Filename: 1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4639241695 seconds
Hash: 729b2ae615044cdd4408705ead02502a
Uploaded: 1574068950

Logfiles


unified2.alert.1574068972 - (1278 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
4]Ðç²

o§À¨ðΤ÷ÀØPf]Ðç²]Ðç²

oJE<ôªÀ¨ðΤ÷ÀØPPûÃPOST /Count/Count.asp HTTP/1.1
Accept: Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: MyApp
Host: qmmmm.com.cn
Content-Length: 88
Cache-Control: no-cache

Mac=0A-00-27-3E-B0-1E&Os=Windows+Vista&Ver=20090524&Key=1cf8436904ee8f4790dd10fc91daec684]Ðç²

o*ÌOÀ¨ðΤ÷ÀØPf]Ðç²]Ðç²

oJE<ôªÀ¨ðΤ÷ÀØPPûÃPOST /Count/Count.asp HTTP/1.1
Accept: Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: MyApp
Host: qmmmm.com.cn
Content-Length: 88
Cache-Control: no-cache

Mac=0A-00-27-3E-B0-1E&Os=Windows+Vista&Ver=20090524&Key=1cf8436904ee8f4790dd10fc91daec684]Ðç²

o*×À¨ðΤ÷ÀØPf]Ðç²]Ðç²

oJE<ôªÀ¨ðΤ÷ÀØPPûÃPOST /Count/Count.asp HTTP/1.1
Accept: Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: MyApp
Host: qmmmm.com.cn
Content-Length: 88
Cache-Control: no-cache

Mac=0A-00-27-3E-B0-1E&Os=Windows+Vista&Ver=20090524&Key=1cf8436904ee8f4790dd10fc91daec68


packet_stats.log - (13785 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            10           420774       14179338       9886037         98.9m   64.25
 IPv4      17             7          1546456       15857386       7505842         52.5m   34.15
 IPv6      17             1          2459510        2459510       2459510          2.5m    1.60
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            10           118136        3611548        610565          6.1m   37.26
TMM_FLOWWORKER              IPv4      17             7           268918        5711866       1330072          9.3m   56.82
TMM_RECEIVEPCAPFILE         IPv4       6             9             4674           5090          4780         43.0k    0.26
TMM_RECEIVEPCAPFILE         IPv4      17             7             4464          14910          6262         43.8k    0.27
TMM_DECODEPCAPFILE          IPv4       6             9             4862          11822          5800         52.2k    0.32
TMM_DECODEPCAPFILE          IPv4      17             7             4596          35622          9226         64.6k    0.39
TMM_FLOWWORKER              IPv6      17             1           442166         442166        442166        442.2k    2.70
TMM_RECEIVEPCAPFILE         IPv6      17             1             4994           4994          4994          5.0k    0.03
TMM_DECODEPCAPFILE          IPv6      17             1           319582         319582        319582        319.6k    1.95

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             9             4774           6228          5241         47.2k  0.49  
flow                    IPv4      17             7             4764          46340         12586         88.1k  0.91  
stream                  IPv4       6            10             5784         508010         67784        677.8k  7.04  
app-layer               IPv4      17             7             4504          61882         28238        197.7k  2.05  
detect                  IPv4       6            10            77852        3111340        438989          4.4m  45.58 
detect                  IPv4      17             7           237318         893950        536162          3.8m  38.97 
tcp-prune               IPv4       6            10             4500          10220          5426         54.3k  0.56  
flow                    IPv6      17             1             5848           5848          5848          5.8k  0.06  
app-layer               IPv6      17             1            14146          14146         14146         14.1k  0.15  
detect                  IPv6      17             1           403958         403958        403958        404.0k  4.19  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            19180          19180         19180         19.2k  27.88 
dns                     IPv4      17             4             6916          25356         12402         49.6k  72.12 
Proto detect            IPv4       6             1            11094          11094         11094         11.1k
Proto detect            IPv4      17             5             9272          33686         19538         97.7k
Proto detect            IPv6      17             1             5158           5158          5158          5.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            77232          77232         77232         77.2k  1.39  
LOGGER_UNIFIED2             IPv4       6             1           129252         129252        129252        129.3k  2.32  
LOGGER_JSON_ALERT           IPv4       6             1           135638         135638        135638        135.6k  2.44  
LOGGER_JSON_DNS             IPv4      17             4            44844        4916426       1273928          5.1m  91.65 
LOGGER_JSON_HTTP            IPv4       6             1            37550          37550         37550         37.5k  0.68  
LOGGER_JSON_FILE            IPv4       6             1            84542          84542         84542         84.5k  1.52  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             2             4970          91058         48014        96.0k  11.16 
payload                           IPv4      17             7             8476          68430         38048       266.3k  30.94 
stream                            IPv4       6             2             4722         109752         57237       114.5k  13.30 
http_uri                          IPv4       6             1            19928          19928         19928        19.9k  2.32  
http_request_line                 IPv4       6             1            11200          11200         11200        11.2k  1.30  
http_client_body                  IPv4       6             1            39302          39302         39302        39.3k  4.57  
http_header (request)             IPv4       6             1            87554          87554         87554        87.6k  10.17 
http_header (request trailer)     IPv4       6             1             4532           4532          4532         4.5k  0.53  
http_header_names (request)       IPv4       6             1            31068          31068         31068        31.1k  3.61  
http_accept (request)             IPv4       6             1             9978           9978          9978        10.0k  1.16  
http_referer (request)            IPv4       6             1             5208           5208          5208         5.2k  0.61  
http_content_len (request)        IPv4       6             1             9298           9298          9298         9.3k  1.08  
http_content_type (request)       IPv4       6             1            14864          14864         14864        14.9k  1.73  
http_protocol (request)           IPv4       6             1             7644           7644          7644         7.6k  0.89  
http_start (request)              IPv4       6             1            19954          19954         19954        20.0k  2.32  
http_raw_header (request)         IPv4       6             1            21268          21268         21268        21.3k  2.47  
http_method                       IPv4       6             1             9872           9872          9872         9.9k  1.15  
http_cookie (request)             IPv4       6             1             5674           5674          5674         5.7k  0.66  
http_raw_uri                      IPv4       6             1             8274           8274          8274         8.3k  0.96  
http_user_agent                   IPv4       6             1            12532          12532         12532        12.5k  1.46  
http_host                         IPv4       6             1             7894           7894          7894         7.9k  0.92  
dns_query                         IPv4      17             2            10258          14656         12457        24.9k  2.89  
Total                             IPv4                    31                                         26703       827.8k
payload                           IPv6      17             1            32954          32954         32954        33.0k  3.83  
Total                             IPv6                     1                                         32954        33.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            10602          64218         37410         74.8k  0.73  
PROF_DETECT_IPONLY          IPv4      17             5            15922          95420         53350        266.8k  2.61  
PROF_DETECT_RULES           IPv4       6            10             4466        2433328        266257          2.7m  26.05 
PROF_DETECT_RULES           IPv4      17             7           129900         679398        313810          2.2m  21.49 
PROF_DETECT_STATEFUL_START    IPv4       6             2             9286        1179146        594216          1.2m  11.63 
PROF_DETECT_STATEFUL_CONT    IPv4       6            10             4522          21242          8361         83.6k  0.82  
PROF_DETECT_STATEFUL_CONT    IPv4      17             7             4440          48348         13150         92.1k  0.90  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             6             4460           5480          4865         29.2k  0.29  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             4674           4912          4840         19.4k  0.19  
PROF_DETECT_PREFILTER       IPv4       6            10            13690         592350         89846        898.5k  8.79  
PROF_DETECT_PREFILTER       IPv4      17             7            46888         135840         90404        632.8k  6.19  
PROF_DETECT_PF_PAYLOAD      IPv4       6             2           109378         128088        118733        237.5k  2.32  
PROF_DETECT_PF_PAYLOAD      IPv4      17             7            17352          77316         47031        329.2k  3.22  
PROF_DETECT_PF_TX           IPv4       6             6             4654         417218         74396        446.4k  4.37  
PROF_DETECT_PF_TX           IPv4      17             2            20650          24190         22420         44.8k  0.44  
PROF_DETECT_PF_SORT1        IPv4       6             2             4802           9760          7281         14.6k  0.14  
PROF_DETECT_PF_SORT1        IPv4      17             7             4908           7218          6091         42.6k  0.42  
PROF_DETECT_PF_SORT2        IPv4       6            10             4440          14674          5799         58.0k  0.57  
PROF_DETECT_PF_SORT2        IPv4      17             7             4516          31202          9854         69.0k  0.67  
PROF_DETECT_NONMPMLIST      IPv4       6            10             4564           5514          4943         49.4k  0.48  
PROF_DETECT_NONMPMLIST      IPv4      17             7             4458           5668          5060         35.4k  0.35  
PROF_DETECT_ALERT           IPv4       6            10             4418          16782          5843         58.4k  0.57  
PROF_DETECT_ALERT           IPv4      17             7             4430          24046          7498         52.5k  0.51  
PROF_DETECT_CLEANUP         IPv4       6            10             4496          13232          5652         56.5k  0.55  
PROF_DETECT_CLEANUP         IPv4      17             7             4656           7190          5500         38.5k  0.38  
PROF_DETECT_GETSGH          IPv4       6            10             4428          10242          5689         56.9k  0.56  
PROF_DETECT_GETSGH          IPv4      17             7             4526          17310          9470         66.3k  0.65  
PROF_DETECT_IPONLY          IPv6      17             1             9358           9358          9358          9.4k  0.09  
PROF_DETECT_RULES           IPv6      17             1           220486         220486        220486        220.5k  2.16  
PROF_DETECT_STATEFUL_CONT    IPv6      17             1             4410           4410          4410          4.4k  0.04  
PROF_DETECT_PREFILTER       IPv6      17             1            78876          78876         78876         78.9k  0.77  
PROF_DETECT_PF_PAYLOAD      IPv6      17             1            41866          41866         41866         41.9k  0.41  
PROF_DETECT_PF_SORT1        IPv6      17             1             6494           6494          6494          6.5k  0.06  
PROF_DETECT_PF_SORT2        IPv6      17             1            12046          12046         12046         12.0k  0.12  
PROF_DETECT_NONMPMLIST      IPv6      17             1             5088           5088          5088          5.1k  0.05  
PROF_DETECT_ALERT           IPv6      17             1             4454           4454          4454          4.5k  0.04  
PROF_DETECT_CLEANUP         IPv6      17             1             4846           4846          4846          4.8k  0.05  
PROF_DETECT_GETSGH          IPv6      17             1            31662          31662         31662         31.7k  0.31  


stats.log - (2826 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 11/18/2019 -- 09:22:53 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 19
decoder.bytes                              | Total                     | 1998
decoder.ipv4                               | Total                     | 16
decoder.ipv6                               | Total                     | 1
decoder.ethernet                           | Total                     | 19
decoder.tcp                                | Total                     | 9
decoder.udp                                | Total                     | 8
decoder.avg_pkt_size                       | Total                     | 105
decoder.max_pkt_size                       | Total                     | 330
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 4
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 2
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075168


suricata-4.0.0-etpro-all-alert-2019-11-18-T-09-22-53-11182019.0922-1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap.txt - (623 bytes) - download
1
2
3
11/17/2019-06:24:50.658031  [**] [1:2008975:15] ET TROJAN Suspicious Malformed Double Accept Header [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.206:49368 -> 15.164.3.247:80
11/17/2019-06:24:50.658031  [**] [1:2804815:2] ETPRO TROJAN Worm.Win32.AutoRun.btdp checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.206:49368 -> 15.164.3.247:80
11/17/2019-06:24:50.658031  [**] [1:2807577:6] ETPRO TROJAN BackDoor.DOQ.gen.y Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.206:49368 -> 15.164.3.247:80


eve.json - (3890 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{"timestamp":"2019-11-17T06:24:49.184143+0000","flow_id":43361582042959,"pcap_cnt":5,"event_type":"dns","src_ip":"192.168.240.206","src_port":62015,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38546,"rrname":"qmmmm.com.cn","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-17T06:24:49.549360+0000","flow_id":43361582042959,"pcap_cnt":6,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.206","dest_port":62015,"proto":"UDP","dns":{"type":"answer","id":38546,"rcode":"NOERROR","rrname":"qmmmm.com.cn","rrtype":"CNAME","ttl":21599,"rdata":"westexpired.dopa.com"}}
{"timestamp":"2019-11-17T06:24:49.549360+0000","flow_id":43361582042959,"pcap_cnt":6,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.206","dest_port":62015,"proto":"UDP","dns":{"type":"answer","id":38546,"rcode":"NOERROR","rrname":"westexpired.dopa.com","rrtype":"A","ttl":599,"rdata":"15.164.3.247"}}
{"timestamp":"2019-11-17T06:24:50.658031+0000","flow_id":2072742219386002,"pcap_cnt":13,"event_type":"alert","src_ip":"192.168.240.206","src_port":49368,"dest_ip":"15.164.3.247","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2008975,"rev":15,"signature":"ET TROJAN Suspicious Malformed Double Accept Header","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-11-17T06:24:50.658031+0000","flow_id":2072742219386002,"pcap_cnt":13,"event_type":"alert","src_ip":"192.168.240.206","src_port":49368,"dest_ip":"15.164.3.247","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2804815,"rev":2,"signature":"ETPRO TROJAN Worm.Win32.AutoRun.btdp checkin","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-11-17T06:24:50.658031+0000","flow_id":2072742219386002,"pcap_cnt":13,"event_type":"alert","src_ip":"192.168.240.206","src_port":49368,"dest_ip":"15.164.3.247","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2807577,"rev":6,"signature":"ETPRO TROJAN BackDoor.DOQ.gen.y Checkin 3","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-11-17T06:24:50.658031+0000","flow_id":2072742219386002,"pcap_cnt":13,"event_type":"fileinfo","src_ip":"192.168.240.206","src_port":49368,"dest_ip":"15.164.3.247","dest_port":80,"proto":"TCP","http":{"hostname":"qmmmm.com.cn","url":"\/Count\/Count.asp","http_user_agent":"MyApp","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/Count\/Count.asp","gaps":false,"state":"CLOSED","stored":false,"size":88,"tx_id":0}}
{"timestamp":"2019-11-17T06:24:50.787391+0000","flow_id":2072742219386002,"pcap_cnt":15,"event_type":"http","src_ip":"192.168.240.206","src_port":49368,"dest_ip":"15.164.3.247","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"qmmmm.com.cn","url":"\/Count\/Count.asp","http_user_agent":"MyApp"}}
{"timestamp":"2019-11-17T06:25:32.421686+0000","flow_id":565998975217462,"pcap_cnt":16,"event_type":"dns","src_ip":"192.168.240.206","src_port":63870,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35873,"rrname":"teredo.ipv6.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-17T06:25:32.422456+0000","flow_id":565998975217462,"pcap_cnt":17,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.206","dest_port":63870,"proto":"UDP","dns":{"type":"answer","id":35873,"rcode":"NXDOMAIN","rrname":"teredo.ipv6.microsoft.com"}}
{"timestamp":"2019-11-17T06:25:32.422456+0000","flow_id":565998975217462,"pcap_cnt":17,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.206","dest_port":63870,"proto":"UDP","dns":{"type":"answer","id":35873,"rcode":"NXDOMAIN","rrname":"ipv6.microsoft.com","rrtype":"SOA","ttl":844}}


suricata-report-2019-11-18-T-09-22-53-11182019.0922-1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap.txt - (17990 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/729b2ae615044cdd4408705ead02502a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0922-1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap -vvv -k none
elapsedtime:21.538515
stderr:
stdout:
18/11/2019 -- 09:22:31 - <Info> - Configuration node 'rule-files' redefined.
18/11/2019 -- 09:22:31 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/11/2019 -- 09:22:31 - <Info> - CPUs/cores online: 1
18/11/2019 -- 09:22:31 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33111 and 'request-body-inspect-window' set to 15773 after randomization.
18/11/2019 -- 09:22:31 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32529 and 'response-body-inspect-window' set to 16990 after randomization.
18/11/2019 -- 09:22:31 - <Config> - DNS request flood protection level: 500
18/11/2019 -- 09:22:31 - <Config> - DNS per flow memcap (state-memcap): 524288
18/11/2019 -- 09:22:31 - <Config> - DNS global memcap: 16777216
18/11/2019 -- 09:22:31 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/11/2019 -- 09:22:31 - <Config> - preallocated 1000 hosts of size 136
18/11/2019 -- 09:22:31 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/11/2019 -- 09:22:31 - <Config> - using magic-file /usr/share/file/magic
18/11/2019 -- 09:22:31 - <Config> - Core dump size is unlimited.
18/11/2019 -- 09:22:31 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/11/2019 -- 09:22:31 - <Config> - preallocated 1000 defrag trackers of size 168
18/11/2019 -- 09:22:31 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/11/2019 -- 09:22:31 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/11/2019 -- 09:22:31 - <Config> - stream "memcap": 33554432
18/11/2019 -- 09:22:31 - <Config> - stream "midstream" session pickups: disabled
18/11/2019 -- 09:22:31 - <Config> - stream "async-oneside": disabled
18/11/2019 -- 09:22:31 - <Config> - stream "checksum-validation": disabled
18/11/2019 -- 09:22:31 - <Config> - stream."inline": disabled
18/11/2019 -- 09:22:31 - <Config> - stream "bypass": disabled
18/11/2019 -- 09:22:31 - <Config> - stream "max-synack-queued": 5
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly "memcap": 134217728
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly "depth": 0
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly "toserver-chunk-size": 2619
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly "toclient-chunk-size": 2453
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly.raw: enabled
18/11/2019 -- 09:22:31 - <Config> - stream.reassembly "segment-prealloc": 2048
18/11/2019 -- 09:22:31 - <Config> - Delayed detect disabled
18/11/2019 -- 09:22:31 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/11/2019 -- 09:22:31 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/11/2019 -- 09:22:31 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/11/2019 -- 09:22:31 - <Config> - prefilter engines: MPM
18/11/2019 -- 09:22:31 - <Config> - IP reputation disabled
18/11/2019 -- 09:22:31 - <Perf> - Registered 148 keyword profiling counters.
18/11/2019 -- 09:22:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/11/2019 -- 09:22:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/11/2019 -- 09:22:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/11/2019 -- 09:22:36 - <Config> - No rules loaded from ET-icmp.rules.
18/11/2019 -- 09:22:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/11/2019 -- 09:22:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/11/2019 -- 09:22:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/11/2019 -- 09:22:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/11/2019 -- 09:22:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/11/2019 -- 09:22:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/11/2019 -- 09:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/11/2019 -- 09:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/11/2019 -- 09:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/11/2019 -- 09:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/11/2019 -- 09:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/11/2019 -- 09:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/11/2019 -- 09:22:44 - <Config> - No rules loaded from local.rules.
18/11/2019 -- 09:22:44 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/11/2019 -- 09:22:44 - <Info> - Threshold config parsed: 0 rule(s) found
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tcp-packet
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tcp-stream
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for udp-packet
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for other-ip
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_uri
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_client_body
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_header
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_accept
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_accept_enc
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_accept_lang
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_referer
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_connection
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_start
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_method
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_raw_uri
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_user_agent
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_host
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_raw_host
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_stat_msg
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_stat_code
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for dns_query
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tls_sni
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for file_data
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2019 -- 09:22:45 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2019 -- 09:22:45 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/11/2019 -- 09:22:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/11/2019 -- 09:22:45 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/11/2019 -- 09:22:45 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/11/2019 -- 09:22:45 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/11/2019 -- 09:22:45 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/11/2019 -- 09:22:45 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/11/2019 -- 09:22:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/11/2019 -- 09:22:50 - <Perf> - Unique rule groups: 104
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/11/2019 -- 09:22:50 - <Perf> - Builtin MPM "other IP packet": 3
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_header": 10
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_header": 6
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_start": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_method": 5
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver http_host": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toserver file_data": 1
18/11/2019 -- 09:22:50 - <Perf> - AppLayer MPM "toclient file_data": 7
18/11/2019 -- 09:22:52 - <Perf> - Registered 39590 rule profiling counters.
18/11/2019 -- 09:22:52 - <Info> - fast output device (regular) initialized: alert
18/11/2019 -- 09:22:52 - <Info> - eve-log output device (regular) initialized: eve.json
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'alert'
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'http'
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'dns'
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'tls'
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'files'
18/11/2019 -- 09:22:52 - <Config> - enabling 'eve-log' module 'ssh'
18/11/2019 -- 09:22:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/11/2019 -- 09:22:52 - <Info> - stats output device (regular) initialized: stats.log
18/

This file has been truncated. Go here to download in full.


keyword_perf.log - (10346 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:22:53
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             221382          38              38              21274           5825.00         5825.00         0.00           
  content          703836          121             79              8002            5816.00         5901.00         5657.00        
  pcre             131626          7               1               31792           18803.00        31792.00        16639.00       
  byte_test        189868          38              29              6534            4996.00         5033.00         4878.00        
  isdataat         9870            2               0               5326            4935.00         0.00            4935.00        
  urilen           5508            1               0               5508            5508.00         0.00            5508.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             221382          38              38              21274           5825.00         5825.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          222164          39              26              8002            5696.00         5893.00         5303.00        
  pcre             57026           3               0               24028           19008.00        0.00            19008.00       
  byte_test        189868          38              29              6534            4996.00         5033.00         4878.00        
  isdataat         9870            2               0               5326            4935.00         0.00            4935.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86644           15              7               6706            5776.00         6051.00         5535.00        
  pcre             74600           4               1               31792           18650.00        31792.00        14269.00       
  urilen           5508            1               0               5508            5508.00         0.00            5508.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          60152           11              7               6058            5468.00         5366.00         5646.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          234852          38              23              7712            6180.00         6304.00         5989.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23078           4               3               6456            5769.00         5674.00         6056.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5608            1               1               5608            5608.00         5608.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6554            1               1               6554            6554.00         6554.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5982            1               1               5982            5982.00         5982.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26230           5               5               5412            5246.00         5246.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15920           3               2               5916            5306.00         5002.00         5916.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16652           3               3               6048            5550.00         5550.00         0.00           


suricata-4.0.0-etpro-all-perf.txt-2019-11-18-T-09-22-53-11182019.0922-1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap.txt - (14039 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
  --------------------------------------------------------------------------
  Date: 11/18/2019 -- 09:22:53. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2813053      1        2        150544       4.01   1        0        150544      150544.00   0.00        150544.00  
  2        2021214      1        2        93056        2.48   1        0        93056       93056.00    0.00        93056.00   
  3        2807577      1        6        86332        2.30   1        1        86332       86332.00    86332.00    0.00       
  4        2804815      1        2        85288        2.27   1        1        85288       85288.00    85288.00    0.00       
  5        2815363      1        3        81430        2.17   1        0        81430       81430.00    0.00        81430.00   
  6        2008975      1        15       81034        2.16   1        1        81034       81034.00    81034.00    0.00       
  7        2810991      1        4        79336        2.11   1        0        79336       79336.00    0.00        79336.00   
  8        2819993      1        2        75838        2.02   1        0        75838       75838.00    0.00        75838.00   
  9        2018316      1        4        74726        1.99   1        0        74726       74726.00    0.00        74726.00   
  10       2814883      1        3        69948        1.86   1        0        69948       69948.00    0.00        69948.00   
  11       2820983      1        5        69274        1.85   1        0        69274       69274.00    0.00        69274.00   
  12       2022502      1        4        67258        1.79   1        0        67258       67258.00    0.00        67258.00   
  13       2812710      1        2        65712        1.75   1        0        65712       65712.00    0.00        65712.00   
  14       2018666      1        4        64160        1.71   1        0        64160       64160.00    0.00        64160.00   
  15       2012327      1        4        64884        1.73   2        0        59786       32442.00    0.00        32442.00   
  16       2816356      1        2        56810        1.51   1        0        56810       56810.00    0.00        56810.00   
  17       2811542      1        1        54584        1.45   1        0        54584       54584.00    0.00        54584.00   
  18       2019230      1        2        94596        2.52   4        0        54434       23649.00    0.00        23649.00   
  19       2808344      1        3        54016        1.44   1        0        54016       54016.00    0.00        54016.00   
  20       2020742      1        1        53592        1.43   1        0        53592       53592.00    0.00        53592.00   
  21       2811544      1        1        82078        2.19   3        0        52544       27359.33    0.00        27359.33   
  22       2020741      1        1        52098        1.39   1        0        52098       52098.00    0.00        52098.00   
  23       2811577      1        2        82482        2.20   3        0        52082       27494.00    0.00        27494.00   
  24       2821561      1        2        51398        1.37   1        0        51398       51398.00    0.00        51398.00   
  25       2014701      1        12       95438        2.54   4        0        50512       23859.50    0.00        23859.50   
  26       2017259      1        12       48148        1.28   1        0        48148       48148.00    0.00        48148.00   
  27       2821692      1        7        47228        1.26   1        0        47228       47228.00    0.00        47228.00   
  28       2021038      1        4        46580        1.24   1        0        46580       46580.00    0.00        46580.00   
  29       2816055      1        2        46424        1.24   1        0        46424       46424.00    0.00        46424.00   
  30       2807079      1        3        45780        1.22   1        0        45780       45780.00    0.00        45780.00   
  31       2806132      1        3        45750        1.22   1        0        45750       45750.00    0.00        45750.00   
  32       2812141      1        2        45156        1.20   1        0        45156       45156.00    0.00        45156.00   
  33       2826256      1        2        37504        1.00   1        0        37504       37504.00    0.00        37504.00   
  34       2008073      1        15       37118        0.99   1        0        37118       37118.00    0.00        37118.00   
  35       2827279      1        5        36836        0.98   1        0        36836       36836.00    0.00        36836.00   
  36       2012612      1        16       36604        0.98   1        0        36604       36604.00    0.00        36604.00   
  37       2816669      1        4        36508        0.97   1        0        36508       36508.00    0.00        36508.00   
  38       2808478      1        3        35606        0.95   1        0        35606       35606.00    0.00        35606.00   
  39       2020708      1        2        35590        0.95   1        0        35590       35590.00    0.00        35590.00   
  40       2819785      1        2        35534        0.95   1        0        35534       35534.00    0.00        35534.00   
  41       2816165      1        5        35520        0.95   1        0        35520       35520.00    0.00        35520.00   
  42       2829351      1        1        35354        0.94   1        0        35354       35354.00    0.00        35354.00   
  43       2021631      1        2        35272        0.94   1        0        35272       35272.00    0.00        35272.00   
  44       2827580      1        7        35272        0.94   1        0        35272       35272.00    0.00        35272.00   
  45       2017552      1        6        58562        1.56   2        0        35220       29281.00    0.00        29281.00   
  46       2828008      1        2        35078        0.93   1        0        35078       35078.00    0.00        35078.00   
  47       2014380      1        4        61704        1.64   2        0        34704       30852.00    0.00        30852.00   
  48       2022543      1        1        53732        1.43   2        0        27500       26866.00    0.00        26866.00   
  49       2826281      1        2        53884        1.44   2        0        26998       26942.00    0.00        26942.00   
  50       2803760      1        3        52400        1.40   2        0        26454       26200.00    0.00        26200.00   
  51       2014703      1        9        59994        1.60   4        0        25220       14998.50    0.00        14998.50   
  52       2016537      1        2        24784        0.66   1        0        24784       24784.00    0.00        24784.00   
  53       2014702      1        9        58136        1.55   4        0        24692       14534.00    0.00        14534.00   
  54       2016323      1        1        16932        0.45   3        0        6956        5644.00     0.00        5644.00    
  55       2023627      1        3        15664        0.42   3        0        6276        5221.33     0.00        5221.33    
  56       2810793      1        5        6062         0.16   1        0        6062        6062.00     0.00        6062.00    
  57       2823788      1        4        11534        0.31   2        0        6036        5767.00     0.00        5767.00    
  58       2802823      1        1        11070        0.29   2        0        6034        5535.00     0.00        5535.00    
  59       2025200      1        1        21094        0.56   4        0        5984        5273.50     0.00        5273.50    
  60       2010140      1        7        16582        0.44   3        0        5900        5527.33     0.00        5527.33    
  61       2100540      1        12       11082        0.30   2        0        5896        5541.00     0.00        5541.00    
  62       2804589      1        3        5752         0.15   1        0        5752        5752.00     0.00        5752.00    
  63       2008116      1        4        11202        0.30   2        0        5720        5601.00     0.00        5601.00    
  64       2009243      1        2        5710         0.15   1        0        5710        5710.00     0.00        5710.00    
  65       2023624      1        3        38360        1.02   8        0        5708        4795.00     0.00        4795.00    
  66       2010143      1        3        15978        0.43   3        0        5704        5326.00     0.00        5326.00    
  67       2021407      1        4        5636         0.15   1        0        5636        5636.00     0.00        5636.00    
  68       2102523      1        8        5550         0.15   1        0        5550        5550.00     0.00        5550.00    
  69       2023626      1        3        28780        0.77   6        0        5548        4796.67     0.00        4796.67    
  70       2008120      1        4        25172        0.67   5        0        5530        5034.40     0.00        5034.40    
  71       2008117      1        3        10536        0.28   2        0        5520        5268.00     0.00        5268.00    
  72       2100518      1        8        10816        0.29   2        0        5502        5408.00     0.00        5408.00    
  73       2013075      1        8        10008        0.27   2        0        5490        5004.00     0.00        5004.00    
  74       2805442      1        2        10708        0.29   2        0        5462        5354.00     0.00        5354.00    
  75       2100540      1        12       10772        0.29   2        0        5430        5386.00     0.00        5386.00    
  76       2828876      1        1        10536        0.28   2        0        5428        5268.00     0.00        5268.00    
  77       2801347      1        5        19138        0.51   4        0        5426        4784.50     0.00        4784.50    
  78       2013926      1        8        5416         0.14   1        0        5416        5416.00     0.00        5416.00    
  79       2100566      1        5        14364        0.38   3        0        5388        4788.00     0.00        4788.00    
  80       2810800      1        5        5372         0.14   1        0        5372        5372.00     0.00        5372.00    
  81       2023625      1        3        28430        0.76   6        0        5334        4738.33     0.00        4738.33    
  82       2009702      1        5        20146        0.54   4        0        5292        5036.50     0.00        5036.50    
  83       2804587      1        2        5288         0.14   1        0        5288        5288.00     0.00        5288.00    
  84       2811445      1        4        5282         0.14   1        0        5282        5282.00     0.00        5282.00    
  85       2019011      1        3        5276         0.14   1        0        5276        5276.00     0.00        5276.00    
  86       2023617      1        3        19322        0.51   4        0        5226        4830.50     0.00        4830.50    
  87       2802822      1        1        10272        0.27   2        0        5226        5136.00     0.00        5136.00    
  88       2019010      1        3        5222         0.14   1        0        5222        5222.00     0.00        5222.00    
  89       2008119      1        3        10034        0.27   2        0        5192        5017.00     0.00        5017.00    
  90       2023621      1        4        13994        0.37   3        0        5146        4664.67     0.00        4664.67    
  91       2016363      1        2        14078        0.38   3        0        5102        4692.67     0.00        4692.67    
  92       2023614      1        3        13858        0.37   3        0        5016        4619.33     0.00        4619.33    
  93       2802205      1        3        9820         0.26   2        0        4994        4910.00     0.00        4910.00    
  94       2023622      1        3        23632        0.63   5        0        4988        4726.40     0.00        4726.40    
  95       2102523      1        8        4962         0.13   1        0        4962        4962.00     0.00        4962.00    
  96       2019016      1        3        4960         0.13   1        0        4960        4960.00     0.00        4960.00    
  97       2019017      1        3        4932         0.13   1        0        4932        4932.00     0.00        4932.00    
  98       2008118      1        3        4904         0.13   1        0        4904        4904.00     0.00        4904.00    
  99       2023615      1        3        13706        0.37   3        0        4842        4568.67     0.00        4568.67    
  100      2023618      1        3        9346         0.25   2        0        4816        4673.00     0.00        4673.00    
  101      2023613      1        3        18164        0.48   4        0        4790        4541.00     0.00        4541.00    
  102      2010142      1        4        14136        0.38   3        0        4752        4712.00     0.00        4712.00    
  103      2013739      1        15       4462         0.12   1        0        4462        4462.00     0.00        4462.00    
  104      2023612      1        4        17754        0.47   4        0        4462        4438.50     0.00        4438.50    
  105      2023619      1        3        4456         0.12   1        0        4456        4456.00     0.00        4456.00    
  106      2023623      1        3        4426         0.12   1        0        4426        4426.00     0.00        4426.00    


IDSDeathBlossom.py.log - (1212 bytes) - download
1
2
3
4
5
6
7
8
2019-11-18 09:22:31,006 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-11-18 09:22:31,735 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-11-18 09:22:31,735 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-11-18 09:22:31,735 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-11-18 09:22:31,735 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-11-18 09:22:31,736 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/729b2ae615044cdd4408705ead02502a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11182019.0922-1294ee7a0da6312a538f93847b3b5330b678e6b454d3fbbad2562b8fb0d9ab4f_network.pcap -vvv -k none
2019-11-18 09:22:53,276 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-11-18 09:22:53,277 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2800838947