Filename: x.pcap
Status: Analysis complete
IDS: suricata-3.2.3
Ruleset: etpro-all
Runtime: 31.0479991436 seconds
Hash: 7766998593b186026c17bdfd4deb890f
Uploaded: 1531801134

Logfiles


suricata-report-2018-07-17-T-04-19-25-06132018.0706-x.pcap.txt - (14776 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
lastcmd:ulimit -c unlimited; /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etpro/suricata323-etpro-all.yaml -l /var/www/html/7766998593b186026c17bdfd4deb890fb6f724d7e5cef7c0e4623c20e1274018 -r /var/pcap/06132018.0706-x.pcap -vvv -k none
elapsedtime:29.361299
stderr:
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format

17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" closed on initialization.
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
stdout:
17/7/2018 -- 04:18:56 - <Info> - Configuration node 'rule-files' redefined.
17/7/2018 -- 04:18:56 - <Notice> - This is Suricata version 3.2.3 RELEASE
17/7/2018 -- 04:18:56 - <Info> - CPUs/cores online: 1
17/7/2018 -- 04:18:56 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
17/7/2018 -- 04:18:56 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
17/7/2018 -- 04:18:56 - <Config> - DNS request flood protection level: 500
17/7/2018 -- 04:18:56 - <Config> - DNS per flow memcap (state-memcap): 524288
17/7/2018 -- 04:18:56 - <Config> - DNS global memcap: 16777216
17/7/2018 -- 04:18:56 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/7/2018 -- 04:18:56 - <Config> - preallocated 1000 hosts of size 136
17/7/2018 -- 04:18:56 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/7/2018 -- 04:18:56 - <Config> - using magic-file /usr/share/file/magic
17/7/2018 -- 04:18:56 - <Config> - Core dump size is unlimited.
17/7/2018 -- 04:18:56 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/7/2018 -- 04:18:56 - <Config> - preallocated 1000 defrag trackers of size 168
17/7/2018 -- 04:18:56 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/7/2018 -- 04:18:56 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/7/2018 -- 04:18:56 - <Config> - stream "memcap": 33554432
17/7/2018 -- 04:18:56 - <Config> - stream "midstream" session pickups: disabled
17/7/2018 -- 04:18:56 - <Config> - stream "async-oneside": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "checksum-validation": disabled
17/7/2018 -- 04:18:56 - <Config> - stream."inline": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "bypass": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "max-synack-queued": 5
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "memcap": 134217728
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "depth": 0
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "toserver-chunk-size": 2629
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "toclient-chunk-size": 2577
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly.raw: enabled
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 4, prealloc 256
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 16, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 112, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 248, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 512, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 768, prealloc 1024
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 1460, prealloc 1024
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 65535, prealloc 128
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "chunk-prealloc": 250
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "zero-copy-size": 128
17/7/2018 -- 04:18:56 - <Config> - Delayed detect disabled
17/7/2018 -- 04:18:56 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/7/2018 -- 04:18:56 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/7/2018 -- 04:18:56 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/7/2018 -- 04:18:56 - <Config> - prefilter engines: MPM
17/7/2018 -- 04:18:56 - <Config> - IP reputation disabled
17/7/2018 -- 04:18:56 - <Perf> - Registered 132 keyword profiling counters.
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-ftp.rules
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-policy.rules
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-trojan.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-games.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-pop3.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-user_agents.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-activex.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-rpc.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-attack_response.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-icmp.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-scan.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-voip.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-chat.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-icmp_info.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-info.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-shellcode.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_client.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-imap.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_server.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-current_events.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-inappropriate.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-smtp.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_specific_apps.rules
17/7/2018 -- 04:19:12 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-deleted.rules
17/7/2018 -- 04:19:12 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-malware.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-snmp.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-worm.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dns.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-misc.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-sql.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dos.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-netbios.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-telnet.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-exploit.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-p2p.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-tftp.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-mobile_malware.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-botcc.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-compromised.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-drop.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dshield.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-tor.rules
17/7/2018 -- 04:19:16 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-ciarmy.rules
17/7/2018 -- 04:19:16 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/local.rules
17/7/2018 -- 04:19:16 - <Info> - 44 rule files processed. 39568 rules successfully loaded, 0 rules failed
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tcp-packet
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tcp-stream
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for udp-packet
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for other-ip
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_uri
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_request_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_client_body
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_response_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_method
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_cookie
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_cookie
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_uri
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_user_agent
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_host
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_host
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_stat_msg
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_stat_code
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for dns_query
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_sni
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for file_data
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for file_data
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_request_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_response_line
17/7/2018 -- 04:19:17 - <Info> - 39573 signatures processed. 1175 are IP-only rules, 15759 are inspecting packet payload, 27415 inspect application layer, 0 are decoder event only
17/7/2018 -- 04:19:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/7/2018 -- 04:19:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/7/2018 -- 04:19:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/7/2018 -- 04:19:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/7/2018 -- 04:19:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/7/2018 -- 04:19:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/7/2018 -- 04:19:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/7/2018 -- 04:19:21 - <Perf> - Unique rule groups: 104
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "other IP packet": 3
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_header": 10
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_header": 6
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_method": 5
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 5
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_host": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient file_data": 7
17/7/2018 -- 04:19:25 - <Perf> - Registered 39573 rule profiling counters.
17/7/2018 -- 04:19:25 - <Info> - Threshold config parsed: 0 rule(s) found
17/7/2018 -- 04:19:25 - <Info> - fast output device (regular) initialized: alert
17/7/2018 -- 04:19:25 - <Info> - eve-log output device (regular) initialized: eve.json
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'alert'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'http'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'dns'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'tls'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'files'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'ssh'
17/7/2018 -- 04:19:25 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/7/2018 -- 04:19:25 - <Info> - stats output device (regular) initialized: stats.log
17/7/2018 -- 04:19:25 - <Config> - AutoFP mode using "Hash" flow load balancer
17/7/2018 -- 04:19:25 - <Info> - reading pcap file /var/pcap/06132018.0706-x.pcap
17/7/2018 -- 04:19:25 - <Config> - using 1 flow manager threads
17/7/2018 -- 04:19:25 - <Config> - using 1 flow recycler threads
returncode:
1errors:
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" closed on initialization.
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
warnings:


IDSDeathBlossom.py.log - (17105 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
2018-07-17 04:18:54,891 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-07-17 04:18:56,096 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-07-17 04:18:56,097 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.2.3-etpro-all
2018-07-17 04:18:56,098 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-07-17 04:18:56,098 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-07-17 04:18:56,098 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etpro/suricata323-etpro-all.yaml -l /var/www/html/7766998593b186026c17bdfd4deb890fb6f724d7e5cef7c0e4623c20e1274018 -r /var/pcap/06132018.0706-x.pcap -vvv -k none
2018-07-17 04:19:25,460 - WARNING - cmd_wrapper - /opt/IDSDeathBlossom/IDSDeathBlossom.py +106 - there was an error executing ulimit -c unlimited; /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etpro/suricata323-etpro-all.yaml -l /var/www/html/7766998593b186026c17bdfd4deb890fb6f724d7e5cef7c0e4623c20e1274018 -r /var/pcap/06132018.0706-x.pcap -vvv -k none
2018-07-17 04:19:25,481 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format
2018-07-17 04:19:25,482 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" closed on initialization.
2018-07-17 04:19:25,482 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...
2018-07-17 04:19:25,484 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +442 - suricata ran with errors
2018-07-17 04:19:25,484 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +449 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etpro/suricata323-etpro-all.yaml -l /var/www/html/7766998593b186026c17bdfd4deb890fb6f724d7e5cef7c0e4623c20e1274018 -r /var/pcap/06132018.0706-x.pcap -vvv -k none; returncode:1; elapsed:29.361299; Errors:
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" closed on initialization.
- 17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

 Warnings:
None
 stderr:
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format

17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" closed on initialization.
17/7/2018 -- 04:19:25 - <Error> - [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

 stdout:
17/7/2018 -- 04:18:56 - <Info> - Configuration node 'rule-files' redefined.
17/7/2018 -- 04:18:56 - <Notice> - This is Suricata version 3.2.3 RELEASE
17/7/2018 -- 04:18:56 - <Info> - CPUs/cores online: 1
17/7/2018 -- 04:18:56 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
17/7/2018 -- 04:18:56 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
17/7/2018 -- 04:18:56 - <Config> - DNS request flood protection level: 500
17/7/2018 -- 04:18:56 - <Config> - DNS per flow memcap (state-memcap): 524288
17/7/2018 -- 04:18:56 - <Config> - DNS global memcap: 16777216
17/7/2018 -- 04:18:56 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/7/2018 -- 04:18:56 - <Config> - preallocated 1000 hosts of size 136
17/7/2018 -- 04:18:56 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/7/2018 -- 04:18:56 - <Config> - using magic-file /usr/share/file/magic
17/7/2018 -- 04:18:56 - <Config> - Core dump size is unlimited.
17/7/2018 -- 04:18:56 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/7/2018 -- 04:18:56 - <Config> - preallocated 1000 defrag trackers of size 168
17/7/2018 -- 04:18:56 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/7/2018 -- 04:18:56 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/7/2018 -- 04:18:56 - <Config> - stream "memcap": 33554432
17/7/2018 -- 04:18:56 - <Config> - stream "midstream" session pickups: disabled
17/7/2018 -- 04:18:56 - <Config> - stream "async-oneside": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "checksum-validation": disabled
17/7/2018 -- 04:18:56 - <Config> - stream."inline": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "bypass": disabled
17/7/2018 -- 04:18:56 - <Config> - stream "max-synack-queued": 5
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "memcap": 134217728
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "depth": 0
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "toserver-chunk-size": 2629
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "toclient-chunk-size": 2577
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly.raw: enabled
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 4, prealloc 256
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 16, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 112, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 248, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 512, prealloc 512
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 768, prealloc 1024
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 1460, prealloc 1024
17/7/2018 -- 04:18:56 - <Config> - segment pool: pktsize 65535, prealloc 128
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "chunk-prealloc": 250
17/7/2018 -- 04:18:56 - <Config> - stream.reassembly "zero-copy-size": 128
17/7/2018 -- 04:18:56 - <Config> - Delayed detect disabled
17/7/2018 -- 04:18:56 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/7/2018 -- 04:18:56 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/7/2018 -- 04:18:56 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/7/2018 -- 04:18:56 - <Config> - prefilter engines: MPM
17/7/2018 -- 04:18:56 - <Config> - IP reputation disabled
17/7/2018 -- 04:18:56 - <Perf> - Registered 132 keyword profiling counters.
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-ftp.rules
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-policy.rules
17/7/2018 -- 04:18:56 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-trojan.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-games.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-pop3.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-user_agents.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-activex.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-rpc.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-attack_response.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-icmp.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-scan.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-voip.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-chat.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-icmp_info.rules
17/7/2018 -- 04:19:04 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-info.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-shellcode.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_client.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-imap.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_server.rules
17/7/2018 -- 04:19:05 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-current_events.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-inappropriate.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-smtp.rules
17/7/2018 -- 04:19:09 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-web_specific_apps.rules
17/7/2018 -- 04:19:12 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-deleted.rules
17/7/2018 -- 04:19:12 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-malware.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-snmp.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-worm.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dns.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-misc.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-sql.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dos.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-netbios.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-telnet.rules
17/7/2018 -- 04:19:13 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-exploit.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-p2p.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-tftp.rules
17/7/2018 -- 04:19:14 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-mobile_malware.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-botcc.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-compromised.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-drop.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-dshield.rules
17/7/2018 -- 04:19:15 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-tor.rules
17/7/2018 -- 04:19:16 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/ET-ciarmy.rules
17/7/2018 -- 04:19:16 - <Config> - Loading rule file: /opt/suricata323/etc/etpro/local.rules
17/7/2018 -- 04:19:16 - <Info> - 44 rule files processed. 39568 rules successfully loaded, 0 rules failed
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tcp-packet
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tcp-stream
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for udp-packet
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for other-ip
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_uri
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_request_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_client_body
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_response_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_header
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_method
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_cookie
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_cookie
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_uri
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_user_agent
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_host
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_raw_host
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_stat_msg
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_stat_code
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for dns_query
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_sni
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for file_data
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for file_data
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_request_line
17/7/2018 -- 04:19:17 - <Perf> - using shared mpm ctx' for http_response_line
17/7/2018 -- 04:19:17 - <Info> - 39573 signatures processed. 1175 are IP-only rules, 15759 are inspecting packet payload, 27415 inspect application layer, 0 are decoder event only
17/7/2018 -- 04:19:17 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/7/2018 -- 04:19:17 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/7/2018 -- 04:19:17 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/7/2018 -- 04:19:17 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/7/2018 -- 04:19:17 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/7/2018 -- 04:19:17 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/7/2018 -- 04:19:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/7/2018 -- 04:19:21 - <Perf> - Unique rule groups: 104
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/7/2018 -- 04:19:21 - <Perf> - Builtin MPM "other IP packet": 3
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_header": 10
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_header": 6
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_method": 5
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 5
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver http_host": 1
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/7/2018 -- 04:19:21 - <Perf> - AppLayer MPM "toclient file_data": 7
17/7/2018 -- 04:19:25 - <Perf> - Registered 39573 rule profiling counters.
17/7/2018 -- 04:19:25 - <Info> - Threshold config parsed: 0 rule(s) found
17/7/2018 -- 04:19:25 - <Info> - fast output device (regular) initialized: alert
17/7/2018 -- 04:19:25 - <Info> - eve-log output device (regular) initialized: eve.json
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'alert'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'http'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'dns'
17/7/2018 -- 04:19:25 - <Config> - enabling 'eve-log' module 'tls'
17/7/2018 -- 04:19:25 - 

This file has been truncated. Go here to download in full.