Filename: pcap (5).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.7838380337 seconds
Hash: 8a311a1eb31a0154eade8cb07b52748f
Uploaded: 1545663656

Logfiles


packet_stats.log - (13469 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            14          6453362       70901911      25963426        363.5m    4.66
 IPv4       6            30          3557318       56842571      39486655          1.2b   15.20
 IPv4      17           150          6016903       74697740      41650692          6.2b   80.14
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            14            89184         111444         93817          1.3m    1.81
TMM_FLOWWORKER              IPv4       6            30            68427        2344671        326978          9.8m   13.55
TMM_FLOWWORKER              IPv4      17           150           118761       18175750        400956         60.1m   83.07
TMM_RECEIVEPCAPFILE         IPv4       2            14             2555           2925          2715         38.0k    0.05
TMM_RECEIVEPCAPFILE         IPv4       6            27             2539           3023          2755         74.4k    0.10
TMM_RECEIVEPCAPFILE         IPv4      17           150             2553           8788          2875        431.4k    0.60
TMM_DECODEPCAPFILE          IPv4       2            14             2659           3357          2822         39.5k    0.05
TMM_DECODEPCAPFILE          IPv4       6            27             2656           8591          3088         83.4k    0.12
TMM_DECODEPCAPFILE          IPv4      17           150             2659          26851          3141        471.2k    0.65

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            27             2846          15396          3723        100.5k  0.21  
flow                    IPv4      17           150             2667          39551          4249        637.4k  1.32  
stream                  IPv4       6            30             3065         369050         29996        899.9k  1.86  
app-layer               IPv4      17           150             2525          89426          8730          1.3m  2.71  
detect                  IPv4       2            14            83589         105891         88240          1.2m  2.56  
detect                  IPv4       6            30            45492        2164357        261076          7.8m  16.20 
detect                  IPv4      17           150           102280         574441        241369         36.2m  74.89 
tcp-prune               IPv4       6            30             2544          19002          4174        125.2k  0.26  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             2943          39289         18425         55.3k  15.09 
dns                     IPv4      17            60             3367          23108          5185        311.1k  84.91 
Proto detect            IPv4       6             1             4960           4960          4960          5.0k
Proto detect            IPv4      17            66             2990          22933          5046        333.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            58            27105       17516121        342785         19.9m  98.04 
LOGGER_JSON_HTTP            IPv4       6             2            68556          89681         79118        158.2k  0.78  
LOGGER_JSON_FILE            IPv4       6             2           112329         126143        119236        238.5k  1.18  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            10             2612          75123         23559       235.6k  8.85  
payload                           IPv4      17           150             3310          40411          9201         1.4m  51.84 
stream                            IPv4       6            10             2543         101665         36003       360.0k  13.52 
http_uri                          IPv4       6             2            13676          22672         18174        36.3k  1.37  
http_request_line                 IPv4       6             2             5395           7907          6651        13.3k  0.50  
http_client_body                  IPv4       6             2             3661          18211         10936        21.9k  0.82  
http_header (request)             IPv4       6             2            41723          47027         44375        88.8k  3.33  
http_header (request trailer)     IPv4       6             2             2628           2632          2630         5.3k  0.20  
http_header_names (request)       IPv4       6             2            10213          13836         12024        24.0k  0.90  
http_accept (request)             IPv4       6             2             3478           4358          3918         7.8k  0.29  
http_referer (request)            IPv4       6             2             3049           3139          3094         6.2k  0.23  
http_content_len (request)        IPv4       6             2             3063           3183          3123         6.2k  0.23  
http_content_type (request)       IPv4       6             2             3017           3388          3202         6.4k  0.24  
http_protocol (request)           IPv4       6             2             4892           7265          6078        12.2k  0.46  
http_start (request)              IPv4       6             2             9700          26414         18057        36.1k  1.36  
http_raw_header (request)         IPv4       6             2            12324          13318         12821        25.6k  0.96  
http_method                       IPv4       6             2             5231           7861          6546        13.1k  0.49  
http_cookie (request)             IPv4       6             2             3031           3052          3041         6.1k  0.23  
http_raw_uri                      IPv4       6             2             5293           5878          5585        11.2k  0.42  
http_user_agent                   IPv4       6             2            18399          21393         19896        39.8k  1.49  
http_host                         IPv4       6             2             6115           9436          7775        15.6k  0.58  
dns_query                         IPv4      17            29             3054          10701          5065       146.9k  5.52  
http_response_line                IPv4       6             2             7347           7402          7374        14.7k  0.55  
http_header (response)            IPv4       6             2            42074          43420         42747        85.5k  3.21  
http_header (response trailer)    IPv4       6             2             2809           2860          2834         5.7k  0.21  
http_content_type (response)      IPv4       6             2             8399           8440          8419        16.8k  0.63  
http_raw_header (response)        IPv4       6             2             9724          10304         10014        20.0k  0.75  
http_cookie (response)            IPv4       6             2             3255           3606          3430         6.9k  0.26  
http_stat_code                    IPv4       6             2             7066           7161          7113        14.2k  0.53  
Total                             IPv4                   249                                         10692         2.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            14            36582          47403         38587        540.2k  1.14  
PROF_DETECT_IPONLY          IPv4       6             6             8114          70051         35635        213.8k  0.45  
PROF_DETECT_IPONLY          IPv4      17            64            36930          98125         46375          3.0m  6.26  
PROF_DETECT_RULES           IPv4       2            14             2531           2742          2560         35.9k  0.08  
PROF_DETECT_RULES           IPv4       6            30             2619        1796825        147978          4.4m  9.36  
PROF_DETECT_RULES           IPv4      17           150            44001         444264        129411         19.4m  40.91 
PROF_DETECT_STATEFUL_START    IPv4       6             8             5185         937197        238910          1.9m  4.03  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2518           2794          2623         36.7k  0.08  
PROF_DETECT_STATEFUL_CONT    IPv4       6            30             2516          10460          4812        144.4k  0.30  
PROF_DETECT_STATEFUL_CONT    IPv4      17           150             2509          43813          4435        665.2k  1.40  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            16             2555           3293          2711         43.4k  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            58             2584          29325          3484        202.1k  0.43  
PROF_DETECT_PREFILTER       IPv4       2            14             7745          18204          9071        127.0k  0.27  
PROF_DETECT_PREFILTER       IPv4       6            30             7752         371645         61254          1.8m  3.87  
PROF_DETECT_PREFILTER       IPv4      17           150            24221         449344         41698          6.3m  13.18 
PROF_DETECT_PF_PAYLOAD      IPv4       6            10            14794         112901         68402        684.0k  1.44  
PROF_DETECT_PF_PAYLOAD      IPv4      17           150             8405          57530         15215          2.3m  4.81  
PROF_DETECT_PF_TX           IPv4       6            16             2730         250587         46872        750.0k  1.58  
PROF_DETECT_PF_TX           IPv4      17            29             8272          34079         11324        328.4k  0.69  
PROF_DETECT_PF_SORT1        IPv4       6            10             2595           7533          3921         39.2k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17           150             2588         383548          6170        925.5k  1.95  
PROF_DETECT_PF_SORT2        IPv4       2            14             2509           2779          2578         36.1k  0.08  
PROF_DETECT_PF_SORT2        IPv4       6            30             2520           4501          2999         90.0k  0.19  
PROF_DETECT_PF_SORT2        IPv4      17           150             2544          16284          2940        441.1k  0.93  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2530           2809          2698         37.8k  0.08  
PROF_DETECT_NONMPMLIST      IPv4       6            30             2599          17584          3422        102.7k  0.22  
PROF_DETECT_NONMPMLIST      IPv4      17           150             2524         391814          5707        856.1k  1.80  
PROF_DETECT_ALERT           IPv4       2            14             2525          16116          3520         49.3k  0.10  
PROF_DETECT_ALERT           IPv4       6            30             2518           3925          2745         82.4k  0.17  
PROF_DETECT_ALERT           IPv4      17           150             2525          15579          2752        412.9k  0.87  
PROF_DETECT_CLEANUP         IPv4       2            14             2511           2798          2553         35.7k  0.08  
PROF_DETECT_CLEANUP         IPv4       6            30             2577          16332          3588        107.6k  0.23  
PROF_DETECT_CLEANUP         IPv4      17           150             2519          41676          3261        489.2k  1.03  
PROF_DETECT_GETSGH          IPv4       2            14             2572           3525          2768         38.8k  0.08  
PROF_DETECT_GETSGH          IPv4       6            30             2546          20850          3882        116.5k  0.25  
PROF_DETECT_GETSGH          IPv4      17           150             2515          38720          4717        707.6k  1.49  


suricata-4.0.0-etpro-all-perf.txt-2018-12-24-T-15-01-19-12242018.1500-pcap_5.pcap.txt - (17367 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/24/2018 -- 15:01:19. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2013739      1        15       593993       3.89   80       0        387001      7424.91     0.00        7424.91    
  2        2023620      1        3        382469       2.51   98       0        118632      3902.74     0.00        3902.74    
  3        2018358      1        7        170154       1.12   2        0        101734      85077.00    0.00        85077.00   
  4        2828986      1        2        121640       0.80   2        0        80094       60820.00    0.00        60820.00   
  5        2023459      1        2        104146       0.68   2        2        70101       52073.00    52073.00    0.00       
  6        2019344      1        5        128763       0.84   2        1        68819       64381.50    68819.00    59944.00   
  7        2009702      1        5        758740       4.97   58       0        68188       13081.72    0.00        13081.72   
  8        2805348      1        4        676953       4.44   14       0        67119       48353.79    0.00        48353.79   
  9        2019881      1        3        96893        0.64   2        0        66846       48446.50    0.00        48446.50   
  10       2827279      1        5        86821        0.57   2        0        65203       43410.50    0.00        43410.50   
  11       2018958      1        18       116397       0.76   2        0        58908       58198.50    0.00        58198.50   
  12       2807859      1        2        53037        0.35   1        0        53037       53037.00    0.00        53037.00   
  13       2828008      1        2        73653        0.48   2        0        51950       36826.50    0.00        36826.50   
  14       2816895      1        2        85519        0.56   2        0        51908       42759.50    0.00        42759.50   
  15       2828122      1        2        84914        0.56   2        0        49256       42457.00    0.00        42457.00   
  16       2821561      1        2        46461        0.30   1        0        46461       46461.00    0.00        46461.00   
  17       2828060      1        4        85006        0.56   2        0        45878       42503.00    0.00        42503.00   
  18       2807877      1        2        47120        0.31   2        0        43853       23560.00    0.00        23560.00   
  19       2830613      1        2        43546        0.29   1        0        43546       43546.00    0.00        43546.00   
  20       2820952      1        2        43415        0.28   1        0        43415       43415.00    0.00        43415.00   
  21       2011894      1        19       74940        0.49   2        0        41769       37470.00    0.00        37470.00   
  22       2826281      1        2        441287       2.89   29       0        41527       15216.79    0.00        15216.79   
  23       2014121      1        2        41080        0.27   1        0        41080       41080.00    0.00        41080.00   
  24       2816165      1        5        72897        0.48   2        0        40885       36448.50    0.00        36448.50   
  25       2020898      1        4        39790        0.26   1        0        39790       39790.00    0.00        39790.00   
  26       2010140      1        7        628901       4.12   138      0        39779       4557.25     0.00        4557.25    
  27       2018452      1        15       68933        0.45   2        0        35764       34466.50    0.00        34466.50   
  28       2812399      1        2        35604        0.23   1        0        35604       35604.00    0.00        35604.00   
  29       2829848      1        2        70467        0.46   2        0        35447       35233.50    0.00        35233.50   
  30       2823166      1        3        35395        0.23   1        0        35395       35395.00    0.00        35395.00   
  31       2018010      1        5        55710        0.37   2        0        35309       27855.00    0.00        27855.00   
  32       2809850      1        2        241769       1.58   15       0        35169       16117.93    0.00        16117.93   
  33       2024771      1        1        67568        0.44   2        0        34825       33784.00    0.00        33784.00   
  34       2017613      1        9        63805        0.42   2        0        34535       31902.50    0.00        31902.50   
  35       2014702      1        9        520485       3.41   58       0        32443       8973.88     0.00        8973.88    
  36       2010142      1        4        392974       2.58   138      0        32318       2847.64     0.00        2847.64    
  37       2017552      1        6        112700       0.74   6        0        31351       18783.33    0.00        18783.33   
  38       2023916      1        2        31196        0.20   1        0        31196       31196.00    0.00        31196.00   
  39       2016858      1        10       58692        0.38   2        0        31053       29346.00    0.00        29346.00   
  40       2018496      1        9        57708        0.38   2        0        31025       28854.00    0.00        28854.00   
  41       2810055      1        2        55357        0.36   4        0        30113       13839.25    0.00        13839.25   
  42       2018981      1        4        58312        0.38   2        0        29875       29156.00    0.00        29156.00   
  43       2808248      1        3        29317        0.19   1        0        29317       29317.00    0.00        29317.00   
  44       2012612      1        16       29216        0.19   1        0        29216       29216.00    0.00        29216.00   
  45       2803760      1        3        441703       2.90   29       0        28743       15231.14    0.00        15231.14   
  46       2018242      1        5        54003        0.35   2        0        28708       27001.50    0.00        27001.50   
  47       2815325      1        3        27987        0.18   1        0        27987       27987.00    0.00        27987.00   
  48       2017263      1        2        54831        0.36   2        0        27864       27415.50    0.00        27415.50   
  49       2018983      1        7        52392        0.34   2        0        26676       26196.00    0.00        26196.00   
  50       2008118      1        3        199659       1.31   65       0        25606       3071.68     0.00        3071.68    
  51       2023621      1        4        161311       1.06   54       0        25170       2987.24     0.00        2987.24    
  52       2022914      1        1        86151        0.56   8        0        23972       10768.88    0.00        10768.88   
  53       2014701      1        12       634077       4.16   58       0        23492       10932.36    0.00        10932.36   
  54       2015808      1        6        23039        0.15   1        0        23039       23039.00    0.00        23039.00   
  55       2024178      1        2        44192        0.29   2        0        22935       22096.00    0.00        22096.00   
  56       2816669      1        4        22915        0.15   1        0        22915       22915.00    0.00        22915.00   
  57       2008120      1        4        401474       2.63   138      0        22767       2909.23     0.00        2909.23    
  58       2012249      1        4        22381        0.15   1        0        22381       22381.00    0.00        22381.00   
  59       2003492      1        30       42747        0.28   2        0        22357       21373.50    0.00        21373.50   
  60       2003657      1        18       42623        0.28   2        0        22266       21311.50    0.00        21311.50   
  61       2016223      1        10       42945        0.28   2        0        22167       21472.50    0.00        21472.50   
  62       2826256      1        2        42285        0.28   2        0        21819       21142.50    0.00        21142.50   
  63       2020705      1        4        41795        0.27   2        0        21329       20897.50    0.00        20897.50   
  64       2809682      1        5        41152        0.27   2        0        21294       20576.00    0.00        20576.00   
  65       2802876      1        3        40122        0.26   2        0        20843       20061.00    0.00        20061.00   
  66       2804626      1        9        40535        0.27   2        0        20768       20267.50    0.00        20267.50   
  67       2805260      1        4        40404        0.26   2        0        20679       20202.00    0.00        20202.00   
  68       2809547      1        5        39461        0.26   2        0        19972       19730.50    0.00        19730.50   
  69       2024513      1        5        35248        0.23   2        0        19025       17624.00    0.00        17624.00   
  70       2823937      1        13       33605        0.22   2        0        18846       16802.50    0.00        16802.50   
  71       2819934      1        2        33638        0.22   2        0        18389       16819.00    0.00        16819.00   
  72       2816932      1        2        32686        0.21   2        0        17769       16343.00    0.00        16343.00   
  73       2815824      1        2        31849        0.21   2        0        17768       15924.50    0.00        15924.50   
  74       2023614      1        3        172437       1.13   60       0        17765       2873.95     0.00        2873.95    
  75       2010143      1        3        561916       3.68   138      0        17706       4071.86     0.00        4071.86    
  76       2023612      1        4        156318       1.02   54       0        17677       2894.78     0.00        2894.78    
  77       2815823      1        2        32354        0.21   2        0        17315       16177.00    0.00        16177.00   
  78       2008116      1        4        52123        0.34   14       0        16817       3723.07     0.00        3723.07    
  79       2816395      1        3        31366        0.21   2        0        16767       15683.00    0.00        15683.00   
  80       2023613      1        3        149998       0.98   52       0        16612       2884.58     0.00        2884.58    
  81       2009243      1        2        194326       1.27   65       0        16367       2989.63     0.00        2989.63    
  82       2016537      1        2        58881        0.39   4        0        16115       14720.25    0.00        14720.25   
  83       2022543      1        1        45807        0.30   3        0        15919       15269.00    0.00        15269.00   
  84       2013382      1        3        15766        0.10   1        0        15766       15766.00    0.00        15766.00   
  85       2014703      1        9        465538       3.05   58       0        15148       8026.52     0.00        8026.52    
  86       2811540      1        1        35349        0.23   4        0        14529       8837.25     0.00        8837.25    
  87       2805211      1        1        68513        0.45   8        0        11025       8564.12     0.00        8564.12    
  88       2023623      1        3        189774       1.24   72       0        7010        2635.75     0.00        2635.75    
  89       2016323      1        1        36607        0.24   12       0        4785        3050.58     0.00        3050.58    
  90       2823571      1        2        8397         0.06   2        0        4667        4198.50     0.00        4198.50    
  91       2016363      1        2        34129        0.22   12       0        4299        2844.08     0.00        2844.08    
  92       2100540      1        12       13796        0.09   4        0        4190        3449.00     0.00        3449.00    
  93       2025200      1        1        159123       1.04   58       0        4148        2743.50     0.00        2743.50    
  94       2828877      1        1        13217        0.09   4        0        4141        3304.25     0.00        3304.25    
  95       2804586      1        2        6928         0.05   2        0        4130        3464.00     0.00        3464.00    
  96       2023627      1        3        238440       1.56   90       0        4109        2649.33     0.00        2649.33    
  97       2810792      1        5        4066         0.03   1        0        4066        4066.00     0.00        4066.00    
  98       2023617      1        3        163310       1.07   62       0        4006        2634.03     0.00        2634.03    
  99       2802822      1        1        117639       0.77   44       0        3919        2673.61     0.00        2673.61    
  100      2100540      1        12       13157        0.09   4        0        3779        3289.25     0.00        3289.25    
  101      2102523      1        8        9784         0.06   3        0        3699        3261.33     0.00        3261.33    
  102      2008117      1        3        123672       0.81   44       0        3693        2810.73     0.00        2810.73    
  103      2023626      1        3        259504       1.70   100      0        3673        2595.04     0.00        2595.04    
  104      2023625      1        3        261517       1.71   100      0        3636        2615.17     0.00        2615.17    
  105      2008420      1        4        13594        0.09   4        0        3625        3398.50     0.00        3398.50    
  106      2019016      1        3        38129        0.25   14       0        3601        2723.50     0.00        2723.50    
  107      2019017      1        3        38524        0.25   14       0        3496        2751.71     0.00        2751.71    
  108      2823788      1        4        81505        0.53   29       0        3433        2810.52     0.00        2810.52    
  109      2020369      1        3        3410         0.02   1        0        3410        3410.00     0.00        3410.00    
  110      2023624      1        3        244417       1.60   94       0        3328        2600.18     0.00        2600.18    
  111      2019011      1        3        38533        0.25   14       0        3324        2752.36     0.00        2752.36    
  112      2008119      1        3        5878         0.04   2        0        3312        2939.00     0.00        2939.00    
  113      2828876      1        1        12427        0.08   4        0        3303        3106.75     0.00        3106.75    
  114      2023622      1        3        385855       2.53   148      0        3252        2607.13     0.00        2607.13    
  115      2802026      1        1        80058        0.52   30       0        3241        2668.60     0.00        2668.60    
  116      2802823      1        1        5825         0.04   2        0        3230        2912.50     0.00        2912.50    
  117      2100566      1        5        32662        0.21   12       0        3194        2721.83     0.00        2721.83    
  118      2013075      1        8        76549        0.50   29       0        3179        2639.62     0.00        2639.62    
  119      2802081      1        1        138322       0.91   52       0        3177        2660.04     0.00        2660.04    
  120      2100518      1        8        37554        0.25   14       0        3095        2682.43     0.00        2682.43    
  121      2019010      1        3        38505        0.25   14       0        3041        2750.36     0.00        2750.36    
  122      2102523      1        8        8600         0.06   3        0        3026        2866.67     0.00        2866.67    
  123      2828748      1        2        10839        0.07   4        0        3017        2709.75     0.00        2709.75    
  124      2802205      1        3        37149        0.24   14       0        3006        2653.50     0.00        2653.50    
  125      2801347      1        5        

This file has been truncated. Go here to download in full.


stats.log - (2837 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 12/24/2018 -- 15:01:19 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 212
decoder.bytes                              | Total                     | 23035
decoder.ipv4                               | Total                     | 191
decoder.ethernet                           | Total                     | 212
decoder.tcp                                | Total                     | 27
decoder.udp                                | Total                     | 150
decoder.avg_pkt_size                       | Total                     | 108
decoder.max_pkt_size                       | Total                     | 590
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 36
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 3
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 2
detect.match_list                          | Total                     | 14
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 28
app_layer.tx.dns_udp                       | Total                     | 29
app_layer.flow.failed_udp                  | Total                     | 8
flow.spare                                 | Total                     | 9993
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (21794 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2018-12-14T14:33:27.249232+0000","flow_id":1967897093590416,"pcap_cnt":71,"event_type":"dns","src_ip":"192.168.56.107","src_port":52032,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13877,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:27.462451+0000","flow_id":1967897093590416,"pcap_cnt":72,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":52032,"proto":"UDP","dns":{"type":"answer","id":13877,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:30.357571+0000","flow_id":878156516586691,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.56.107","src_port":50089,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48259,"rrname":"emdww.mp","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-14T14:33:30.976643+0000","flow_id":878156516586691,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":50089,"proto":"UDP","dns":{"type":"answer","id":48259,"rcode":"NOERROR","rrname":"emdww.mp","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:31.101666+0000","flow_id":1883591180782882,"pcap_cnt":106,"event_type":"dns","src_ip":"192.168.56.107","src_port":50412,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29891,"rrname":"utbidet-ugeas.biz","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-14T14:33:31.526738+0000","flow_id":1883591180782882,"pcap_cnt":109,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":50412,"proto":"UDP","dns":{"type":"answer","id":29891,"rcode":"NOERROR","rrname":"utbidet-ugeas.biz","rrtype":"A","ttl":0,"rdata":"208.100.26.251"}}
{"timestamp":"2018-12-14T14:33:31.880099+0000","flow_id":303051805756742,"pcap_cnt":118,"event_type":"http","src_ip":"192.168.56.107","src_port":49170,"dest_ip":"208.100.26.251","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"utbidet-ugeas.biz","url":"\/d\/N?027A27B6197A27B6194B279A197A2789B122443FD37B2776B1424C80374B09812F4A16984A1F55C070194296491B44DD394B27","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0)"}}
{"timestamp":"2018-12-14T14:33:32.070535+0000","flow_id":1295159186428807,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.56.107","src_port":60023,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41540,"rrname":"utbidet-ugeas.biz","rrtype":"A","tx_id":0}}
{"timestamp":"2018-12-14T14:33:32.333609+0000","flow_id":339189660653353,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.107","src_port":57365,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60126,"rrname":"251.26.100.208.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:32.337434+0000","flow_id":1295159186428807,"pcap_cnt":127,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":60023,"proto":"UDP","dns":{"type":"answer","id":41540,"rcode":"NOERROR","rrname":"utbidet-ugeas.biz","rrtype":"A","ttl":0,"rdata":"208.100.26.251"}}
{"timestamp":"2018-12-14T14:33:32.650825+0000","flow_id":57414036238661,"pcap_cnt":135,"event_type":"http","src_ip":"192.168.56.107","src_port":49172,"dest_ip":"208.100.26.251","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"utbidet-ugeas.biz","url":"\/d\/N?027A27B6197A27B6194B279A197A2789B122443FD37B2776B1424C80374B09812F4A16984A1F55C070194296491B44DD394B27","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Win32)","http_content_type":"text\/html"}}
{"timestamp":"2018-12-14T14:33:32.710102+0000","flow_id":339189660653353,"pcap_cnt":136,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":57365,"proto":"UDP","dns":{"type":"answer","id":60126,"rcode":"NOERROR","rrname":"251.26.100.208.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:33.340977+0000","flow_id":1171257969947633,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.56.107","src_port":50687,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60035,"rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:33.344400+0000","flow_id":928965979881808,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.56.107","src_port":53501,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1265,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:33.558739+0000","flow_id":928965979881808,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":53501,"proto":"UDP","dns":{"type":"answer","id":1265,"rcode":"NOERROR","rrname":"110.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:33.559720+0000","flow_id":1171257969947633,"pcap_cnt":140,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":50687,"proto":"UDP","dns":{"type":"answer","id":60035,"rcode":"NOERROR","rrname":"a.3.a.1.9.5.4.3.0.1.5.b.f.3.1.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:35.948841+0000","flow_id":2184981921102441,"pcap_cnt":145,"event_type":"dns","src_ip":"192.168.56.107","src_port":53126,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6839,"rrname":"105.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:36.161844+0000","flow_id":2184981921102441,"pcap_cnt":146,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":53126,"proto":"UDP","dns":{"type":"answer","id":6839,"rcode":"NOERROR","rrname":"105.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:42.991799+0000","flow_id":1526838312968759,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.107","src_port":56915,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1260,"rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:42.992600+0000","flow_id":1398912712058200,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.56.107","src_port":61737,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39568,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:43.216257+0000","flow_id":1526838312968759,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":56915,"proto":"UDP","dns":{"type":"answer","id":1260,"rcode":"NOERROR","rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:43.216838+0000","flow_id":1398912712058200,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":61737,"proto":"UDP","dns":{"type":"answer","id":39568,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:47.190415+0000","flow_id":1180341826742223,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.56.107","src_port":62989,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61220,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:47.403752+0000","flow_id":1180341826742223,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":62989,"proto":"UDP","dns":{"type":"answer","id":61220,"rcode":"NOERROR","rrname":"102.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:47.650377+0000","flow_id":57414036238661,"pcap_cnt":155,"event_type":"fileinfo","src_ip":"208.100.26.251","src_port":80,"dest_ip":"192.168.56.107","dest_port":49172,"proto":"TCP","http":{"hostname":"utbidet-ugeas.biz","url":"\/d\/N?027A27B6197A27B6194B279A197A2789B122443FD37B2776B1424C80374B09812F4A16984A1F55C070194296491B44DD394B27","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Win32)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":580},"app_proto":"http","fileinfo":{"filename":"\/d\/N","gaps":false,"state":"CLOSED","stored":false,"size":580,"tx_id":0}}
{"timestamp":"2018-12-14T14:33:52.039703+0000","flow_id":1210672886094615,"pcap_cnt":157,"event_type":"dns","src_ip":"192.168.56.107","src_port":49783,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6204,"rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:52.044172+0000","flow_id":2101796995640460,"pcap_cnt":158,"event_type":"dns","src_ip":"192.168.56.107","src_port":64618,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54114,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:52.261982+0000","flow_id":2101796995640460,"pcap_cnt":159,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":64618,"proto":"UDP","dns":{"type":"answer","id":54114,"rcode":"NOERROR","rrname":"112.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:52.271186+0000","flow_id":1210672886094615,"pcap_cnt":160,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":49783,"proto":"UDP","dns":{"type":"answer","id":6204,"rcode":"NOERROR","rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:33:59.039460+0000","flow_id":1901204843502116,"pcap_cnt":165,"event_type":"dns","src_ip":"192.168.56.107","src_port":49893,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62438,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:33:59.250808+0000","flow_id":1901204843502116,"pcap_cnt":166,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":49893,"proto":"UDP","dns":{"type":"answer","id":62438,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:00.038506+0000","flow_id":1832820374279786,"pcap_cnt":167,"event_type":"dns","src_ip":"192.168.56.107","src_port":51777,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21860,"rrname":"1.e.4.1.e.a.b.8.8.d.b.8.a.0.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:00.039966+0000","flow_id":2205670780214302,"pcap_cnt":168,"event_type":"dns","src_ip":"192.168.56.107","src_port":64844,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45640,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:00.264403+0000","flow_id":2205670780214302,"pcap_cnt":169,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":64844,"proto":"UDP","dns":{"type":"answer","id":45640,"rcode":"NOERROR","rrname":"113.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:00.265427+0000","flow_id":1832820374279786,"pcap_cnt":170,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":51777,"proto":"UDP","dns":{"type":"answer","id":21860,"rcode":"NOERROR","rrname":"1.e.4.1.e.a.b.8.8.d.b.8.a.0.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:04.052237+0000","flow_id":1975735411330061,"pcap_cnt":171,"event_type":"dns","src_ip":"192.168.56.107","src_port":61868,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31889,"rrname":"116.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:04.266359+0000","flow_id":1975735411330061,"pcap_cnt":172,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":61868,"proto":"UDP","dns":{"type":"answer","id":31889,"rcode":"NOERROR","rrname":"116.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:10.092122+0000","flow_id":1928946037975002,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.56.107","src_port":56848,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":8776,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:10.094637+0000","flow_id":455583276888493,"pcap_cnt":174,"event_type":"dns","src_ip":"192.168.56.107","src_port":52965,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40622,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:10.309776+0000","flow_id":455583276888493,"pcap_cnt":175,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":52965,"proto":"UDP","dns":{"type":"answer","id":40622,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:10.312599+0000","flow_id":1928946037975002,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":56848,"proto":"UDP","dns":{"type":"answer","id":8776,"rcode":"NOERROR","rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:17.104779+0000","flow_id":917399635859787,"pcap_cnt":177,"event_type":"dns","src_ip":"192.168.56.107","src_port":49962,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53505,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:17.106322+0000","flow_id":984869277114194,"pcap_cnt":178,"event_type":"dns","src_ip":"192.168.56.107","src_port":57175,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43264,"rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:17.317476+0000","flow_id":917399635859787,"pcap_cnt":179,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":49962,"proto":"UDP","dns":{"type":"answer","id":53505,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:17.338746+0000","flow_id":984869277114194,"pcap_cnt":180,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","dest_port":57175,"proto":"UDP","dns":{"type":"answer","id":43264,"rcode":"NOERROR","rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-12-14T14:34:27.117313+0000","flow_id":1928946037975002,"pcap_cnt":181,"event_type":"dns","src_ip":"192.168.56.107","src_port":56848,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30788,"rrname":"c.1.1.9.2.8.1.f.9.6.b.7.f.5.1.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":1}}
{"timestamp":"2018-12-14T14:34:27.117519+0000","flow_id":1165580026759951,"pcap_cnt":182,"event_type":"dns","src_ip":"192.168.56.107","src_port":55708,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1195,"rrname":"109.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-12-14T14:34:27.334322+0000","flow_id":1165580026759951,"pcap_cnt":183,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.107","des

This file has been truncated. Go here to download in full.


keyword_perf.log - (10995 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/24/2018 -- 15:01:19
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             368636          109             109             5008            3381.00         3381.00         0.00           
  content          1690705         503             330             36980           3361.00         3381.00         3322.00        
  pcre             314222          42              3               36363           7481.00         15531.00        6862.00        
  byte_test        821232          265             131             51343           3098.00         3466.00         2740.00        
  byte_jump        40212           14              14              3866            2872.00         2872.00         0.00           
  isdataat         8727            3               0               3258            2909.00         0.00            2909.00        
  flowbits         90781           19              3               17924           4777.00         8680.00         4046.00        
  urilen           66112           21              8               3885            3148.00         3273.00         3071.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             368636          109             109             5008            3381.00         3381.00         0.00           
  flowbits         64740           16              0               17924           4046.00         0.00            4046.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1072711         346             223             16291           3100.00         3036.00         3216.00        
  pcre             110877          20              0               22137           5543.00         0.00            5543.00        
  byte_test        821232          265             131             51343           3098.00         3466.00         2740.00        
  byte_jump        40212           14              14              3866            2872.00         2872.00         0.00           
  isdataat         8727            3               0               3258            2909.00         0.00            2909.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         26041           3               3               17064           8680.00         8680.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          82888           21              9               5568            3947.00         3950.00         3944.00        
  pcre             78440           12              0               18815           6536.00         0.00            6536.00        
  urilen           66112           21              8               3885            3148.00         3273.00         3071.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15511           4               0               4212            3877.00         0.00            3877.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          277673          74              62              5535            3752.00         3733.00         3852.00        
  pcre             124905          10              3               36363           12490.00        15531.00        11187.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3647            1               1               3647            3647.00         3647.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14672           4               4               3846            3668.00         3668.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3444            1               1               3444            3444.00         3444.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16723           5               2               3874            3344.00         3789.00         3048.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          189906          43              24              36980           4416.00         5377.00         3202.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13530           4               4               3617            3382.00         3382.00         0.00           


IDSDeathBlossom.py.log - (1145 bytes) - download
1
2
3
4
5
6
7
8
2018-12-24 15:00:56,694 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-24 15:00:57,520 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-24 15:00:57,520 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-12-24 15:00:57,521 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-24 15:00:57,521 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-24 15:00:57,521 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8a311a1eb31a0154eade8cb07b52748f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12242018.1500-pcap_5.pcap -vvv -k none
2018-12-24 15:01:19,289 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-24 15:01:19,290 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.604172945


suricata-report-2018-12-24-T-15-01-19-12242018.1500-pcap_5.pcap.txt - (17861 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8a311a1eb31a0154eade8cb07b52748f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12242018.1500-pcap_5.pcap -vvv -k none
elapsedtime:21.765523
stderr:
stdout:
24/12/2018 -- 15:00:57 - <Info> - Configuration node 'rule-files' redefined.
24/12/2018 -- 15:00:57 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/12/2018 -- 15:00:57 - <Info> - CPUs/cores online: 1
24/12/2018 -- 15:00:57 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32229 and 'request-body-inspect-window' set to 15757 after randomization.
24/12/2018 -- 15:00:57 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31697 and 'response-body-inspect-window' set to 16761 after randomization.
24/12/2018 -- 15:00:57 - <Config> - DNS request flood protection level: 500
24/12/2018 -- 15:00:57 - <Config> - DNS per flow memcap (state-memcap): 524288
24/12/2018 -- 15:00:57 - <Config> - DNS global memcap: 16777216
24/12/2018 -- 15:00:57 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/12/2018 -- 15:00:57 - <Config> - preallocated 1000 hosts of size 136
24/12/2018 -- 15:00:57 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/12/2018 -- 15:00:57 - <Config> - using magic-file /usr/share/file/magic
24/12/2018 -- 15:00:57 - <Config> - Core dump size is unlimited.
24/12/2018 -- 15:00:57 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/12/2018 -- 15:00:57 - <Config> - preallocated 1000 defrag trackers of size 168
24/12/2018 -- 15:00:57 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/12/2018 -- 15:00:57 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/12/2018 -- 15:00:57 - <Config> - stream "memcap": 33554432
24/12/2018 -- 15:00:57 - <Config> - stream "midstream" session pickups: disabled
24/12/2018 -- 15:00:57 - <Config> - stream "async-oneside": disabled
24/12/2018 -- 15:00:57 - <Config> - stream "checksum-validation": disabled
24/12/2018 -- 15:00:57 - <Config> - stream."inline": disabled
24/12/2018 -- 15:00:57 - <Config> - stream "bypass": disabled
24/12/2018 -- 15:00:57 - <Config> - stream "max-synack-queued": 5
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly "memcap": 134217728
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly "depth": 0
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly "toserver-chunk-size": 2511
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly "toclient-chunk-size": 2634
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly.raw: enabled
24/12/2018 -- 15:00:57 - <Config> - stream.reassembly "segment-prealloc": 2048
24/12/2018 -- 15:00:57 - <Config> - Delayed detect disabled
24/12/2018 -- 15:00:57 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/12/2018 -- 15:00:57 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/12/2018 -- 15:00:57 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/12/2018 -- 15:00:57 - <Config> - prefilter engines: MPM
24/12/2018 -- 15:00:57 - <Config> - IP reputation disabled
24/12/2018 -- 15:00:57 - <Perf> - Registered 148 keyword profiling counters.
24/12/2018 -- 15:00:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
24/12/2018 -- 15:00:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
24/12/2018 -- 15:00:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
24/12/2018 -- 15:01:02 - <Config> - No rules loaded from ET-icmp.rules.
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
24/12/2018 -- 15:01:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
24/12/2018 -- 15:01:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
24/12/2018 -- 15:01:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
24/12/2018 -- 15:01:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
24/12/2018 -- 15:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
24/12/2018 -- 15:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
24/12/2018 -- 15:01:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
24/12/2018 -- 15:01:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
24/12/2018 -- 15:01:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
24/12/2018 -- 15:01:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
24/12/2018 -- 15:01:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
24/12/2018 -- 15:01:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
24/12/2018 -- 15:01:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
24/12/2018 -- 15:01:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
24/12/2018 -- 15:01:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
24/12/2018 -- 15:01:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
24/12/2018 -- 15:01:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
24/12/2018 -- 15:01:10 - <Config> - No rules loaded from local.rules.
24/12/2018 -- 15:01:10 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
24/12/2018 -- 15:01:10 - <Info> - Threshold config parsed: 0 rule(s) found
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tcp-packet
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tcp-stream
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for udp-packet
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for other-ip
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_uri
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_request_line
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_client_body
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_response_line
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_header
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_header
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_header_names
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_header_names
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_accept
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_accept_enc
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_accept_lang
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_referer
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_connection
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_content_len
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_content_len
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_content_type
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_content_type
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_protocol
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_protocol
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_start
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_start
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_raw_header
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_raw_header
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_method
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_cookie
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_cookie
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_raw_uri
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_user_agent
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_host
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_raw_host
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_stat_msg
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_stat_code
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for dns_query
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tls_sni
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for dce_stub_data
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for dce_stub_data
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for ssh_protocol
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for ssh_protocol
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for ssh_software
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for ssh_software
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for file_data
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for file_data
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_request_line
24/12/2018 -- 15:01:10 - <Perf> - using shared mpm ctx' for http_response_line
24/12/2018 -- 15:01:10 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
24/12/2018 -- 15:01:10 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/12/2018 -- 15:01:10 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
24/12/2018 -- 15:01:10 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
24/12/2018 -- 15:01:10 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
24/12/2018 -- 15:01:10 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
24/12/2018 -- 15:01:11 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
24/12/2018 -- 15:01:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/12/2018 -- 15:01:15 - <Perf> - Unique rule groups: 104
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toserver TCP packet": 35
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toclient TCP packet": 17
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toserver TCP stream": 33
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toclient TCP stream": 19
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toserver UDP packet": 27
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "toclient UDP packet": 17
24/12/2018 -- 15:01:15 - <Perf> - Builtin MPM "other IP packet": 3
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_uri": 14
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_header": 10
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_header": 6
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_header_names": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_protocol": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_start": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_method": 5
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver http_host": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver tls_sni": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toserver file_data": 1
24/12/2018 -- 15:01:15 - <Perf> - AppLayer MPM "toclient file_data": 7
24/12/2018 -- 15:01:18 - <Perf> - Registered 39590 rule profiling counters.
24/12/2018 -- 15:01:18 - <Info> - fast output device (regular) initialized: alert
24/12/2018 -- 15:01:18 - <Info> - eve-log output device (regular) initialized: eve.json
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'alert'
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'http'
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'dns'
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'tls'
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'files'
24/12/2018 -- 15:01:18 - <Config> - enabling 'eve-log' module 'ssh'
24/12/2018 -- 15:01:18 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/12/2018 -- 15:01:18 - <Info> - stats output device (regular) initialized: stats.log
24/12/2018 -- 15:01:18 - <Config> - AutoFP mode using "Hash" flow loa

This file has been truncated. Go here to download in full.