Filename: 4ff8c425-2e4d-4ab6-84dd-3c56656279e6.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 8.81283903122 seconds
Hash: 6a69f25b19dfcd2336e30db7a84d7d0b
Uploaded: 1553615939

Logfiles


suricata-report-2019-03-26-T-15-59-08-03262019.1558-4ff8c425-2e4d-4ab6-84dd-3c56656279e6.pcap.txt - (18126 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/6a69f25b19dfcd2336e30db7a84d7d0bd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03262019.1558-4ff8c425-2e4d-4ab6-84dd-3c56656279e6.pcap -vvv -k none
elapsedtime:7.899141
stderr:
stdout:
26/3/2019 -- 15:59:00 - <Info> - Configuration node 'rule-files' redefined.
26/3/2019 -- 15:59:00 - <Notice> - This is Suricata version 4.0.0 RELEASE
26/3/2019 -- 15:59:00 - <Info> - CPUs/cores online: 1
26/3/2019 -- 15:59:00 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34076 and 'request-body-inspect-window' set to 15802 after randomization.
26/3/2019 -- 15:59:00 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34103 and 'response-body-inspect-window' set to 17073 after randomization.
26/3/2019 -- 15:59:00 - <Config> - DNS request flood protection level: 500
26/3/2019 -- 15:59:00 - <Config> - DNS per flow memcap (state-memcap): 524288
26/3/2019 -- 15:59:00 - <Config> - DNS global memcap: 16777216
26/3/2019 -- 15:59:00 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
26/3/2019 -- 15:59:00 - <Config> - preallocated 1000 hosts of size 136
26/3/2019 -- 15:59:00 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
26/3/2019 -- 15:59:00 - <Config> - using magic-file /usr/share/file/magic
26/3/2019 -- 15:59:00 - <Config> - Core dump size is unlimited.
26/3/2019 -- 15:59:00 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
26/3/2019 -- 15:59:00 - <Config> - preallocated 1000 defrag trackers of size 168
26/3/2019 -- 15:59:00 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
26/3/2019 -- 15:59:00 - <Config> - stream "prealloc-sessions": 2048 (per thread)
26/3/2019 -- 15:59:00 - <Config> - stream "memcap": 33554432
26/3/2019 -- 15:59:00 - <Config> - stream "midstream" session pickups: disabled
26/3/2019 -- 15:59:00 - <Config> - stream "async-oneside": disabled
26/3/2019 -- 15:59:00 - <Config> - stream "checksum-validation": disabled
26/3/2019 -- 15:59:00 - <Config> - stream."inline": disabled
26/3/2019 -- 15:59:00 - <Config> - stream "bypass": disabled
26/3/2019 -- 15:59:00 - <Config> - stream "max-synack-queued": 5
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly "memcap": 134217728
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly "depth": 0
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly "toserver-chunk-size": 2603
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly "toclient-chunk-size": 2653
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly.raw: enabled
26/3/2019 -- 15:59:00 - <Config> - stream.reassembly "segment-prealloc": 2048
26/3/2019 -- 15:59:00 - <Config> - Delayed detect disabled
26/3/2019 -- 15:59:00 - <Config> - pattern matchers: MPM: ac, SPM: bm
26/3/2019 -- 15:59:00 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
26/3/2019 -- 15:59:00 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
26/3/2019 -- 15:59:00 - <Config> - prefilter engines: MPM
26/3/2019 -- 15:59:00 - <Config> - IP reputation disabled
26/3/2019 -- 15:59:00 - <Perf> - Registered 148 keyword profiling counters.
26/3/2019 -- 15:59:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
26/3/2019 -- 15:59:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
26/3/2019 -- 15:59:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
26/3/2019 -- 15:59:01 - <Config> - No rules loaded from ET-emerging-icmp.rules.
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
26/3/2019 -- 15:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
26/3/2019 -- 15:59:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
26/3/2019 -- 15:59:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
26/3/2019 -- 15:59:02 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
26/3/2019 -- 15:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
26/3/2019 -- 15:59:04 - <Config> - No rules loaded from local.rules.
26/3/2019 -- 15:59:04 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
26/3/2019 -- 15:59:04 - <Info> - Threshold config parsed: 0 rule(s) found
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tcp-packet
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tcp-stream
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for udp-packet
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for other-ip
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_uri
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_client_body
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_accept
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_accept_enc
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_accept_lang
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_referer
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_connection
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_method
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_raw_uri
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_user_agent
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_host
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_raw_host
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_stat_msg
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_stat_code
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for dns_query
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tls_sni
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tls_cert_issuer
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tls_cert_subject
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for tls_cert_serial
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 15:59:05 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 15:59:05 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
26/3/2019 -- 15:59:05 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
26/3/2019 -- 15:59:05 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
26/3/2019 -- 15:59:05 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
26/3/2019 -- 15:59:05 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
26/3/2019 -- 15:59:05 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
26/3/2019 -- 15:59:05 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
26/3/2019 -- 15:59:05 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
26/3/2019 -- 15:59:06 - <Perf> - Unique rule groups: 111
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toserver TCP packet": 31
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toclient TCP packet": 20
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toserver TCP stream": 31
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toclient TCP stream": 21
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toserver UDP packet": 33
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "toclient UDP packet": 15
26/3/2019 -- 15:59:06 - <Perf> - Builtin MPM "other IP packet": 2
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_uri": 8
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_request_line": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_client_body": 6
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_response_line": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_header": 6
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_header": 3
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_header_names": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_accept": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_referer": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_content_len": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_content_type": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_content_type": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_start": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_method": 3
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_cookie": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_cookie": 2
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver http_host": 2
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver dns_query": 4
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver tls_sni": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toserver file_data": 1
26/3/2019 -- 15:59:06 - <Perf> - AppLayer MPM "toclient file_data": 5
26/3/2019 -- 15:59:06 - <Perf> - Registered 18241 rule profiling counters.
26/3/2019 -- 15:59:06 - <Info> - fast output device (regular) initialized: alert
26/3/2019 -- 15:59:06 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'alert'
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'http'
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'dns'
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'tls'
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'files'
26/3/2019 -- 15:59:06 - <Config> - enabling 'eve-log' module 'ssh'
26/3/2019 -- 15:59:06 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
26/3/2019 

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-03-26-T-15-59-08-03262019.1558-4ff8c425-2e4d-4ab6-84dd-3c56656279e6.pcap.txt - (10582 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
  --------------------------------------------------------------------------
  Date: 3/26/2019 -- 15:59:08. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2025194      1        1        19604716     32.20  757      0        7086957     25897.91    0.00        25897.91   
  2        2021749      1        6        210606       0.35   1        0        210606      210606.00   0.00        210606.00  
  3        2025330      1        1        86619        0.14   1        0        86619       86619.00    0.00        86619.00   
  4        2018005      1        6        78320        0.13   1        0        78320       78320.00    0.00        78320.00   
  5        2023625      1        3        166264       0.27   38       0        71472       4375.37     0.00        4375.37    
  6        2025189      1        1        6459137      10.61  757      0        70449       8532.55     0.00        8532.55    
  7        2024720      1        3        69323        0.11   1        0        69323       69323.00    0.00        69323.00   
  8        2025192      1        1        6247175      10.26  757      0        58764       8252.54     0.00        8252.54    
  9        2022480      1        2        55784        0.09   1        0        55784       55784.00    0.00        55784.00   
  10       2018316      1        4        52612        0.09   1        0        52612       52612.00    0.00        52612.00   
  11       2020661      1        3        53555        0.09   2        0        39477       26777.50    0.00        26777.50   
  12       2024227      1        3        6557911      10.77  757      0        37956       8663.03     0.00        8663.03    
  13       2025190      1        1        6379885      10.48  757      0        36243       8427.85     0.00        8427.85    
  14       2025191      1        1        6317367      10.37  757      0        35657       8345.27     0.00        8345.27    
  15       2025193      1        1        6250711      10.27  757      0        35407       8257.21     0.00        8257.21    
  16       2018666      1        4        33706        0.06   1        0        33706       33706.00    0.00        33706.00   
  17       2019230      1        2        36037        0.06   2        0        32729       18018.50    0.00        18018.50   
  18       2020742      1        1        32664        0.05   1        0        32664       32664.00    0.00        32664.00   
  19       2020741      1        1        31992        0.05   1        0        31992       31992.00    0.00        31992.00   
  20       2009702      1        5        56923        0.09   4        0        27958       14230.75    0.00        14230.75   
  21       2023622      1        3        151173       0.25   49       0        25922       3085.16     0.00        3085.16    
  22       2022914      1        1        34057        0.06   2        0        25580       17028.50    0.00        17028.50   
  23       2014701      1        12       49269        0.08   4        0        22298       12317.25    0.00        12317.25   
  24       2022543      1        1        36562        0.06   2        0        20206       18281.00    0.00        18281.00   
  25       2020784      1        2        34683        0.06   2        0        19843       17341.50    0.00        17341.50   
  26       2010140      1        7        174225       0.29   47       0        17894       3706.91     0.00        3706.91    
  27       2023626      1        3        126616       0.21   43       0        17338       2944.56     0.00        2944.56    
  28       2014702      1        9        34893        0.06   4        0        14956       8723.25     0.00        8723.25    
  29       2009243      1        2        37204        0.06   9        0        14875       4133.78     0.00        4133.78    
  30       2014703      1        9        36416        0.06   4        0        14531       9104.00     0.00        9104.00    
  31       2018789      1        3        4828         0.01   1        0        4828        4828.00     0.00        4828.00    
  32       2008116      1        4        51850        0.09   18       0        4627        2880.56     0.00        2880.56    
  33       2001330      1        8        17871        0.03   6        0        4205        2978.50     0.00        2978.50    
  34       2017935      1        3        6835         0.01   2        0        4170        3417.50     0.00        3417.50    
  35       2016323      1        1        16632        0.03   5        0        4111        3326.40     0.00        3326.40    
  36       2008117      1        3        49075        0.08   18       0        4064        2726.39     0.00        2726.39    
  37       2023627      1        3        107311       0.18   39       0        4028        2751.56     0.00        2751.56    
  38       2021978      1        6        4001         0.01   1        0        4001        4001.00     0.00        4001.00    
  39       2102523      1        8        3939         0.01   1        0        3939        3939.00     0.00        3939.00    
  40       2010143      1        3        130499       0.21   47       0        3937        2776.57     0.00        2776.57    
  41       2023614      1        3        28975        0.05   10       0        3900        2897.50     0.00        2897.50    
  42       2025200      1        1        13923        0.02   4        0        3841        3480.75     0.00        3480.75    
  43       2102190      1        5        12245        0.02   4        0        3752        3061.25     0.00        3061.25    
  44       2100566      1        5        14690        0.02   5        0        3737        2938.00     0.00        2938.00    
  45       2019011      1        3        44824        0.07   16       0        3735        2801.50     0.00        2801.50    
  46       2102523      1        8        3702         0.01   1        0        3702        3702.00     0.00        3702.00    
  47       2023624      1        3        121339       0.20   46       0        3689        2637.80     0.00        2637.80    
  48       2103238      1        4        3685         0.01   1        0        3685        3685.00     0.00        3685.00    
  49       2019010      1        3        35954        0.06   13       0        3540        2765.69     0.00        2765.69    
  50       2015986      1        5        12163        0.02   4        0        3503        3040.75     0.00        3040.75    
  51       2009387      1        4        6794         0.01   2        0        3502        3397.00     0.00        3397.00    
  52       2018281      1        4        3499         0.01   1        0        3499        3499.00     0.00        3499.00    
  53       2024777      1        2        9536         0.02   3        0        3466        3178.67     0.00        3178.67    
  54       2103158      1        6        12194        0.02   4        0        3465        3048.50     0.00        3048.50    
  55       2021976      1        2        3452         0.01   1        0        3452        3452.00     0.00        3452.00    
  56       2102257      1        10       9699         0.02   3        0        3444        3233.00     0.00        3233.00    
  57       2103159      1        4        5969         0.01   2        0        3407        2984.50     0.00        2984.50    
  58       2016181      1        2        9676         0.02   3        0        3404        3225.33     0.00        3225.33    
  59       2016363      1        2        14915        0.02   5        0        3393        2983.00     0.00        2983.00    
  60       2022547      1        1        14348        0.02   5        0        3391        2869.60     0.00        2869.60    
  61       2008118      1        3        24975        0.04   9        0        3389        2775.00     0.00        2775.00    
  62       2100518      1        8        48595        0.08   18       0        3311        2699.72     0.00        2699.72    
  63       2018624      1        5        3310         0.01   1        0        3310        3310.00     0.00        3310.00    
  64       2008120      1        4        130674       0.21   49       0        3305        2666.82     0.00        2666.82    
  65       2008306      1        3        6155         0.01   2        0        3262        3077.50     0.00        3077.50    
  66       2023617      1        3        22450        0.04   8        0        3247        2806.25     0.00        2806.25    
  67       2019016      1        3        42943        0.07   16       0        3227        2683.94     0.00        2683.94    
  68       2019017      1        3        34796        0.06   13       0        3210        2676.62     0.00        2676.62    
  69       2023613      1        3        13242        0.02   5        0        3117        2648.40     0.00        2648.40    
  70       2016179      1        2        9144         0.02   3        0        3080        3048.00     0.00        3048.00    
  71       2023621      1        4        16037        0.03   6        0        3055        2672.83     0.00        2672.83    
  72       2023612      1        4        21931        0.04   8        0        3050        2741.38     0.00        2741.38    
  73       2008119      1        3        3003         0.00   1        0        3003        3003.00     0.00        3003.00    
  74       2016178      1        2        8741         0.01   3        0        2997        2913.67     0.00        2913.67    
  75       2010142      1        4        121093       0.20   47       0        2901        2576.45     0.00        2576.45    
  76       2023615      1        3        13328        0.02   5        0        2881        2665.60     0.00        2665.60    
  77       2023623      1        3        87101        0.14   34       0        2846        2561.79     0.00        2561.79    
  78       2013075      1        8        5353         0.01   2        0        2759        2676.50     0.00        2676.50    
  79       2023619      1        3        7590         0.01   3        0        2531        2530.00     0.00        2530.00    


packet_stats.log - (11509 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          1050          2195542      173920340     117803064        123.7b   96.79
 IPv4      17            47          7570119      164025830      79007950          3.7b    2.91
 IPv6      17             7          9395760      164300818      55756480        390.3m    0.31
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          1050            70997       15780674        182776        191.9m   80.19
TMM_FLOWWORKER              IPv4      17            47           114390       12415533        455392         21.4m    8.94
TMM_RECEIVEPCAPFILE         IPv4       6          1048             2542         164871          3336          3.5m    1.46
TMM_RECEIVEPCAPFILE         IPv4      17            47             2536           9654          2996        140.9k    0.06
TMM_DECODEPCAPFILE          IPv4       6          1048             2647       17934234         20050         21.0m    8.78
TMM_DECODEPCAPFILE          IPv4      17            47             2667          19348          3224        151.5k    0.06
TMM_FLOWWORKER              IPv6      17             7           102901         252123        164960          1.2m    0.48
TMM_RECEIVEPCAPFILE         IPv6      17             7             2753           2915          2821         19.8k    0.01
TMM_DECODEPCAPFILE          IPv6      17             7             2734          13603          4539         31.8k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1048             2818          44596          3292          3.5m  1.85  
flow                    IPv4      17            47             2815          13403          3918        184.2k  0.10  
stream                  IPv4       6          1050             2929         466990          5920          6.2m  3.33  
app-layer               IPv4      17            47             2527          60844          6076        285.6k  0.15  
detect                  IPv4       6          1050            46590       15749071        156379        164.2m  88.08 
detect                  IPv4      17            47            97801         456271        171224          8.0m  4.32  
tcp-prune               IPv4       6          1050             2546          16387          2831          3.0m  1.59  
flow                    IPv6      17             7             2909           8990          4238         29.7k  0.02  
app-layer               IPv6      17             7             2551          10453          5419         37.9k  0.02  
detect                  IPv6      17             7            86712         226667        142645        998.5k  0.54  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             2             2758           5647          4202          8.4k  15.54 
dns                     IPv4      17             4             5910           9539          8211         32.8k  60.75 
tls                     IPv6      17             1            12821          12821         12821         12.8k  23.71 
Proto detect            IPv4      17             9             2760          53297         13205        118.8k
Proto detect            IPv6      17             3             2809           4772          3570         10.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            61686       12027741       3081870         12.3m  99.34 
LOGGER_JSON_TLS             IPv4       6             1            81658          81658         81658         81.7k  0.66  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            10             2608        9743719        992643         9.9m  91.30 
payload                           IPv4      17            47             3061          56137         10380       487.9k  4.49  
stream                            IPv4       6            10             2549         262583         34438       344.4k  3.17  
dns_query                         IPv4      17             2             7735          10709          9222        18.4k  0.17  
tls_sni                           IPv4       6             1             6922           6922          6922         6.9k  0.06  
tls_cert_issuer                   IPv4       6             1            15445          15445         15445        15.4k  0.14  
tls_cert_subject                  IPv4       6             1             5154           5154          5154         5.2k  0.05  
tls_cert_serial                   IPv4       6             1             5091           5091          5091         5.1k  0.05  
Total                             IPv4                    73                                        148078        10.8m
payload                           IPv6      17             7             3320          21083          8860        62.0k  0.57  
Total                             IPv6                     7                                          8860        62.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            23988          32255         28121         56.2k  0.04  
PROF_DETECT_IPONLY          IPv4      17             9            19255          95675         37136        334.2k  0.23  
PROF_DETECT_RULES           IPv4       6          1050             2525         854851          4051          4.3m  2.88  
PROF_DETECT_RULES           IPv4      17            47            39398         326344         87015          4.1m  2.77  
PROF_DETECT_STATEFUL_START    IPv4       6             1           112889         112889        112889        112.9k  0.08  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1050             2750        7159677         73397         77.1m  52.17 
PROF_DETECT_STATEFUL_CONT    IPv4      17            47             2509          27774          3525        165.7k  0.11  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1046             2543          16584          2716          2.8m  1.92  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2671           3166          2937         11.8k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          1050             8040        9786876         24959         26.2m  17.74 
PROF_DETECT_PREFILTER       IPv4      17            47            23795          87575         35655          1.7m  1.13  
PROF_DETECT_PF_PAYLOAD      IPv4       6            10            14301        9755879       1034925         10.3m  7.01  
PROF_DETECT_PF_PAYLOAD      IPv4      17            47             8341          61511         15656        735.8k  0.50  
PROF_DETECT_PF_TX           IPv4       6          1046             2631          36225          2960          3.1m  2.10  
PROF_DETECT_PF_TX           IPv4      17             2            14380          16628         15504         31.0k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6            10             2579           3927          3090         30.9k  0.02  
PROF_DETECT_PF_SORT1        IPv4      17            47             2591          18058          3700        173.9k  0.12  
PROF_DETECT_PF_SORT2        IPv4       6          1050             2514          34089          2709          2.8m  1.93  
PROF_DETECT_PF_SORT2        IPv4      17            47             2542          33627          3461        162.7k  0.11  
PROF_DETECT_NONMPMLIST      IPv4       6          1050             2518          21736          2871          3.0m  2.04  
PROF_DETECT_NONMPMLIST      IPv4      17            47             2527           4069          2905        136.6k  0.09  
PROF_DETECT_ALERT           IPv4       6          1050             2514          42553          2740          2.9m  1.95  
PROF_DETECT_ALERT           IPv4      17            47             2522          29485          3852        181.1k  0.12  
PROF_DETECT_CLEANUP         IPv4       6          1050             2558          17463          2824          3.0m  2.01  
PROF_DETECT_CLEANUP         IPv4      17            47             2512          14574          3099        145.7k  0.10  
PROF_DETECT_GETSGH          IPv4       6          1050             2512          20124          2825          3.0m  2.01  
PROF_DETECT_GETSGH          IPv4      17            47             2533          39311          4497        211.4k  0.14  
PROF_DETECT_IPONLY          IPv6      17             3             3343           6736          5570         16.7k  0.01  
PROF_DETECT_RULES           IPv6      17             7            28599         118545         65845        460.9k  0.31  
PROF_DETECT_STATEFUL_CONT    IPv6      17             7             2724          30085          6676         46.7k  0.03  
PROF_DETECT_PREFILTER       IPv6      17             7            24171          44137         30575        214.0k  0.14  
PROF_DETECT_PF_PAYLOAD      IPv6      17             7             8631          26367         14127         98.9k  0.07  
PROF_DETECT_PF_SORT1        IPv6      17             7             2569           4325          3359         23.5k  0.02  
PROF_DETECT_PF_SORT2        IPv6      17             7             2543           2921          2663         18.6k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             7             2748           2879          2792         19.5k  0.01  
PROF_DETECT_ALERT           IPv6      17             7             2532           2789          2574         18.0k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             7             2527           2977          2711         19.0k  0.01  
PROF_DETECT_GETSGH          IPv6      17             7             2753          18890          6088         42.6k  0.03  


stats.log - (2764 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 3/26/2019 -- 15:59:08 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1156
decoder.bytes                              | Total                     | 898021
decoder.ipv4                               | Total                     | 1095
decoder.ipv6                               | Total                     | 7
decoder.ethernet                           | Total                     | 1156
decoder.tcp                                | Total                     | 1048
decoder.udp                                | Total                     | 54
decoder.avg_pkt_size                       | Total                     | 776
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 8
flow_mgr.new_pruned                        | Total                     | 5
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 9
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 5
flow_mgr.flows_removed                     | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65527
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077472


eve.json - (1810 bytes) - download
1
2
3
4
5
6
{"timestamp":"2019-03-06T07:17:43.727843+0000","flow_id":1178347700165411,"pcap_cnt":31,"event_type":"dns","src_ip":"192.168.100.185","src_port":54206,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39218,"rrname":"lg.icf-fx.kz","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-06T07:17:43.741010+0000","flow_id":1178347700165411,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.185","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"lg.icf-fx.kz","rrtype":"A","ttl":291,"rdata":"185.255.91.82"}}
{"timestamp":"2019-03-06T07:17:44.132287+0000","flow_id":346206376517810,"pcap_cnt":43,"event_type":"tls","src_ip":"192.168.100.185","src_port":49230,"dest_ip":"185.255.91.82","dest_port":443,"proto":"TCP","tls":{"subject":"CN=lg.icf-fx.kz","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-03-06T07:18:27.269345+0000","flow_id":1738901064719393,"pcap_cnt":1138,"event_type":"dns","src_ip":"192.168.100.185","src_port":56725,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29859,"rrname":"www.ogcac.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-06T07:18:27.292110+0000","flow_id":1738901064719393,"pcap_cnt":1139,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.185","dest_port":56725,"proto":"UDP","dns":{"type":"answer","id":29859,"rcode":"NXDOMAIN","rrname":"www.ogcac.com"}}
{"timestamp":"2019-03-06T07:18:27.292110+0000","flow_id":1738901064719393,"pcap_cnt":1139,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.185","dest_port":56725,"proto":"UDP","dns":{"type":"answer","id":29859,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}


keyword_perf.log - (4754 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/26/2019 -- 15:59:08
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             27143           7               7               8627            3877.00         3877.00         0.00           
  content          15549337        5396            44              52516           2881.00         3715.00         2874.00        
  pcre             51244           5               0               20417           10248.00        0.00            10248.00       
  byte_test        107369          32              22              7843            3355.00         3400.00         3256.00        
  byte_jump        9789            3               1               4313            3263.00         2757.00         3516.00        
  isdataat         6065            2               0               3241            3032.00         0.00            3032.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             27143           7               7               8627            3877.00         3877.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          287850          90              37              6379            3198.00         3682.00         2860.00        
  pcre             51244           5               0               20417           10248.00        0.00            10248.00       
  byte_test        107369          32              22              7843            3355.00         3400.00         3256.00        
  byte_jump        9789            3               1               4313            3263.00         2757.00         3516.00        
  isdataat         6065            2               0               3241            3032.00         0.00            3032.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27227           7               7               4498            3889.00         3889.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15234260        5299            0               52516           2874.00         0.00            2874.00        


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-03-26 15:58:59,496 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-26 15:59:00,223 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-26 15:59:00,223 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-03-26 15:59:00,223 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-26 15:59:00,223 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-26 15:59:00,224 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/6a69f25b19dfcd2336e30db7a84d7d0bd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03262019.1558-4ff8c425-2e4d-4ab6-84dd-3c56656279e6.pcap -vvv -k none
2019-03-26 15:59:08,124 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-26 15:59:08,125 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.63844013214