2RkY2tsbGVnZTA=&type=123055","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html"}}
{"timestamp":"2016-05-24T04:27:41.989944+0000","flow_id":1932442554314574,"pcap_cnt":70,"event_type":"fileinfo","src_ip":"98.124.243.36","src_port":80,"dest_ip":"192.168.56.118","dest_port":1058,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/exsites.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2RkY2tsbGVnZTA=&type=123055","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":3766},"app_proto":"http","fileinfo":{"filename":"\/images\/exsites.aspx","gaps":false,"state":"CLOSED","stored":false,"size":3766,"tx_id":2}}
{"timestamp":"2016-05-24T04:27:41.993433+0000","flow_id":1932442554314574,"pcap_cnt":75,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/spread.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2ZpbWhvaGZ5eDA=&type=122536","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1232},"app_proto":"http","fileinfo":{"filename":"\/images\/spread.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":3}}
{"timestamp":"2016-05-24T04:27:42.131722+0000","flow_id":1932442554314574,"pcap_cnt":78,"event_type":"http","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/spread.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2ZpbWhvaGZ5eDA=&type=122536","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html"}}
{"timestamp":"2016-05-24T04:28:02.585748+0000","flow_id":1932442554314574,"pcap_cnt":88,"event_type":"fileinfo","src_ip":"98.124.243.36","src_port":80,"dest_ip":"192.168.56.118","dest_port":1058,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/spread.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2ZpbWhvaGZ5eDA=&type=122536","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":3764},"app_proto":"http","fileinfo":{"filename":"\/images\/spread.aspx","gaps":false,"state":"CLOSED","stored":false,"size":3764,"tx_id":3}}
{"timestamp":"2016-05-24T04:28:02.589459+0000","flow_id":1932442554314574,"pcap_cnt":94,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/jiathis.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2VmY2BhamBgYDA=&type=122016","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1232},"app_proto":"http","fileinfo":{"filename":"\/images\/jiathis.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":4}}
{"timestamp":"2016-05-24T04:28:02.589515+0000","flow_id":1932442554314574,"pcap_cnt":95,"event_type":"http","src_ip":"192.168.56.118","src_port":1058,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/jiathis.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2VmY2BhamBgYDA=&type=122016","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html"}}
{"timestamp":"2016-05-24T04:28:02.761492+0000","flow_id":1606896916898057,"event_type":"http","src_ip":"192.168.56.118","src_port":1057,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"store.ufmsecret.org","url":"\/images\/observer.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2RgaGhqbHh7ejA=&type=124653","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"}}
{"timestamp":"2016-05-24T04:28:02.761492+0000","flow_id":1606896916898057,"event_type":"fileinfo","src_ip":"192.168.56.118","src_port":1057,"dest_ip":"98.124.243.36","dest_port":80,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/observer.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2RgaGhqbHh7ejA=&type=124653","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/images\/observer.aspx","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":0}}
{"timestamp":"2016-05-24T04:28:02.761492+0000","flow_id":1932442554314574,"event_type":"fileinfo","src_ip":"98.124.243.36","src_port":80,"dest_ip":"192.168.56.118","dest_port":1058,"proto":"TCP","http":{"hostname":"store.ufmsecret.org","url":"\/images\/jiathis.aspx?SiteId=Z1NmY\/pdY2NgZ2RrYlEhBj0jJiopLi8gJiIlDgoKmAYdY2VmY2BhamBgYDA=&type=122016","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":3766},"app_proto":"http","fileinfo":{"filename":"\/images\/jiathis.aspx","gaps":false,"state":"CLOSED","stored":false,"size":3766,"tx_id":4}}


keyword_perf.log - (9369 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/18/2019 -- 09:53:41
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2672928         454             454             80484           5887.00         5887.00         0.00           
  content          6557704         744             446             865344          8814.00         8791.00         8848.00        
  pcre             2240326         132             30              861956          16972.00        12670.00        18237.00       
  byte_test        284140          50              44              26566           5682.00         5797.00         4840.00        
  byte_jump        75592           14              14              11312           5399.00         5399.00         0.00           
  isdataat         4944            1               0               4944            4944.00         0.00            4944.00        
  urilen           1603616         146             78              835386          10983.00        15612.00        5674.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2672928         454             454             80484           5887.00         5887.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          564430          93              55              27722           6069.00         5929.00         6271.00        
  byte_test        284140          50              44              26566           5682.00         5797.00         4840.00        
  byte_jump        75592           14              14              11312           5399.00         5399.00         0.00           
  isdataat         4944            1               0               4944            4944.00         0.00            4944.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          858980          139             61              28468           6179.00         6045.00         6284.00        
  pcre             1635082         79              0               861956          20697.00        0.00            20697.00       
  urilen           1603616         146             78              835386          10983.00        15612.00        5674.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57808           10              0               7310            5780.00         0.00            5780.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3798350         296             196             865344          12832.00        12159.00        14150.00       
  pcre             444362          41              18              75740           10838.00        12179.00        9788.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          151454          24              18              22874           6310.00         5613.00         8400.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          78884           10              10              26346           7888.00         7888.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38738           6               0               8000            6456.00         0.00            6456.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          941776          156             96              31906           6037.00         6201.00         5773.00        
  pcre             160882          12              12              78798           13406.00        13406.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          67284           10              10              20686           6728.00         6728.00         0.00           


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-07-18 09:53:18,474 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-18 09:53:19,196 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-18 09:53:19,197 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-18 09:53:19,197 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-18 09:53:19,197 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-18 09:53:19,198 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/6a0eb3361addad42d5d5bb92da9edd7756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07182019.0953-pcap.pcap -vvv -k none
2019-07-18 09:53:41,354 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-18 09:53:41,354 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.8887331486