Filename: pcap (6).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.4718930721 seconds
Hash: 85c48cd536858e4629b13d2a603681f1
Uploaded: 1568631435

Logfiles


suricata-report-2019-09-16-T-10-57-43-09162019.1057-pcap_6.pcap.txt - (17764 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/85c48cd536858e4629b13d2a603681f156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1057-pcap_6.pcap -vvv -k none
elapsedtime:26.486888
stderr:
stdout:
16/9/2019 -- 10:57:16 - <Info> - Configuration node 'rule-files' redefined.
16/9/2019 -- 10:57:16 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/9/2019 -- 10:57:16 - <Info> - CPUs/cores online: 1
16/9/2019 -- 10:57:16 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31209 and 'request-body-inspect-window' set to 16682 after randomization.
16/9/2019 -- 10:57:16 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32980 and 'response-body-inspect-window' set to 16568 after randomization.
16/9/2019 -- 10:57:16 - <Config> - DNS request flood protection level: 500
16/9/2019 -- 10:57:16 - <Config> - DNS per flow memcap (state-memcap): 524288
16/9/2019 -- 10:57:16 - <Config> - DNS global memcap: 16777216
16/9/2019 -- 10:57:16 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/9/2019 -- 10:57:16 - <Config> - preallocated 1000 hosts of size 136
16/9/2019 -- 10:57:16 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/9/2019 -- 10:57:16 - <Config> - using magic-file /usr/share/file/magic
16/9/2019 -- 10:57:16 - <Config> - Core dump size is unlimited.
16/9/2019 -- 10:57:16 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/9/2019 -- 10:57:16 - <Config> - preallocated 1000 defrag trackers of size 168
16/9/2019 -- 10:57:16 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/9/2019 -- 10:57:16 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/9/2019 -- 10:57:16 - <Config> - stream "memcap": 33554432
16/9/2019 -- 10:57:16 - <Config> - stream "midstream" session pickups: disabled
16/9/2019 -- 10:57:16 - <Config> - stream "async-oneside": disabled
16/9/2019 -- 10:57:16 - <Config> - stream "checksum-validation": disabled
16/9/2019 -- 10:57:16 - <Config> - stream."inline": disabled
16/9/2019 -- 10:57:16 - <Config> - stream "bypass": disabled
16/9/2019 -- 10:57:16 - <Config> - stream "max-synack-queued": 5
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly "memcap": 134217728
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly "depth": 0
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly "toserver-chunk-size": 2607
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly "toclient-chunk-size": 2581
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly.raw: enabled
16/9/2019 -- 10:57:16 - <Config> - stream.reassembly "segment-prealloc": 2048
16/9/2019 -- 10:57:16 - <Config> - Delayed detect disabled
16/9/2019 -- 10:57:16 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/9/2019 -- 10:57:16 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/9/2019 -- 10:57:16 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/9/2019 -- 10:57:16 - <Config> - prefilter engines: MPM
16/9/2019 -- 10:57:16 - <Config> - IP reputation disabled
16/9/2019 -- 10:57:16 - <Perf> - Registered 148 keyword profiling counters.
16/9/2019 -- 10:57:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/9/2019 -- 10:57:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/9/2019 -- 10:57:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/9/2019 -- 10:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/9/2019 -- 10:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/9/2019 -- 10:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/9/2019 -- 10:57:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/9/2019 -- 10:57:22 - <Config> - No rules loaded from ET-icmp.rules.
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/9/2019 -- 10:57:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/9/2019 -- 10:57:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/9/2019 -- 10:57:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/9/2019 -- 10:57:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/9/2019 -- 10:57:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/9/2019 -- 10:57:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/9/2019 -- 10:57:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/9/2019 -- 10:57:29 - <Config> - No rules loaded from local.rules.
16/9/2019 -- 10:57:29 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/9/2019 -- 10:57:29 - <Info> - Threshold config parsed: 0 rule(s) found
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tcp-packet
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tcp-stream
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for udp-packet
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for other-ip
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_uri
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_client_body
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_accept
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_accept_enc
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_accept_lang
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_referer
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_connection
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_method
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_raw_uri
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_user_agent
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_host
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_raw_host
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_stat_msg
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_stat_code
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for dns_query
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tls_sni
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 10:57:30 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 10:57:30 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/9/2019 -- 10:57:30 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/9/2019 -- 10:57:30 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/9/2019 -- 10:57:30 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/9/2019 -- 10:57:30 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/9/2019 -- 10:57:30 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/9/2019 -- 10:57:30 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/9/2019 -- 10:57:30 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/9/2019 -- 10:57:37 - <Perf> - Unique rule groups: 104
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/9/2019 -- 10:57:37 - <Perf> - Builtin MPM "other IP packet": 3
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_header": 10
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_header": 6
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_start": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_method": 5
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver http_host": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toserver file_data": 1
16/9/2019 -- 10:57:37 - <Perf> - AppLayer MPM "toclient file_data": 7
16/9/2019 -- 10:57:39 - <Perf> - Registered 39590 rule profiling counters.
16/9/2019 -- 10:57:39 - <Info> - fast output device (regular) initialized: alert
16/9/2019 -- 10:57:39 - <Info> - eve-log output device (regular) initialized: eve.json
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'alert'
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'http'
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'dns'
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'tls'
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'files'
16/9/2019 -- 10:57:39 - <Config> - enabling 'eve-log' module 'ssh'
16/9/2019 -- 10:57:39 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/9/2019 -- 10:57:39 - <Info> - stats output device (regular) initialized: stats.log
16/9/2019 -- 10:57:39 - <Config> - AutoFP mode using "Hash" flow load balancer
16/9/2019 -- 10:57:39 - <Info> - reading pcap file /var/pcap/09162019.1057-pcap_6.pcap
16/9/2019 -- 10:57:39 - <Config> - using 1 flow manager threads
16/9/2019 -- 10:57:39 - <Config> 

This file has been truncated. Go here to download in full.


packet_stats.log - (14701 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1           272         13485890     3925023428    2896677520        787.9b    1.62
 IPv4       6         16999          7653674     3933692326    2820351100      47943.1b   98.38
 IPv4      17             4        829537272     1254567336     966029142          3.9b    0.01
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1           272           114082        8293710        273679         74.4m    1.29
TMM_FLOWWORKER              IPv4       6         16999           114672       41841750        321393          5.5b   94.67
TMM_FLOWWORKER              IPv4      17             4           854342        1532890       1071902          4.3m    0.07
TMM_RECEIVEPCAPFILE         IPv4       1           272             4426          38794          5022          1.4m    0.02
TMM_RECEIVEPCAPFILE         IPv4       6         16911             4412       27241960          6811        115.2m    2.00
TMM_RECEIVEPCAPFILE         IPv4      17             4             4454           4688          4514         18.1k    0.00
TMM_DECODEPCAPFILE          IPv4       1           272             4582          23290          6350          1.7m    0.03
TMM_DECODEPCAPFILE          IPv4       6         16911             4552       18005328          6532        110.5m    1.91
TMM_DECODEPCAPFILE          IPv4      17             4             4690          14510          7701         30.8k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1           116             4614          48012          7607        882.4k  0.02  
flow                    IPv4       6         16911             4588         255636          7808        132.1m  2.79  
flow                    IPv4      17             4             5564          17834          9187         36.8k  0.00  
stream                  IPv4       6         16999             4486        7924784          8929        151.8m  3.21  
app-layer               IPv4      17             4            27516          81470         55122        220.5k  0.00  
detect                  IPv4       1           272            82550        8277280        256110         69.7m  1.47  
detect                  IPv4       6         16999            76792       41613898        251688          4.3b  90.36 
detect                  IPv4      17             4           660364        1261890        888732          3.6m  0.08  
tcp-prune               IPv4       6         16999             4418        4260100          5778         98.2m  2.07  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6            38520          70996         46182        277.1k  58.80 
ssh                     IPv4       6             6             7088          38518         13215         79.3k  16.83 
dns                     IPv4      17             4             8866          71230         28711        114.8k  24.37 
Proto detect            IPv4       6            32             4882          18336         10556        337.8k
Proto detect            IPv4      17             2            10990          35438         23214         46.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6          1430            11892        2531072         39633         56.7m  25.32 
LOGGER_UNIFIED2             IPv4       6          1430            20046         239530         38539         55.1m  24.62 
LOGGER_JSON_ALERT           IPv4       6          1430            31748        7124952         71657        102.5m  45.78 
LOGGER_JSON_SSH             IPv4       6            90             6614         281644         74911          6.7m  3.01  
LOGGER_JSON_DNS             IPv4      17             4            43702         144934         89450        357.8k  0.16  
LOGGER_JSON_HTTP            IPv4       6             6            68240         279082        149663        898.0k  0.40  
LOGGER_JSON_FILE            IPv4       6             9            64682         550826        176588          1.6m  0.71  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1           268             5332          97202         20189         5.4m  5.40  
payload                           IPv4       6          1000             4454         905186         47373        47.4m  47.27 
payload                           IPv4      17             4            35042         199788        121595       486.4k  0.49  
stream                            IPv4       6          1000             4428        1527656         35439        35.4m  35.36 
http_uri                          IPv4       6             6            24954         610276        227367         1.4m  1.36  
http_request_line                 IPv4       6             6            11850          47188         19271       115.6k  0.12  
http_client_body                  IPv4       6             6             5900         457212        132109       792.7k  0.79  
http_header (request)             IPv4       6             6           125336         869812        361386         2.2m  2.16  
http_header (request trailer)     IPv4       6             6             4542           6030          4854        29.1k  0.03  
http_header_names (request)       IPv4       6             6            40540         168698         64321       385.9k  0.39  
http_accept (request)             IPv4       6             6             6170          19632          8477        50.9k  0.05  
http_referer (request)            IPv4       6             6             5610           7438          6008        36.0k  0.04  
http_content_len (request)        IPv4       6             6             5828          20410          9527        57.2k  0.06  
http_content_type (request)       IPv4       6             6             5916          80448         21845       131.1k  0.13  
http_protocol (request)           IPv4       6             6             8654          25872         12017        72.1k  0.07  
http_start (request)              IPv4       6             6            26292          84462         38574       231.4k  0.23  
http_raw_header (request)         IPv4       6             6            28362          74914         38714       232.3k  0.23  
http_method                       IPv4       6             6            12550          42146         18423       110.5k  0.11  
http_cookie (request)             IPv4       6             6             5296          16866          7996        48.0k  0.05  
http_raw_uri                      IPv4       6             6            10132          43296         22879       137.3k  0.14  
http_user_agent                   IPv4       6             6            32968         148276         53374       320.2k  0.32  
http_host                         IPv4       6             6            11064          28234         15135        90.8k  0.09  
dns_query                         IPv4      17             2            16512          53986         35249        70.5k  0.07  
ssh_proto (request)               IPv4       6           562             4422          32744          6199         3.5m  3.48  
http_response_line                IPv4       6             6            12384          45878         18415       110.5k  0.11  
http_header (response)            IPv4       6             6            66182         252598        100107       600.6k  0.60  
http_header (response trailer)    IPv4       6             6             4502           6866          5193        31.2k  0.03  
http_content_type (response)      IPv4       6             6            16056         432400         92794       556.8k  0.56  
http_raw_header (response)        IPv4       6             6            14938          39500         21887       131.3k  0.13  
http_cookie (response)            IPv4       6             6             5432           7396          6423        38.5k  0.04  
http_stat_code                    IPv4       6             6            11572          49484         18622       111.7k  0.11  
Total                             IPv4                  2986                                         33563       100.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1           234            11168        8130348         90785         21.2m  0.57  
PROF_DETECT_IPONLY          IPv4       6          5426             7354        7559260         71843        389.8m  10.51 
PROF_DETECT_IPONLY          IPv4      17             4            54964          66854         59638        238.6k  0.01  
PROF_DETECT_RULES           IPv4       1           272             4468          74332         20324          5.5m  0.15  
PROF_DETECT_RULES           IPv4       6         16999             4416       24944848        107872          1.8b  49.42 
PROF_DETECT_RULES           IPv4      17             4           353360         793462        510017          2.0m  0.05  
PROF_DETECT_STATEFUL_START    IPv4       6            18             9046        1812030        380107          6.8m  0.18  
PROF_DETECT_STATEFUL_CONT    IPv4       1           272             4392          29300          5202          1.4m  0.04  
PROF_DETECT_STATEFUL_CONT    IPv4       6         16999             4388         465338          6521        110.9m  2.99  
PROF_DETECT_STATEFUL_CONT    IPv4      17             4            22408          32758         28310        113.2k  0.00  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1895             4432         470458          6200         11.7m  0.32  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             4792           6140          5516         22.1k  0.00  
PROF_DETECT_PREFILTER       IPv4       1           272            13694         161998         54667         14.9m  0.40  
PROF_DETECT_PREFILTER       IPv4       6         16999            13364        7438518         27537        468.1m  12.62 
PROF_DETECT_PREFILTER       IPv4      17             4           105884         299858        202673        810.7k  0.02  
PROF_DETECT_PF_PAYLOAD      IPv4       1           268            14190         108848         30780          8.2m  0.22  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1000            22398        1555268         99905         99.9m  2.69  
PROF_DETECT_PF_PAYLOAD      IPv4      17             4            43942         209056        130634        522.5k  0.01  
PROF_DETECT_PF_TX           IPv4       6          1895             4472        2428838         14588         27.6m  0.75  
PROF_DETECT_PF_TX           IPv4      17             2            26786          64372         45579         91.2k  0.00  
PROF_DETECT_PF_SORT1        IPv4       1            36             4454          46456          6386        229.9k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           492             4434          31740          5993          2.9m  0.08  
PROF_DETECT_PF_SORT1        IPv4      17             4             6214           7134          6597         26.4k  0.00  
PROF_DETECT_PF_SORT2        IPv4       1           272             4438          21620          5934          1.6m  0.04  
PROF_DETECT_PF_SORT2        IPv4       6         16999             4402         435994          5537         94.1m  2.54  
PROF_DETECT_PF_SORT2        IPv4      17             4             5894          37890         21828         87.3k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       1           272             4404        7027558         31359          8.5m  0.23  
PROF_DETECT_NONMPMLIST      IPv4       6         16999             4414        8316700          6207        105.5m  2.84  
PROF_DETECT_NONMPMLIST      IPv4      17             4             5076          22736         10055         40.2k  0.00  
PROF_DETECT_ALERT           IPv4       1           272             4414         127880          6507          1.8m  0.05  
PROF_DETECT_ALERT           IPv4       6         16999             4402       40973410         13583        230.9m  6.22  
PROF_DETECT_ALERT           IPv4      17             4             4432           4822          4641         18.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       1           272             4424          34192          5398          1.5m  0.04  
PROF_DETECT_CLEANUP         IPv4       6         16999             4450         448444          5974        101.6m  2.74  
PROF_DETECT_CLEANUP         IPv4      17             4             5164           5658          5514         22.1k  0.00  
PROF_DETECT_GETSGH          IPv4       1           272             4458          27284          5709          1.6m  0.04  
PROF_DETECT_GETSGH          IPv4       6         16999             4398        7774402          9180        156.1m  4.21  
PROF_DETECT_GETSGH          IPv4      17             4             9572          11268         10467         41.9k  0.00  


suricata-4.0.0-etpro-all-alert-2019-09-16-T-10-57-43-09162019.1057-pcap_6.pcap.txt - (277767 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
09/11/2019-05:29:53.373705  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34314 -> 134.148.151.169:22
09/11/2019-05:29:53.582343  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:44880 -> 159.180.83.242:22
09/11/2019-05:29:53.631543  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:41270 -> 20.185.228.19:22
09/11/2019-05:29:53.665259  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:43046 -> 125.109.220.17:22
09/11/2019-05:29:53.697066  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34936 -> 156.215.222.239:22
09/11/2019-05:29:53.726829  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34248 -> 134.45.106.216:22
09/11/2019-05:29:53.749477  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:37108 -> 136.8.145.175:22
09/11/2019-05:29:53.775241  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:58142 -> 95.165.224.57:22
09/11/2019-05:29:53.814937  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34984 -> 104.68.74.113:22
09/11/2019-05:29:53.865562  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:47566 -> 182.208.15.199:22
09/11/2019-05:29:53.893423  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:42086 -> 108.145.207.64:22
09/11/2019-05:29:53.925877  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:36898 -> 175.33.97.240:22
09/11/2019-05:29:53.967217  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:48328 -> 8.148.184.155:22
09/11/2019-05:29:54.005313  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:58262 -> 26.97.202.205:22
09/11/2019-05:29:54.029255  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:36668 -> 24.137.4.158:22
09/11/2019-05:29:54.077259  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:56788 -> 113.197.139.134:22
09/11/2019-05:29:54.109507  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:49862 -> 186.104.228.110:22
09/11/2019-05:29:54.133119  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:48944 -> 22.152.163.22:22
09/11/2019-05:29:54.165458  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:40282 -> 68.12.77.152:22
09/11/2019-05:29:54.185780  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:38462 -> 215.205.113.155:22
09/11/2019-05:29:54.217299  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:38918 -> 196.179.117.12:22
09/11/2019-05:29:54.257453  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:45718 -> 192.65.90.235:22
09/11/2019-05:29:54.276125  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:38544 -> 180.53.220.177:22
09/11/2019-05:29:54.300718  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:35802 -> 28.213.66.216:22
09/11/2019-05:29:54.333090  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:52032 -> 136.50.166.128:22
09/11/2019-05:29:54.357252  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:57230 -> 191.133.114.165:22
09/11/2019-05:29:54.387171  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:56378 -> 5.107.8.42:22
09/11/2019-05:29:54.396739  [**] [1:2400012:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 13 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 160.124.193.212:22 -> 192.168.122.51:46486
09/11/2019-05:29:54.413298  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:33894 -> 217.7.132.32:22
09/11/2019-05:29:54.434308  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:49378 -> 13.179.39.210:22
09/11/2019-05:29:54.457495  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:35902 -> 45.105.111.115:22
09/11/2019-05:29:54.487498  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:60580 -> 150.145.232.70:22
09/11/2019-05:29:54.510691  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:54638 -> 81.157.81.230:22
09/11/2019-05:29:54.561107  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:55370 -> 45.77.12.210:22
09/11/2019-05:29:54.598339  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:33410 -> 41.139.163.197:22
09/11/2019-05:29:54.600051  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:33278 -> 8.11.204.69:22
09/11/2019-05:29:54.622756  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:41886 -> 222.120.235.196:22
09/11/2019-05:29:54.633637  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:49404 -> 109.46.9.203:22
09/11/2019-05:29:54.650216  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:37822 -> 130.31.238.206:22
09/11/2019-05:29:54.663873  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34352 -> 211.152.158.26:22
09/11/2019-05:29:54.673633  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:53992 -> 68.43.96.6:22
09/11/2019-05:29:54.696383  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:36608 -> 43.197.123.223:22
09/11/2019-05:29:54.723334  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:58390 -> 142.181.131.91:22
09/11/2019-05:29:54.728026  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:43160 -> 221.136.119.64:22
09/11/2019-05:29:54.735487  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:52340 -> 189.22.11.37:22
09/11/2019-05:29:54.757283  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:35460 -> 48.178.160.9:22
09/11/2019-05:29:54.759982  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:60902 -> 79.145.194.219:22
09/11/2019-05:29:54.769227  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:48322 -> 114.53.178.173:22
09/11/2019-05:29:54.792210  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:56496 -> 208.112.31.71:22
09/11/2019-05:29:54.812228  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:55518 -> 76.202.170.247:22
09/11/2019-05:29:54.824004  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:38940 -> 208.96.234.161:22
09/11/2019-05:29:54.840527  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:52646 -> 23.207.196.174:22
09/11/2019-05:29:54.855886  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:50258 -> 39.115.50.185:22
09/11/2019-05:29:54.873022  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:59828 -> 93.61.168.46:22
09/11/2019-05:29:54.887967  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:51306 -> 43.133.182.170:22
09/11/2019-05:29:54.918223  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:47964 -> 111.88.23.12:22
09/11/2019-05:29:54.922219  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:48448 -> 42.45.133.173:22
09/11/2019-05:29:54.946653  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:46588 -> 151.85.57.138:22
09/11/2019-05:29:54.952108  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:36898 -> 175.33.97.240:22
09/11/2019-05:29:54.969604  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:57582 -> 146.193.101.42:22
09/11/2019-05:29:54.983905  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:52528 -> 24.205.152.24:22
09/11/2019-05:29:55.007213  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:57580 -> 104.60.68.50:22
09/11/2019-05:29:55.016224  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:35710 -> 15.92.196.47:22
09/11/2019-05:29:55.048068  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:59502 -> 34.220.216.191:22
09/11/2019-05:29:55.069725  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:54308 -> 195.69.222.84:22
09/11/2019-05:29:55.080155  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:46928 -> 150.15.77.243:22
09/11/2019-05:29:55.101909  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:47848 -> 63.178.159.94:22
09/11/2019-05:29:55.112140  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:35300 -> 21.189.124.94:22
09/11/2019-05:29:55.144119  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:54072 -> 209.138.45.120:22
09/11/2019-05:29:55.144197  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:44700 -> 124.81.68.66:22
09/11/2019-05:29:55.207923  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:58136 -> 176.163.74.179:22
09/11/2019-05:29:55.208079  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:57414 -> 149.94.24.200:22
09/11/2019-05:29:55.271862  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:51682 -> 196.174.43.93:22
09/11/2019-05:29:55.301208  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:43766 -> 100.51.96.239:22
09/11/2019-05:29:55.303940  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:33510 -> 9.151.227.33:22
09/11/2019-05:29:55.335970  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:52032 -> 136.50.166.128:22
09/11/2019-05:29:55.367927  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:54034 -> 30.119.86.151:22
09/11/2019-05:29:55.368109  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:41204 -> 210.215.140.180:22
09/11/2019-05:29:55.400048  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:34958 -> 28.153.175.132:22
09/11/2019-05:29:55.463904  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:49318 -> 222.78.244.46:22
09/11/2019-05:29:55.464034  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:59538 -> 24.93.23.73:22
09/11/2019-05:29:55.496312  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:43916 -> 37.50.97.210:22
09/11/2019-05:29:55.528063  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:41054 -> 37.10.183.178:22
09/11/2019-05:29:55.560112  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.122.51:57540 -> 69.200.180.98:22
09/11/2019-05:29:55.605632  [**] [1:2003068:7] ET SCAN Poten

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-16-T-10-57-43-09162019.1057-pcap_6.pcap.txt - (30806 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:57:42. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001580      1        15       57745854     6.05   7137     0        19607570    8091.05     0.00        8091.05    
  2        2102523      1        8        106667352    11.18  14386    0        12970998    7414.66     0.00        7414.66    
  3        2002911      1        6        46288286     4.85   7137     0        7987250     6485.68     0.00        6485.68    
  4        2002994      1        7        45784210     4.80   7137     0        7374900     6415.05     0.00        6415.05    
  5        2102523      1        8        45982802     4.82   7275     0        7286904     6320.66     0.00        6320.66    
  6        2002995      1        10       46153024     4.84   7137     0        7282236     6466.73     0.00        6466.73    
  7        2010938      1        3        45302398     4.75   7137     0        7138516     6347.54     0.00        6347.54    
  8        2001219      1        20       47906864     5.02   7137     38       6744014     6712.47     34534.32    6563.54    
  9        2003068      1        7        203381622    21.32  7137     7136     6688704     28496.79    28500.16    4478.00    
  10       2002910      1        6        38676724     4.05   7137     0        836808      5419.19     0.00        5419.19    
  11       2806561      1        5        39656650     4.16   7137     0        832612      5556.49     0.00        5556.49    
  12       2013506      1        1        39861484     4.18   7137     0        422296      5585.19     0.00        5585.19    
  13       2002992      1        7        38335764     4.02   7137     0        399814      5371.41     0.00        5371.41    
  14       2001582      1        15       38661636     4.05   7137     0        371300      5417.07     0.00        5417.07    
  15       2809861      1        6        168564       0.02   1        0        168564      168564.00   0.00        168564.00  
  16       2021079      1        3        156874       0.02   1        0        156874      156874.00   0.00        156874.00  
  17       2021067      1        2        449986       0.05   6        0        154348      74997.67    0.00        74997.67   
  18       2002993      1        7        38254646     4.01   7137     0        154150      5360.05     0.00        5360.05    
  19       2018264      1        8        3515618      0.37   85       0        151150      41360.21    0.00        41360.21   
  20       2022901      1        2        150970       0.02   1        0        150970      150970.00   0.00        150970.00  
  21       2021038      1        4        197606       0.02   2        0        150082      98803.00    0.00        98803.00   
  22       2816895      1        2        142958       0.01   1        0        142958      142958.00   0.00        142958.00  
  23       2821471      1        2        140004       0.01   1        0        140004      140004.00   0.00        140004.00  
  24       2009702      1        5        186250       0.02   4        0        138572      46562.50    0.00        46562.50   
  25       2023083      1        2        391758       0.04   6        0        138448      65293.00    0.00        65293.00   
  26       2822979      1        3        488988       0.05   6        0        136148      81498.00    0.00        81498.00   
  27       2819993      1        2        136098       0.01   1        0        136098      136098.00   0.00        136098.00  
  28       2020029      1        2        135836       0.01   1        0        135836      135836.00   0.00        135836.00  
  29       2017259      1        12       237204       0.02   2        0        134310      118602.00   0.00        118602.00  
  30       2814883      1        3        132670       0.01   1        0        132670      132670.00   0.00        132670.00  
  31       2810991      1        4        235876       0.02   2        0        129994      117938.00   0.00        117938.00  
  32       2014363      1        7        178294       0.02   4        0        126596      44573.50    0.00        44573.50   
  33       2014380      1        4        429974       0.05   8        0        120186      53746.75    0.00        53746.75   
  34       2811390      1        2        117712       0.01   1        0        117712      117712.00   0.00        117712.00  
  35       2807970      1        8        114006       0.01   1        0        114006      114006.00   0.00        114006.00  
  36       2019094      1        5        112722       0.01   1        0        112722      112722.00   0.00        112722.00  
  37       2021418      1        9        112198       0.01   1        0        112198      112198.00   0.00        112198.00  
  38       2827279      1        5        302252       0.03   6        0        107720      50375.33    0.00        50375.33   
  39       2828986      1        2        461824       0.05   6        0        106442      76970.67    0.00        76970.67   
  40       2021413      1        2        102312       0.01   1        0        102312      102312.00   0.00        102312.00  
  41       2018407      1        9        102156       0.01   1        0        102156      102156.00   0.00        102156.00  
  42       2022502      1        4        309960       0.03   6        0        101954      51660.00    0.00        51660.00   
  43       2014405      1        10       155464       0.02   2        0        100354      77732.00    0.00        77732.00   
  44       2828212      1        2        168458       0.02   2        0        100324      84229.00    0.00        84229.00   
  45       2017948      1        2        100054       0.01   1        0        100054      100054.00   0.00        100054.00  
  46       2828060      1        4        466570       0.05   6        0        95498       77761.67    0.00        77761.67   
  47       2826256      1        2        303350       0.03   6        0        95370       50558.33    0.00        50558.33   
  48       2809363      1        3        94930        0.01   1        0        94930       94930.00    0.00        94930.00   
  49       2015877      1        6        93992        0.01   1        0        93992       93992.00    0.00        93992.00   
  50       2010939      1        3        38546792     4.04   7137     0        92416       5400.98     0.00        5400.98    
  51       2805564      1        4        91282        0.01   1        0        91282       91282.00    0.00        91282.00   
  52       2816660      1        3        399892       0.04   6        0        90964       66648.67    0.00        66648.67   
  53       2020768      1        2        88530        0.01   1        0        88530       88530.00    0.00        88530.00   
  54       2816055      1        2        88028        0.01   1        0        88028       88028.00    0.00        88028.00   
  55       2820367      1        2        87838        0.01   1        0        87838       87838.00    0.00        87838.00   
  56       2014778      1        4        86664        0.01   1        0        86664       86664.00    0.00        86664.00   
  57       2816365      1        3        84918        0.01   1        0        84918       84918.00    0.00        84918.00   
  58       2022197      1        3        272788       0.03   6        0        84128       45464.67    0.00        45464.67   
  59       2829848      1        2        402696       0.04   6        0        84070       67116.00    0.00        67116.00   
  60       2828876      1        1        4298076      0.45   681      0        81836       6311.42     0.00        6311.42    
  61       2816356      1        2        351324       0.04   6        0        80534       58554.00    0.00        58554.00   
  62       2017552      1        6        430330       0.05   12       0        80368       35860.83    0.00        35860.83   
  63       2017261      1        3        76482        0.01   1        0        76482       76482.00    0.00        76482.00   
  64       2827641      1        2        76272        0.01   1        0        76272       76272.00    0.00        76272.00   
  65       2825092      1        2        76080        0.01   1        0        76080       76080.00    0.00        76080.00   
  66       2819785      1        2        75458        0.01   1        0        75458       75458.00    0.00        75458.00   
  67       2827980      1        2        327102       0.03   6        0        75336       54517.00    0.00        54517.00   
  68       2804556      1        2        73272        0.01   1        0        73272       73272.00    0.00        73272.00   
  69       2815568      1        2        72998        0.01   1        0        72998       72998.00    0.00        72998.00   
  70       2812433      1        2        71636        0.01   1        0        71636       71636.00    0.00        71636.00   
  71       2023917      1        3        71170        0.01   1        0        71170       71170.00    0.00        71170.00   
  72       2020181      1        8        70274        0.01   1        0        70274       70274.00    0.00        70274.00   
  73       2828008      1        2        264208       0.03   6        0        70206       44034.67    0.00        44034.67   
  74       2016809      1        5        68806        0.01   1        0        68806       68806.00    0.00        68806.00   
  75       2014643      1        7        68258        0.01   1        0        68258       68258.00    0.00        68258.00   
  76       2809511      1        4        68224        0.01   1        0        68224       68224.00    0.00        68224.00   
  77       2807793      1        4        68190        0.01   1        0        68190       68190.00    0.00        68190.00   
  78       2816165      1        5        266738       0.03   6        0        67676       44456.33    0.00        44456.33   
  79       2822562      1        2        65810        0.01   1        0        65810       65810.00    0.00        65810.00   
  80       2016869      1        3        65614        0.01   1        0        65614       65614.00    0.00        65614.00   
  81       2827580      1        7        187958       0.02   4        0        65604       46989.50    0.00        46989.50   
  82       2820263      1        5        63730        0.01   1        0        63730       63730.00    0.00        63730.00   
  83       2808214      1        3        63710        0.01   1        0        63710       63710.00    0.00        63710.00   
  84       2806132      1        3        119294       0.01   2        0        63044       59647.00    0.00        59647.00   
  85       2020698      1        2        62816        0.01   1        0        62816       62816.00    0.00        62816.00   
  86       2808275      1        2        62192        0.01   1        0        62192       62192.00    0.00        62192.00   
  87       2014967      1        3        62112        0.01   1        0        62112       62112.00    0.00        62112.00   
  88       2020794      1        2        61098        0.01   1        0        61098       61098.00    0.00        61098.00   
  89       2821569      1        7        60930        0.01   1        0        60930       60930.00    0.00        60930.00   
  90       2020694      1        1        59678        0.01   1        0        59678       59678.00    0.00        59678.00   
  91       2014803      1        7        59410        0.01   1        0        59410       59410.00    0.00        59410.00   
  92       2017914      1        2        59158        0.01   1        0        59158       59158.00    0.00        59158.00   
  93       2015872      1        6        59018        0.01   1        0        59018       59018.00    0.00        59018.00   
  94       2020691      1        1        59002        0.01   1        0        59002       59002.00    0.00        59002.00   
  95       2020787      1        2        92578        0.01   2        0        58854       46289.00    0.00        46289.00   
  96       2020696      1        1        58622        0.01   1        0        58622       58622.00    0.00        58622.00   
  97       2812785      1        3        58512        0.01   1        0        58512       58512.00    0.00        58512.00   
  98       2020610      1        3        57974        0.01   1        0        57974       57974.00    0.00        57974.00   
  99       2020608      1        4        55230        0.01   1        0        55230       55230.00    0.00        55230.00   
  100      2012328      1        6        103854       0.01   4        0        54902       25963.50    0.00        25963.50   
  101      2018054      1        1        54072        0.01   1        0        54072       54072.00    0.00        54072.00   
  102      2016706      1        20       54064        0.01   1        0        54064       54064.00    0.00        54064.00   
  103      2828479      1        2        53740        0.01   1        0        53740       53740.00    0.00        53740.00   
  104      2018287      1        2        53650        0.01   1        0        53650       53650.00    0.00        53650.00   
  105      2020612      1        3        53632        0.01   1        0        53632       53632.00    0.00        53632.00   
  106      2020936      1        3        53520        0.01   1        0        53520       53520.00    0.00        53520.00   
  107      2014130      1        2        565766       0.06   91       0        53274       6217.21     0.00        6217.21    
  108      2810578      1        3        52838        0.01   1        0        52838       52838.00    0.00        52838.00   
  109      2024606      1        2        52558        0.01   1        0        52558       52558.00    0.00        52558.00   
  110      2809118      1        4        52354        0.01   1        0        52354       52354.00    0.00        52354.00   
  111      2016985      1        2        51956        0.01   1        0        51956       51956.00    0.00        51956.00   
  112      2823858      1        3        51560        0.01   1        0        51560       51560.00    0.00        51560.00   
  113      2021506      1        4        50432        0.01   1        0        50432       50432.00    0.00        50432.00   
  114      2828480      1        2        48646        0.01   1        0        48646       48646.00    0.00        48646.00   
  115      2019609      1        1        87144        0.01   4        0        47134       21786.00    0.00        21786.00   
  116      2014376      1        3        95632        0.01   4        0        46566       23908.00    0.00        23908.00   
  117      2809074      1        2        46320        0.00   1        0        46320       46320.00    0.00        46320.00   
  118      2803760      1        3        72712        0.01   2        0        45920       36356.00    0.00        36356.00   
  119      2016537      1        2        171384       0.02   6        0        44136       28564.00    0.00        28564.00   
  120      2022330      1        2        1739970      0.18   268      0        43032       6492.43     0.00        6492.43    
  121      2022543      1        1        42452        0.00   1        0        42452       42452.00    0.00        42452.00   
  122      2023611      1        3        39742        0.00   1        0        39742       39742.00    0.00        39742.00   
  123      2017935      1        3        1873786      0.20   308      0        39188       6083.72     0.00        6083.72    
  124      2102190      1        5        274408       0.03   34       0        39112       8070.82     0.00        8070.82    
  125      2000333      1        11       6

This file has been truncated. Go here to download in full.


stats.log - (3013 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 9/16/2019 -- 10:57:42 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 17189
decoder.bytes                              | Total                     | 1511299
decoder.ipv4                               | Total                     | 17187
decoder.ethernet                           | Total                     | 17189
decoder.tcp                                | Total                     | 16911
decoder.udp                                | Total                     | 4
decoder.icmpv4                             | Total                     | 272
decoder.avg_pkt_size                       | Total                     | 87
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 5171
flow.udp                                   | Total                     | 2
tcp.sessions                               | Total                     | 5171
tcp.syn                                    | Total                     | 14294
tcp.synack                                 | Total                     | 138
tcp.rst                                    | Total                     | 144
tcp.overlap                                | Total                     | 4
detect.alert                               | Total                     | 1430
detect.nonmpm_list                         | Total                     | 10
detect.fnonmpm_list                        | Total                     | 7
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 6
app_layer.flow.ssh                         | Total                     | 81
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
flow.spare                                 | Total                     | 9992
flow_mgr.flows_checked                     | Total                     | 20
flow_mgr.flows_notimeout                   | Total                     | 20
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65517
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7569376


eve.json - (582430 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-09-11T05:29:53.373705+0000","flow_id":687523438375881,"pcap_cnt":328,"event_type":"alert","src_ip":"192.168.122.51","src_port":34314,"dest_ip":"134.148.151.169","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.582343+0000","flow_id":252344467055303,"pcap_cnt":379,"event_type":"alert","src_ip":"192.168.122.51","src_port":44880,"dest_ip":"159.180.83.242","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.631543+0000","flow_id":1422254903763703,"pcap_cnt":387,"event_type":"alert","src_ip":"192.168.122.51","src_port":41270,"dest_ip":"20.185.228.19","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.665259+0000","flow_id":2059293043009195,"pcap_cnt":396,"event_type":"alert","src_ip":"192.168.122.51","src_port":43046,"dest_ip":"125.109.220.17","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.697066+0000","flow_id":2247253696815850,"pcap_cnt":404,"event_type":"alert","src_ip":"192.168.122.51","src_port":34936,"dest_ip":"156.215.222.239","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.726829+0000","flow_id":1215224595158829,"pcap_cnt":411,"event_type":"alert","src_ip":"192.168.122.51","src_port":34248,"dest_ip":"134.45.106.216","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.749477+0000","flow_id":1217260409679781,"pcap_cnt":422,"event_type":"alert","src_ip":"192.168.122.51","src_port":37108,"dest_ip":"136.8.145.175","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.775241+0000","flow_id":173067960702025,"pcap_cnt":434,"event_type":"alert","src_ip":"192.168.122.51","src_port":58142,"dest_ip":"95.165.224.57","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.814937+0000","flow_id":1649815155994457,"pcap_cnt":442,"event_type":"alert","src_ip":"192.168.122.51","src_port":34984,"dest_ip":"104.68.74.113","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.865562+0000","flow_id":1019992561759514,"pcap_cnt":457,"event_type":"alert","src_ip":"192.168.122.51","src_port":47566,"dest_ip":"182.208.15.199","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.893423+0000","flow_id":209343254471151,"pcap_cnt":463,"event_type":"alert","src_ip":"192.168.122.51","src_port":42086,"dest_ip":"108.145.207.64","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.925877+0000","flow_id":1638420607738037,"pcap_cnt":473,"event_type":"alert","src_ip":"192.168.122.51","src_port":36898,"dest_ip":"175.33.97.240","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:53.967217+0000","flow_id":200547161457201,"pcap_cnt":485,"event_type":"alert","src_ip":"192.168.122.51","src_port":48328,"dest_ip":"8.148.184.155","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.005313+0000","flow_id":1111436710515905,"pcap_cnt":495,"event_type":"alert","src_ip":"192.168.122.51","src_port":58262,"dest_ip":"26.97.202.205","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.029255+0000","flow_id":197532094460487,"pcap_cnt":508,"event_type":"alert","src_ip":"192.168.122.51","src_port":36668,"dest_ip":"24.137.4.158","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.077259+0000","flow_id":943207136505291,"pcap_cnt":518,"event_type":"alert","src_ip":"192.168.122.51","src_port":56788,"dest_ip":"113.197.139.134","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.109507+0000","flow_id":2004970296748995,"pcap_cnt":524,"event_type":"alert","src_ip":"192.168.122.51","src_port":49862,"dest_ip":"186.104.228.110","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.133119+0000","flow_id":434356591134719,"pcap_cnt":536,"event_type":"alert","src_ip":"192.168.122.51","src_port":48944,"dest_ip":"22.152.163.22","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.165458+0000","flow_id":1988696665654866,"pcap_cnt":547,"event_type":"alert","src_ip":"192.168.122.51","src_port":40282,"dest_ip":"68.12.77.152","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.185780+0000","flow_id":1378038215529908,"pcap_cnt":558,"event_type":"alert","src_ip":"192.168.122.51","src_port":38462,"dest_ip":"215.205.113.155","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.217299+0000","flow_id":1272257465962707,"pcap_cnt":566,"event_type":"alert","src_ip":"192.168.122.51","src_port":38918,"dest_ip":"196.179.117.12","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.257453+0000","flow_id":651875209899437,"pcap_cnt":576,"event_type":"alert","src_ip":"192.168.122.51","src_port":45718,"dest_ip":"192.65.90.235","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.276125+0000","flow_id":435374498395805,"pcap_cnt":581,"event_type":"alert","src_ip":"192.168.122.51","src_port":38544,"dest_ip":"180.53.220.177","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.300718+0000","flow_id":1250258643490478,"pcap_cnt":591,"event_type":"alert","src_ip":"192.168.122.51","src_port":35802,"dest_ip":"28.213.66.216","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.333090+0000","flow_id":76487031133474,"pcap_cnt":599,"event_type":"alert","src_ip":"192.168.122.51","src_port":52032,"dest_ip":"136.50.166.128","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.357252+0000","flow_id":387498497962884,"pcap_cnt":609,"event_type":"alert","src_ip":"192.168.122.51","src_port":57230,"dest_ip":"191.133.114.165","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.387171+0000","flow_id":651604626958435,"pcap_cnt":619,"event_type":"alert","src_ip":"192.168.122.51","src_port":56378,"dest_ip":"5.107.8.42","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.396739+0000","flow_id":184844761086301,"pcap_cnt":621,"event_type":"alert","src_ip":"160.124.193.212","src_port":22,"dest_ip":"192.168.122.51","dest_port":46486,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400012,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 13","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-11T05:29:54.413298+0000","flow_id":1497592925146738,"pcap_cnt":631,"event_type":"alert","src_ip":"192.168.122.51","src_port":33894,"dest_ip":"217.7.132.32","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.434308+0000","flow_id":2237688804712580,"pcap_cnt":637,"event_type":"alert","src_ip":"192.168.122.51","src_port":49378,"dest_ip":"13.179.39.210","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.457495+0000","flow_id":1373803377785623,"pcap_cnt":647,"event_type":"alert","src_ip":"192.168.122.51","src_port":35902,"dest_ip":"45.105.111.115","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.487498+0000","flow_id":450475603423306,"pcap_cnt":656,"event_type":"alert","src_ip":"192.168.122.51","src_port":60580,"dest_ip":"150.145.232.70","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.510691+0000","flow_id":528193036667619,"pcap_cnt":662,"event_type":"alert","src_ip":"192.168.122.51","src_port":54638,"dest_ip":"81.157.81.230","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.561107+0000","flow_id":2199974696882131,"pcap_cnt":669,"event_type":"alert","src_ip":"192.168.122.51","src_port":55370,"dest_ip":"45.77.12.210","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.598339+0000","flow_id":660117252088131,"pcap_cnt":678,"event_type":"alert","src_ip":"192.168.122.51","src_port":33410,"dest_ip":"41.139.163.197","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.600051+0000","flow_id":1423006523048158,"pcap_cnt":683,"event_type":"alert","src_ip":"192.168.122.51","src_port":33278,"dest_ip":"8.11.204.69","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.622756+0000","flow_id":1733532658598052,"pcap_cnt":688,"event_type":"alert","src_ip":"192.168.122.51","src_port":41886,"dest_ip":"222.120.235.196","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.633637+0000","flow_id":1768734210566949,"pcap_cnt":693,"event_type":"alert","src_ip":"192.168.122.51","src_port":49404,"dest_ip":"109.46.9.203","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.650216+0000","flow_id":2078474367069160,"pcap_cnt":699,"event_type":"alert","src_ip":"192.168.122.51","src_port":37822,"dest_ip":"130.31.238.206","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.663873+0000","flow_id":778924637361640,"pcap_cnt":704,"event_type":"alert","src_ip":"192.168.122.51","src_port":34352,"dest_ip":"211.152.158.26","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.673633+0000","flow_id":516729768920929,"pcap_cnt":712,"event_type":"alert","src_ip":"192.168.122.51","src_port":53992,"dest_ip":"68.43.96.6","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.696383+0000","flow_id":1883474261789017,"pcap_cnt":717,"event_type":"alert","src_ip":"192.168.122.51","src_port":36608,"dest_ip":"43.197.123.223","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.723334+0000","flow_id":555277100386694,"pcap_cnt":724,"event_type":"alert","src_ip":"192.168.122.51","src_port":58390,"dest_ip":"142.181.131.91","dest_port":22,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2003068,"rev":7,"signature":"ET SCAN Potential SSH Scan OUTBOUND","category":"Attempted Information Leak","severity":2}}
{"timestamp":"2019-09-11T05:29:54.728026+

This file has been truncated. Go here to download in full.


keyword_perf.log - (12069 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/16/2019 -- 10:57:42
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            45269872        7174            7174            6668274         6310.00         6310.00         0.00           
  flow             41449396        7356            7356            120712          5634.00         5634.00         0.00           
  threshold        43721916        7176            1430            129808          6092.00         6040.00         6105.00        
  content          3891046         421             271             50254           9242.00         9749.00         8326.00        
  pcre             960484          47              8               85554           20435.00        20903.00        20339.00       
  byte_test        237822          26              14              86690           9147.00         12293.00        5475.00        
  byte_jump        191834          15              0               82800           12788.00        0.00            12788.00       
  isdataat         638306          87              3               43008           7336.00         7220.00         7341.00        
  flowbits         49224           5               5               23902           9844.00         9844.00         0.00           
  urilen           122764          17              2               16154           7221.00         10944.00        6725.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            45269872        7174            7174            6668274         6310.00         6310.00         0.00           
  flow             41449396        7356            7356            120712          5634.00         5634.00         0.00           
  flowbits         5772            1               1               5772            5772.00         5772.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1697480         169             142             50254           10044.00        10433.00        7997.00        
  pcre             298516          15              0               80846           19901.00        0.00            19901.00       
  byte_test        237822          26              14              86690           9147.00         12293.00        5475.00        
  byte_jump        191834          15              0               82800           12788.00        0.00            12788.00       
  isdataat         638306          87              3               43008           7336.00         7220.00         7341.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         43452           4               4               23902           10863.00        10863.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        43721916        7176            1430            129808          6092.00         6040.00         6105.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          427390          44              26              24588           9713.00         10317.00        8840.00        
  pcre             266020          11              8               49760           24183.00        20903.00        32931.00       
  urilen           122764          17              2               16154           7221.00         10944.00        6725.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          178432          18              0               16978           9912.00         0.00            9912.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          79868           12              0               7936            6655.00         0.00            6655.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1117044         124             61              25790           9008.00         9818.00         8224.00        
  pcre             395948          21              0               85554           18854.00        0.00            18854.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86696           10              1               20564           8669.00         7792.00         8767.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          94536           14              14              9348            6752.00         6752.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          129842          17              15              25000           7637.00         7840.00         6114.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6434            1               0               6434            6434.00         0.00            6434.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          73324           12              12              7456            6110.00         6110.00         0.00           


unified2.alert.1568631459 - (243060 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
4]x†Q³É|À¨z3†”—©†
f]x†Q]x†Q³ÉJžl€5Ð"3E<ðR@@ñOÀ¨z3†”—©†
e¢ r·É´
®#ÙL4]x†Qâǐ|À¨z3Ÿ´Sò¯Pf]x†Q]x†QâÇJžl€5Ð"3E<æo@@%ÊÀ¨z3Ÿ´Sò¯P<T´ rÅj´
ïS!4]x†Q	¢÷|À¨z3¹ä¡6f]x†Q]x†Q	¢÷Jžl€5Ð"3E<³;@@SØÀ¨z3¹ä¡6®%á¾ rež´
L¿a4]x†Q
&«|À¨z3}mܨ&f]x†Q]x†Q
&«Jžl€5Ð"3E<ߙ@@ÆÇÀ¨z3}mܨ&  r.D´
òÉғ4]x†Q
¢ê|À¨z3œ×Þïˆxf]x†Q]x†Q
¢êJžl€5Ð"3E<u6@@ãÀ¨z3œ×Þïˆx;Ù'  r‘Ö´
᧿Ç4]x†Q-|À¨z3†-j؅Èf]x†Q]x†Q-Jžl€5Ð"3E<I@@ò‘À¨z3†-j؅ÈŸuNÔ r“Š´
áÉÀ’4]x†Qo¥|À¨z3ˆ‘¯ôf]x†Q]x†Qo¥Jžl€5Ð"3E<Ã@@ÒeÀ¨z3ˆ‘¯ô™“A` rŒ:´
[~-¦4]x†QÔI|À¨z3_¥à9ãf]x†Q]x†QÔIJžl€5Ð"3E<ž\@@!¥À¨z3_¥à9ã‰áÌõ rؗ´
¥¤¢í4	]x†QoY|À¨z3hDJqˆ¨f	]x†Q]x†QoYJžl€5Ð"3E<—S@@µ×À¨z3hDJqˆ¨ÃÅà r_Ž´
¥pxþ4
]x†Q
5|À¨z3¶ÐǹÎf
]x†Q]x†Q
5Jžl€5Ð"3E<-·@@’À¨z3¶ÐǹÎŽ³w rL»´
ÞÇàê4]x†Q
¡ï|À¨z3l‘Ï@¤ff]x†Q]x†Q
¡ïJžl€5Ð"3E<ïT@@Ô¹À¨z3l‘Ï@¤fžÂ½“ r/´
ßÎkr4]x†Q µ|À¨z3¯!að"f]x†Q]x†Q µJžl€5Ð"3E<$µ@@ÊÀ¨z3¯!að"ׇvz r÷0´
\‘X4
]x†QÂ1|À¨z3”¸›¼Èf
]x†Q]x†QÂ1Jžl€5Ð"3E<Q?@@íqÀ¨z3”¸›¼È3æ r"´
kŠ‹A4]x†RÁ|À¨z3aÊÍã–f]x†R]x†RÁJžl€5Ð"3E<Èï@@QÂÀ¨z3aÊÍã–[ºš rÊÙ´
 ]q;4]x†RrG|À¨z3‰ž<f]x†R]x†RrGJžl€5Ð"3E<!Ó@@ÀæÀ¨z3‰ž<äos: rk´
>I<=4]x†R-ː|À¨z3qŋ†ÝÔf]x†R]x†R-ËJžl€5Ð"3E<<C@@ÆQÀ¨z3qŋ†ÝÔÄôn¶ rrà´
+©í©4]x†R«Ã|À¨z3ºhänÂÆf]x†R]x†R«ÃJžl€5Ð"3E<æ¸@@zPÀ¨z3ºhänÂÆ´E rž´
u"üL4]x†Rÿ|À¨z3˜£¿0f]x†R]x†RÿJžl€5Ð"3E<(÷@@;À¨z3˜£¿0ó§{ô rÌ9´
߈Á4]x†R†R|À¨z3DM˜Zf]x†R]x†R†RJžl€5Ð"3E<¦@@È8À¨z3DM˜Z[Nõ r¦§´
 Ôø4]x†RÕ´|À¨z3×Íq›–>f]x†R]x†RÕ´Jžl€5Ð"3E<@@ª_À¨z3×Íq›–>Ž_ rkÚ´
zWâ4]x†RPӐ|À¨z3iju˜f]x†R]x†RPÓJžl€5Ð"3E<?;@@†åÀ¨z3iju˜¨|l# r\+´
3L:4]x†Rí­|À¨z3ÀAZ벖f]x†R]x†Rí­Jžl€5Ð"3E<Ch@@¡KÀ¨z3ÀAZ벖½J rٓ´
6&ð*4]x†R6|À¨z3´5ܱ–f]x†R]x†R6Jžl€5Ð"3E<ö&@@xÒÀ¨z3´5ܱ–ºÏ¥ r÷å´
µÐeÿ4]x†R–®|À¨z3ÕB؋Úf]x†R]x†R–®Jžl€5Ð"3E<ó¬@@¬†À¨z3ÕB؋Ú·  rÁ&´
‹J4]x†R"|À¨z3ˆ2¦€Ë@f]x†R]x†R"Jžl€5Ð"3E<`æ@@pGÀ¨z3ˆ2¦€Ë@¥K3Ó r°H´
Í`JC4]x†Rs„|À¨z3¿…r¥ßŽf]x†R]x†Rs„Jžl€5Ð"3E<†Ÿ@@GÀ¨z3¿…r¥ßŽSÕ¤ rÎò´
C?ƒ4]x†Rèc|À¨z3k*Ü:f]x†R]x†RècJžl€5Ð"3E<=®@@´À¨z3k*Ü:†¹nì r&}´
-Ôg84]x†R
Ã$Ÿ
\ |ÁÔÀ¨z3µ–R]x†R]x†R
Ã6"3žl€5ÐE(8º@.vé |ÁÔÀ¨z3µ–oJ¼P£#4]x†RNr|À¨z3Ù„ „ff]x†R]x†RNrJžl€5Ð"3E<±¿@@ðøÀ¨z3Ù„ „fìœâö r±Á´
–áW4]x†R „|À¨z3
³'ÒÀâf]x†R]x†R „Jžl€5Ð"3E<ÚÌ@@ïŽÀ¨z3
³'ÒÀâÎ}‰‚ r÷M´
…ÄÃ4]x†Rû|À¨z3-iosŒ>f]x†R]x†RûJžl€5Ð"3E<g@@\À¨z3-iosŒ>ºU3 r€2´
Rf4 ]x†RpJ|À¨z3–‘èFì¤f ]x†R]x†RpJJžl€5Ð"3E<9ô@@GÀ¨z3–‘èFì¤Ùj¯ ríÿ´
Ø
ëî4!]x†RÊã|À¨z3QQæÕnf!]x†R]x†RÊãJžl€5Ð"3E<Ò@@G‹À¨z3QQæÕnîNG³ rbË´
}sÂ4"]x†RÓ|À¨z3-MÒØJf"]x†R]x†RÓJžl€5Ð"3E<†o@@?RÀ¨z3-MÒØJTØÕ r,h´
ˆ¸©š4#]x†R	!C|À¨z3)‹£Å‚‚f#]x†R]x†R	!CJžl€5Ð"3E<G@@ëuÀ¨z3)‹£Å‚‚ð`m r3i´
²Ä`04$]x†R	'ó|À¨z3ÌEþf$]x†R]x†R	'óJžl€5Ð"3E<h?@@ÃPÀ¨z3ÌEþA=:I rÓÈ´
³”AÌ4%]x†R	€¤|À¨z3ÞxëÄ£žf%]x†R]x†R	€¤Jžl€5Ð"3E<åã@@O¿À¨z3ÞxëÄ£ž'¶ž rº´
ORýs4&]x†R	«%|À¨z3m.	ËÀüf&]x†R]x†R	«%Jžl€5Ð"3E<]A@@+¦À¨z3m.	ËÀü\êÁ rß´
ú^î4']x†R	ëè|À¨z3‚îΓ¾f']x†R]x†R	ëèJžl€5Ð"3E<éi@@¥ˆÀ¨z3‚îΓ¾?ºí r`‚´
•™¦.4(]x†R
!A|À¨z3Әž†0f(]x†R]x†R
!AJžl€5Ð"3E<÷ü@@–0À¨z3Әž†0“þ¥v r™´
øË×½4)]x†R
Ga|À¨z3D+`Òèf)]x†R]x†R
GaJžl€5Ð"3E<ò@@O½À¨z3D+`Ò萚Xx rõ/´
}ZÈG4*]x†R
 ?|À¨z3+Å{ߏf*]x†R]x†R
 ?Jžl€5Ð"3E<î(@@jÀ¨z3+Å{ߏő¼· r8Ê´
û1®4+]x†R	†|À¨z3Žµƒ[äf+]x†R]x†R	†Jžl€5Ð"3E<Ã@@ÔÀ¨z3Žµƒ[ä1cJU r'{´
n3“p4,]x†Rڐ|À¨z3݈w@¨˜f,]x†R]x†RÚJžl€5Ð"3E<^º@@L]À¨z3݈w@¨˜”z# rJ´
ò¸ðü4-]x†R8ÿ|À¨z3½%Ìtf-]x†R]x†R8ÿJžl€5Ð"3E<B›@@õ	À¨z3½%ÌtÐ, rñe´
2Eu4.]x†RŽ#|À¨z30² 	Š„f.]x†R]x†RŽ#Jžl€5Ð"3E<°–@@~ŽÀ¨z30² 	Š„xŠã	 rÌ´
5§âp4/]x†R˜®|À¨z3O‘ÂÛíæf/]x†R]x†R˜®Jžl€5Ð"3E<q@@ìÀ¨z3O‘ÂÛíæ-\SÑ rU8´
,!˜$40]x†R¼Ë|À¨z3r5²­¼Âf0]x†R]x†R¼ËJžl€5Ð"3E<9X@@¡¥À¨z3r5²­¼ÂÀ£jú rˆÓ´
Ñ3Ê41]x†R’|À¨z3ÐpGÜ°f1]x†R]x†R’Jžl€5Ð"3E<@@ù‹À¨z3ÐpGÜ°ú£D0 r¸´
(~¯B42]x†RdĐ|À¨z3Lʪ÷ØÞf2]x†R]x†RdÄJžl€5Ð"3E<åP@@"ÎÀ¨z3Lʪ÷ØÞ¯¶ý r+´
P7Õu43]x†R’Đ|À¨z3Ð`ꡘf3]x†R]x†R’ÄJžl€5Ð"3E<p@@ÔÉÀ¨z3Ð`ꡘÜæ"½ rp§´
ëêë©44]x†RÓO|À¨z3ÏĮͦf4]x†R]x†RÓOJžl€5Ð"3E<ñ²@@1°À¨z3ÏĮͦ=a¢ rV`´
2LjK45]x†R
N|À¨z3's2¹ÄRf5]x†R]x†R
NJžl€5Ð"3E<|<@@)xÀ¨z3's2¹ÄR¯ö. rI)´
3'!¸46]x†R
R>|À¨z3]=¨.é´f6]x†R]x†R
R>Jžl€5Ð"3E<wv@@‚þÀ¨z3]=¨.é´û$Ê rÓß´
÷|§¼47]x†R
ŒŸ|À¨z3+…¶ªÈjf7]x†R]x†R
ŒŸJžl€5Ð"3E<â=@@;sÀ¨z3+…¶ªÈj<U°ÿ r!´
½U$©48]x†Rϐ|À¨z3oX»\f8]x†R]x†RÏJžl€5Ð"3E<Àn@@¹
À¨z3oX»\r—“© r„î´
ñRÜ»49]x†Rk|À¨z3*-…­½@f9]x†R]x†RkJžl€5Ð"3E<£Ý@@¬(À¨z3*-…­½@!ûð r‘°´
{ÊX4:]x†Rqݐ|À¨z3—U9Šµüf:]x†R]x†RqÝJžl€5Ð"3E<c°@@ËPÀ¨z3—U9Šµü}ü0~ ro´
\yš4;]x†R‡,|À¨z3¯!að"f;]x†R]x†R‡,Jžl€5Ð"3E<$¶@@ÊÀ¨z3¯!að"ׇvz ró.´
\‘\4<]x†R˄|À¨z3’Áe*àîf<]x†R]x†R˄Jžl€5Ð"3E<3O@@Ô¥À¨z3’Áe*àîyZ`› rºn´
:)ó–4=]x†Ra|À¨z3͘Í0f=]x†R]x†RaJžl€5Ð"3E<RÐ@@ü*À¨z3͘Í0]Y r	y´
ß»ÖG4>]x†S-|À¨z3h<D2àìf>]x†S]x†S-Jžl€5Ð"3E<æN@@m#À¨z3h<D2àì<¦µ“ r€²´
Àښ4?]x†S?`|À¨z3\Ä/‹~f?]x†S]x†S?`Jžl€5Ð"3E<§ô@@„`À¨z3\Ä/‹~ý7õ rê´
‰­Õ|4@]x†S»Ä|À¨z3"ÜØ¿ènf@]x†S]x†S»ÄJžl€5Ð"3E<C
@@Á7À¨z3"ÜØ¿ènÌ`ê rg´
Ü÷éJ4A]x†S]|À¨z3ÃEÞTÔ$fA]x†S]x†S]Jžl€5Ð"3E<Å<@@™	À¨z3ÃEÞTÔ$À¤–Ñ r¾r´
Æ‘4B]x†S9|À¨z3–Mó·PfB]x†S]x†S9Jžl€5Ð"3E<ë^@@0À¨z3–Mó·Pw¹² rÚw´
ĒŠw4C]x†SŽ|À¨z3?²Ÿ^ºèfC]x†S]x†SŽJžl€5Ð"3E<Eþ@@ÚÑÀ¨z3?²Ÿ^ºè7/ rñ•´
ª&4D]x†S¶|À¨z3½|^‰äfD]x†S]x†S¶Jžl€5Ð"3E<
@@b»À¨z3½|^‰äP2Yþ r>]´
ßI·'4E]x†S2÷|À¨z3ъ-xÓ8fE]x†S]x†S2÷Jžl€5Ð"3E<å,@@±À¨z3ъ-xÓ8f*¶/ r’<´
Â`WÌ4F]x†S3E|À¨z3|QDB®œfF]x†S]x†S3EJžl€5Ð"3E<Nó@@ðYÀ¨z3|QDB®œBã rîÁ´
5»¨b4G]x†S,3|À¨z3°£J³ãfG]x†S]x†S,3Jžl€5Ð"3E<»z@@IÀ¨z3°£J³ãÖáèj rµ´
VŸ†î4H]x†S,ϐ|À¨z3•^ÈàFfH]x†S]x†S,ÏJžl€5Ð"3E<’>@@¿{À¨z3•^ÈàFjSÁ3 rd¿´
YË"€4I]x†S%ö|À¨z3Ä®+]ÉâfI]x†S]x†S%öJžl€5Ð"3E<ØT@@7€À¨z3Ä®+]Éâô•‹p r‹Ó´
`t©4J]x†S˜˜|À¨z3d3`ïªöfJ]x†S]x†S˜˜Jžl€5Ð"3E<G«@@óÀ¨z3d3`ïªöºèŒ rz-´
"|¿Ç4K]x†S£D|À¨z3	—ã!‚æfK]x†S]x†S£DJžl€5Ð"3E<6{@@ܬÀ¨z3	—ã!‚æg«eS rõ´
ÀV 4L]x†S b|À¨z3ˆ2¦€Ë@fL]x†S]x†S bJžl€5Ð"3E<`ç@@pFÀ¨z3ˆ2¦€Ë@¥K3Ó r¬]´
Í`N.4M]x†S7|À¨z3wV—ÓfM]x†S]x†S7Jžl€5Ð"3E<a±@@)!À¨z3wV—ÓN¦2Œ rhB´
¯ô¹t4N]x†Sí|À¨z3Ò׌´ ôfN]x†S]x†SíJžl€5Ð"3E<«†@@ôÍÀ¨z3Ò׌´ ôaËø² ríh´
æ%lq4O]x†S°|À¨z3™¯„ˆŽfO]x†S]x†S°Jžl€5Ð"3E<†ð@@¬ÒÀ¨z3™¯„ˆŽê”Õ­ r‡[´
û:ù4P]x†S |À¨z3ÞNô.À¦fP]x†S]x†S Jžl€5Ð"3E<ŸÀ@@¢À¨z3ÞNô.À¦ðRÌê rÞ4´
[È 4Q]x†S¢|À¨z3]Iè’fQ]x†S]x†S¢Jžl€5Ð"3E<ù"@@×À¨z3]Iè’꼪q rC´
v+^)4R]x†S’¸|À¨z3%2aÒ«ŒfR]x†S]x†S’¸Jžl€5Ð"3E<rÅ@@À¨z3%2aÒ«ŒíÇ!Ÿ r.d´
fåý4S]x†S¿|À¨z3%
·² ^fS]x†S]x†S¿Jžl€5Ð"3E<¥l@@}·À¨z3%
·² ^¦>ö
 rƒq´
¸¨E€4T]x†S‹ð|À¨z3EÈ´bàÄfT]x†S]x†S‹ðJžl€5Ð"3E<!@@h”À¨z3EÈ´bàÄ’sÎM rhê´
_z–é4U]x†S	=À|À¨z3-MÒÙ(fU]x†S]x†S	=ÀJžl€5Ð"3E<Ž@@7¤À¨z3-MÒÙ(,dÚn rJ}´
ˆ¸­®4V]x†S	…p|À¨z3)‹£Å‚‚fV]x†S]x†S	…pJžl€5Ð"3E<G@@ëtÀ¨z3)‹£Å‚‚ð`m r/g´
²Äd24W]x†S	÷
|À¨z3w€¯vfW]x†S]x†S	÷
Jžl€5Ð"3E<”û@@s1À¨z3w€¯veÉÀ„ rûÄ´
Y#—ž4X]x†S
Ÿ|À¨z3€¶¼ÃfX]x†S]x†S
ŸJžl€5Ð"3E<T@@Ø À¨z3€¶¼Ãã"‚ r@è´
ÕºW4Y]x†S
|À¨z3.0ÎØfY]x†S]x†S
Jžl€5Ð"3E< ’@@(À¨z3.0ÎØÔ(ó r´v´
aÖ·`4Z]x†S
V|À¨z37Þè“ÇÔfZ]x†S]x†S
VJžl€5Ð"3E<j°@@t¾À¨z37Þè“ÇÔÁ°9) rP´
&4[]x†S1|À¨z3A33¡®>f[]x†S]x†S1Jžl€5Ð"3E<eä@@%(À¨z3A33¡®>˜}1w rÈ)´
¯6¯4\]x†SyX|À¨z3ܪÁd—4f\]x†S]x†SyXJžl€5Ð"3E<›n@@ÆbÀ¨z3ܪÁd—4îÈô rÖ×´
ÕÐ4]]x†SyŸ|À¨z3™WŠ‘ª&f]]x†S]x†SyŸJžl€5Ð"3E<^‰@@}nÀ¨z3™WŠ‘ª&¾
 r‘ü´
¸z^œ4^]x†SöӐ|À¨z3r5²­¼Âf^]x†S]x†SöÓJžl€5Ð"3E<9Y@@¡¤À¨z3r5²­¼ÂÀ£jú r„Ü´
Ñ7Á4_]x†Sﰐ|À¨z3ÏĮͦf_]x†S]x†Sï°Jžl€5Ð"3E<ñ³@@1¯À¨z3ÏĮͦ=a¢ rRp´
2nj;4`]x†S
lƐ|À¨z3|ÌP‚Hf`]x†S]x†S
lÆJžl€5Ð"3E<GÒ@@ë0À¨z3|ÌP‚HÂm r©‹´
%¦¿4a]x†S
m`|À¨z3)Î׿ ¨fa]x†S]x†S

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-09-16 10:57:15,943 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-16 10:57:16,700 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-16 10:57:16,700 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-16 10:57:16,701 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-16 10:57:16,701 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-16 10:57:16,701 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/85c48cd536858e4629b13d2a603681f156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.1057-pcap_6.pcap -vvv -k none
2019-09-16 10:57:43,192 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-16 10:57:43,193 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.2583150864