1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8b5bc9e40658d463220fe71ff404efa856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1335-f1946aee-ad2f-482a-86fe-52b396951b28.pcap -vvv -k none
elapsedtime:22.176998
stderr:
stdout:
5/7/2019 -- 13:35:06 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 13:35:06 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 13:35:06 - <Info> - CPUs/cores online: 1
5/7/2019 -- 13:35:06 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31730 and 'request-body-inspect-window' set to 16645 after randomization.
5/7/2019 -- 13:35:06 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32870 and 'response-body-inspect-window' set to 16599 after randomization.
5/7/2019 -- 13:35:06 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 13:35:06 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 13:35:06 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 13:35:06 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 13:35:06 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 13:35:06 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 13:35:06 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 13:35:06 - <Config> - Core dump size is unlimited.
5/7/2019 -- 13:35:06 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 13:35:06 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 13:35:06 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 13:35:06 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 13:35:06 - <Config> - stream "memcap": 33554432
5/7/2019 -- 13:35:06 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 13:35:06 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 13:35:06 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 13:35:06 - <Config> - stream."inline": disabled
5/7/2019 -- 13:35:06 - <Config> - stream "bypass": disabled
5/7/2019 -- 13:35:06 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly "toserver-chunk-size": 2521
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly "toclient-chunk-size": 2619
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 13:35:06 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 13:35:06 - <Config> - Delayed detect disabled
5/7/2019 -- 13:35:06 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 13:35:06 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 13:35:06 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 13:35:06 - <Config> - prefilter engines: MPM
5/7/2019 -- 13:35:06 - <Config> - IP reputation disabled
5/7/2019 -- 13:35:06 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 13:35:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 13:35:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 13:35:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 13:35:11 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 13:35:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 13:35:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 13:35:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 13:35:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 13:35:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 13:35:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 13:35:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 13:35:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 13:35:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 13:35:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 13:35:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 13:35:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 13:35:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 13:35:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 13:35:19 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 13:35:19 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 13:35:19 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:35:20 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:35:20 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 13:35:20 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 13:35:20 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 13:35:20 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 13:35:20 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 13:35:20 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 13:35:20 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 13:35:20 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 13:35:25 - <Perf> - Unique rule groups: 104
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 13:35:25 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 13:35:25 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 13:35:27 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 13:35:27 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 13:35:27 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 13:35:27 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 13:35:27 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 13:35:27 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 13:35:27 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 13:35:27 - <Info> - reading pcap file /var/pcap/07052019.1335-f1946aee-ad2f-482a-86fe-52b396951b28.pcap
5/7/2019 -- 13:35:27 - <Config> - using 1 flow manager threads
5/7/2019 -- 13:35:27 - <Config> - using 1 flow recycler threads
5/7/2019 -- 13:35:27 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 6 213 1869169 80860360 55971390 11.9b 85.36
IPv4 17 63 6187106 77737925 31449211 2.0b 14.19
IPv6 17 6 5945059 18316402 10526288 63.2m 0.45
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 6 213 67405 1479622 195374 41.6m 53.07
TMM_FLOWWORKER IPv4 17 63 128989 9913423 543192 34.2m 43.64
TMM_RECEIVEPCAPFILE IPv4 6 205 2545 4043 2970 608.9k 0.78
TMM_RECEIVEPCAPFILE IPv4 17 63 2544 3627 2805 176.8k 0.23
TMM_DECODEPCAPFILE IPv4 6 205 2654 4354 2818 577.8k 0.74
TMM_DECODEPCAPFILE IPv4 17 63 2686 3560 2809 177.0k 0.23
TMM_FLOWWORKER IPv6 17 6 109594 332163 164713 988.3k 1.26
TMM_RECEIVEPCAPFILE IPv6 17 6 2798 3513 2957 17.7k 0.02
TMM_DECODEPCAPFILE IPv6 17 6 2703 20601 5788 34.7k 0.04
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 6 205 2835 17660 3355 687.8k 1.12
flow IPv4 17 63 2833 11057 3589 226.2k 0.37
stream IPv4 6 213 2586 525335 16219 3.5m 5.63
app-layer IPv4 17 63 2523 26788 6675 420.5k 0.69
detect IPv4 6 213 45222 1448054 156028 33.2m 54.15
detect IPv4 17 63 112477 8255059 345722 21.8m 35.49
tcp-prune IPv4 6 213 2553 16628 3056 651.0k 1.06
flow IPv6 17 6 2936 25356 7373 44.2k 0.07
app-layer IPv6 17 6 2623 21269 8400 50.4k 0.08
detect IPv6 17 6 93277 273988 138029 828.2k 1.35
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
tls IPv4 6 10 2676 3470 2896 29.0k 23.66
dns IPv4 17 18 4214 9511 5191 93.5k 76.34
Proto detect IPv4 17 22 2822 8207 4691 103.2k
Proto detect IPv6 17 3 3004 14691 8100 24.3k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 18 33695 367733 67403 1.2m 75.56
LOGGER_JSON_TLS IPv4 6 9 33384 60946 43612 392.5k 24.44
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 80 2619 226559 41695 3.3m 49.64
payload IPv4 17 63 3241 73813 11804 743.7k 11.07
stream IPv4 6 80 2538 264589 29460 2.4m 35.07
dns_query IPv4 17 9 5833 10856 8074 72.7k 1.08
tls_sni IPv4 6 9 4279 8375 5989 53.9k 0.80
tls_cert_issuer IPv4 6 9 3936 6829 4658 41.9k 0.62
tls_cert_subject IPv4 6 9 3536 5284 4045 36.4k 0.54
tls_cert_serial IPv4 6 9 2980 5325 3748 33.7k 0.50
Total IPv4 268 24906 6.7m
payload IPv6 17 6 3293 21467 7572 45.4k 0.68
Total IPv6 6 7572 45.4k
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 18 8404 86889 39710 714.8k 1.22
PROF_DETECT_IPONLY IPv4 17 23 37259 90181 47499 1.1m 1.87
PROF_DETECT_RULES IPv4 6 213 2534 1073815 58029 12.4m 21.13
PROF_DETECT_RULES IPv4 17 63 44811 8192158 240838 15.2m 25.94
PROF_DETECT_STATEFUL_CONT IPv4 6 213 2529 75873 6381 1.4m 2.32
PROF_DETECT_STATEFUL_CONT IPv4 17 63 2511 47595 4457 280.8k 0.48
PROF_DETECT_STATEFUL_UPDATE IPv4 6 177 2544 13995 2712 480.1k 0.82
PROF_DETECT_STATEFUL_UPDATE IPv4 17 18 2604 3339 2776 50.0k 0.09
PROF_DETECT_PREFILTER IPv4 6 213 7829 330407 48920 10.4m 17.81
PROF_DETECT_PREFILTER IPv4 17 63 24484 423258 44448 2.8m 4.79
PROF_DETECT_PF_PAYLOAD IPv4 6 80 18100 280478 80139 6.4m 10.96
PROF_DETECT_PF_PAYLOAD IPv4 17 63 8329 79225 17086 1.1m 1.84
PROF_DETECT_PF_TX IPv4 6 177 2560 28229 4558 806.8k 1.38
PROF_DETECT_PF_TX IPv4 17 9 11497 16681 13759 123.8k 0.21
PROF_DETECT_PF_SORT1 IPv4 6 80 2581 5726 3153 252.3k 0.43
PROF_DETECT_PF_SORT1 IPv4 17 63 2710 4579 3229 203.5k 0.35
PROF_DETECT_PF_SORT2 IPv4 6 213 2519 21727 2832 603.2k 1.03
PROF_DETECT_PF_SORT2 IPv4 17 63 2553 28043 3294 207.6k 0.35
PROF_DETECT_NONMPMLIST IPv4 6 213 2557 17467 2841 605.1k 1.03
PROF_DETECT_NONMPMLIST IPv4 17 63 2521 3662 2869 180.8k 0.31
PROF_DETECT_ALERT IPv4 6 213 2525 37094 2782 592.6k 1.01
PROF_DETECT_ALERT IPv4 17 63 2529 16188 3125 196.9k 0.34
PROF_DETECT_CLEANUP IPv4 6 213 2562 4919 2768 589.7k 1.01
PROF_DETECT_CLEANUP IPv4 17 63 2527 4536 2904 183.0k 0.31
PROF_DETECT_GETSGH IPv4 6 213 2529 26772 3236 689.3k 1.18
PROF_DETECT_GETSGH IPv4 17 63 2592 6894 3973 250.3k 0.43
PROF_DETECT_IPONLY IPv6 17 3 3492 16971 10198 30.6k 0.05
PROF_DETECT_RULES IPv6 17 6 34371 85676 46470 278.8k 0.48
PROF_DETECT_STATEFUL_CONT IPv6 17 6 2766 3180 2864 17.2k 0.03
PROF_DETECT_PREFILTER IPv6 17 6 24552 49024 31372 188.2k 0.32
PROF_DETECT_PF_PAYLOAD IPv6 17 6 8610 27037 12929 77.6k 0.13
PROF_DETECT_PF_SORT1 IPv6 17 6 2677 4093 2998 18.0k 0.03
PROF_DETECT_PF_SORT2 IPv6 17 6 2555 4395 2914 17.5k 0.03
PROF_DETECT_NONMPMLIST IPv6 17 6 2586 4188 2995 18.0k 0.03
PROF_DETECT_ALERT IPv6 17 6 2543 2890 2644 15.9k 0.03
PROF_DETECT_CLEANUP IPv6 17 6 2549 6472 3637 21.8k 0.04
PROF_DETECT_GETSGH IPv6 17 6 2775 76376 18808 112.8k 0.19
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | ------------------------------------------------------------------------------------
Date: 7/5/2019 -- 13:35:28 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 343
decoder.bytes | Total | 148260
decoder.ipv4 | Total | 268
decoder.ipv6 | Total | 6
decoder.ethernet | Total | 343
decoder.tcp | Total | 205
decoder.udp | Total | 69
decoder.avg_pkt_size | Total | 432
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 9
flow.udp | Total | 17
tcp.sessions | Total | 9
tcp.syn | Total | 9
tcp.synack | Total | 9
tcp.rst | Total | 10
detect.mpm_list | Total | 4
detect.nonmpm_list | Total | 2
detect.match_list | Total | 5
app_layer.flow.tls | Total | 9
app_layer.flow.dns_udp | Total | 9
app_layer.tx.dns_udp | Total | 9
app_layer.flow.failed_udp | Total | 8
flow.spare | Total | 9997
flow_mgr.flows_checked | Total | 5
flow_mgr.flows_notimeout | Total | 5
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_empty | Total | 65531
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7075744
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | {"timestamp":"2019-06-05T10:36:18.418707+0000","flow_id":1386705808679827,"pcap_cnt":114,"event_type":"dns","src_ip":"192.168.100.168","src_port":56741,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52365,"rrname":"5thactors.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:18.471133+0000","flow_id":1386705808679827,"pcap_cnt":115,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":56741,"proto":"UDP","dns":{"type":"answer","id":52365,"rcode":"NOERROR","rrname":"5thactors.com","rrtype":"A","ttl":3599,"rdata":"134.0.11.238"}}
{"timestamp":"2019-06-05T10:36:18.524913+0000","flow_id":893278490870545,"pcap_cnt":123,"event_type":"tls","src_ip":"192.168.100.168","src_port":50166,"dest_ip":"134.0.11.238","dest_port":443,"proto":"TCP","tls":{"subject":"CN=134.0.11.238","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:19.264342+0000","flow_id":1362903099967638,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.100.168","src_port":59825,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64055,"rrname":"matthieupetel.fr","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:19.276671+0000","flow_id":1362903099967638,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":59825,"proto":"UDP","dns":{"type":"answer","id":64055,"rcode":"NOERROR","rrname":"matthieupetel.fr","rrtype":"A","ttl":2003,"rdata":"213.186.33.3"}}
{"timestamp":"2019-06-05T10:36:19.281041+0000","flow_id":1227766248979324,"pcap_cnt":161,"event_type":"tls","src_ip":"192.168.100.168","src_port":50175,"dest_ip":"213.186.33.3","dest_port":443,"proto":"TCP","tls":{"subject":"CN=213.186.33.3","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:19.534683+0000","flow_id":1868304786598043,"pcap_cnt":169,"event_type":"dns","src_ip":"192.168.100.168","src_port":57944,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1684,"rrname":"opt4cdi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:19.558840+0000","flow_id":1868304786598043,"pcap_cnt":170,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":57944,"proto":"UDP","dns":{"type":"answer","id":1684,"rcode":"NOERROR","rrname":"opt4cdi.com","rrtype":"A","ttl":599,"rdata":"166.62.107.55"}}
{"timestamp":"2019-06-05T10:36:19.563590+0000","flow_id":921865793276391,"pcap_cnt":178,"event_type":"tls","src_ip":"192.168.100.168","src_port":50179,"dest_ip":"166.62.107.55","dest_port":443,"proto":"TCP","tls":{"subject":"CN=166.62.107.55","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:25.048059+0000","flow_id":511571862862779,"pcap_cnt":198,"event_type":"dns","src_ip":"192.168.100.168","src_port":53827,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39832,"rrname":"catchup-mag.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:25.061118+0000","flow_id":511571862862779,"pcap_cnt":199,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":53827,"proto":"UDP","dns":{"type":"answer","id":39832,"rcode":"NOERROR","rrname":"catchup-mag.com","rrtype":"A","ttl":943,"rdata":"183.181.97.35"}}
{"timestamp":"2019-06-05T10:36:25.069356+0000","flow_id":2010571283755668,"pcap_cnt":207,"event_type":"tls","src_ip":"192.168.100.168","src_port":50263,"dest_ip":"183.181.97.35","dest_port":443,"proto":"TCP","tls":{"subject":"CN=183.181.97.35","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:26.483495+0000","flow_id":1918444235284647,"pcap_cnt":225,"event_type":"dns","src_ip":"192.168.100.168","src_port":63734,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47309,"rrname":"nykfdyrehospital.dk","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:26.524636+0000","flow_id":1918444235284647,"pcap_cnt":226,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":63734,"proto":"UDP","dns":{"type":"answer","id":47309,"rcode":"NOERROR","rrname":"nykfdyrehospital.dk","rrtype":"A","ttl":160,"rdata":"46.30.213.239"}}
{"timestamp":"2019-06-05T10:36:26.529019+0000","flow_id":364525067568125,"pcap_cnt":234,"event_type":"tls","src_ip":"192.168.100.168","src_port":50287,"dest_ip":"46.30.213.239","dest_port":443,"proto":"TCP","tls":{"subject":"CN=46.30.213.239","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:26.867113+0000","flow_id":1975906602728233,"pcap_cnt":251,"event_type":"dns","src_ip":"192.168.100.168","src_port":62463,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38330,"rrname":"luvbec.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:26.891877+0000","flow_id":1975906602728233,"pcap_cnt":252,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":62463,"proto":"UDP","dns":{"type":"answer","id":38330,"rcode":"NOERROR","rrname":"luvbec.com","rrtype":"A","ttl":3599,"rdata":"166.62.108.43"}}
{"timestamp":"2019-06-05T10:36:26.897493+0000","flow_id":2184066487721811,"pcap_cnt":260,"event_type":"tls","src_ip":"192.168.100.168","src_port":50293,"dest_ip":"166.62.108.43","dest_port":443,"proto":"TCP","tls":{"subject":"CN=166.62.108.43","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:28.639707+0000","flow_id":1268392345256667,"pcap_cnt":278,"event_type":"dns","src_ip":"192.168.100.168","src_port":64534,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61058,"rrname":"billscars.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:28.885287+0000","flow_id":1268392345256667,"pcap_cnt":279,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":64534,"proto":"UDP","dns":{"type":"answer","id":61058,"rcode":"NOERROR","rrname":"billscars.net","rrtype":"A","ttl":14399,"rdata":"209.59.170.24"}}
{"timestamp":"2019-06-05T10:36:28.890820+0000","flow_id":2134914882110843,"pcap_cnt":287,"event_type":"tls","src_ip":"192.168.100.168","src_port":50325,"dest_ip":"209.59.170.24","dest_port":443,"proto":"TCP","tls":{"subject":"CN=209.59.170.24","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:31.768740+0000","flow_id":1473292350241508,"pcap_cnt":305,"event_type":"dns","src_ip":"192.168.100.168","src_port":50527,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5432,"rrname":"sbit.ag","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:31.793426+0000","flow_id":1473292350241508,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":50527,"proto":"UDP","dns":{"type":"answer","id":5432,"rcode":"NOERROR","rrname":"sbit.ag","rrtype":"A","ttl":3599,"rdata":"134.119.40.89"}}
{"timestamp":"2019-06-05T10:36:31.813245+0000","flow_id":737134955669470,"pcap_cnt":314,"event_type":"tls","src_ip":"192.168.100.168","src_port":50369,"dest_ip":"134.119.40.89","dest_port":443,"proto":"TCP","tls":{"subject":"CN=134.119.40.89","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-06-05T10:36:32.041549+0000","flow_id":492377654469197,"pcap_cnt":329,"event_type":"dns","src_ip":"192.168.100.168","src_port":55036,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9827,"rrname":"www.sbit.ag","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-05T10:36:32.071917+0000","flow_id":492377654469197,"pcap_cnt":330,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.168","dest_port":55036,"proto":"UDP","dns":{"type":"answer","id":9827,"rcode":"NOERROR","rrname":"www.sbit.ag","rrtype":"A","ttl":3599,"rdata":"134.119.40.89"}}
{"timestamp":"2019-06-05T10:36:32.079783+0000","flow_id":2200911349817206,"pcap_cnt":338,"event_type":"tls","src_ip":"192.168.100.168","src_port":50375,"dest_ip":"134.119.40.89","dest_port":443,"proto":"TCP","tls":{"subject":"CN=134.119.40.89","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | --------------------------------------------------------------------------
Date: 7/5/2019 -- 13:35:28. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2023623 1 3 8274777 37.93 47 0 8136276 176059.09 0.00 176059.09
2 2023626 1 3 517709 2.37 51 0 360659 10151.16 0.00 10151.16
3 2019833 1 7 975328 4.47 9 0 134436 108369.78 0.00 108369.78
4 2021946 1 2 983228 4.51 9 0 128548 109247.56 0.00 109247.56
5 2023476 1 5 929103 4.26 9 0 114308 103233.67 0.00 103233.67
6 2021749 1 6 323783 1.48 3 0 111459 107927.67 0.00 107927.67
7 2019832 1 4 662778 3.04 9 0 97618 73642.00 0.00 73642.00
8 2814978 1 2 558495 2.56 9 0 81441 62055.00 0.00 62055.00
9 2018005 1 6 494071 2.26 9 0 72517 54896.78 0.00 54896.78
10 2822213 1 2 523678 2.40 9 0 72249 58186.44 0.00 58186.44
11 2018457 1 1 355032 1.63 9 0 67904 39448.00 0.00 39448.00
12 2814979 1 2 507562 2.33 9 0 67087 56395.78 0.00 56395.78
13 2805348 1 4 278530 1.28 6 0 60237 46421.67 0.00 46421.67
14 2022627 1 12 393898 1.81 9 0 60213 43766.44 0.00 43766.44
15 2022535 1 11 401379 1.84 9 0 56229 44597.67 0.00 44597.67
16 2809850 1 2 47570 0.22 1 0 47570 47570.00 0.00 47570.00
17 2803760 1 3 165160 0.76 9 0 44299 18351.11 0.00 18351.11
18 2013739 1 15 167780 0.77 51 0 37341 3289.80 0.00 3289.80
19 2014701 1 12 220628 1.01 18 0 37255 12257.11 0.00 12257.11
20 2020694 1 1 36319 0.17 1 0 36319 36319.00 0.00 36319.00
21 2811447 1 2 58959 0.27 2 0 35025 29479.50 0.00 29479.50
22 2009702 1 5 221442 1.02 18 0 34734 12302.33 0.00 12302.33
23 2803152 1 1 53031 0.24 8 0 33458 6628.88 0.00 6628.88
24 2010140 1 7 256141 1.17 60 0 33200 4269.02 0.00 4269.02
25 2019230 1 2 89371 0.41 8 0 32585 11171.38 0.00 11171.38
26 2014702 1 9 165070 0.76 18 0 27503 9170.56 0.00 9170.56
27 2020609 1 4 24832 0.11 1 0 24832 24832.00 0.00 24832.00
28 2103159 1 4 75059 0.34 18 0 24074 4169.94 0.00 4169.94
29 2020608 1 4 24037 0.11 1 0 24037 24037.00 0.00 24037.00
30 2018013 1 3 23069 0.11 1 0 23069 23069.00 0.00 23069.00
31 2018166 1 3 23064 0.11 1 0 23064 23064.00 0.00 23064.00
32 2020782 1 2 22974 0.11 1 0 22974 22974.00 0.00 22974.00
33 2824995 1 1 93781 0.43 27 0 20338 3473.37 0.00 3473.37
34 2020779 1 3 20243 0.09 1 0 20243 20243.00 0.00 20243.00
35 2020773 1 2 20029 0.09 1 0 20029 20029.00 0.00 20029.00
36 2824636 1 2 160261 0.73 9 0 19627 17806.78 0.00 17806.78
37 2017548 1 6 19183 0.09 1 0 19183 19183.00 0.00 19183.00
38 2020795 1 2 18325 0.08 1 0 18325 18325.00 0.00 18325.00
39 2015986 1 5 64297 0.29 18 0 17940 3572.06 0.00 3572.06
40 2017934 1 4 17212 0.08 1 0 17212 17212.00 0.00 17212.00
41 2022543 1 1 136461 0.63 9 0 17120 15162.33 0.00 15162.33
42 2022547 1 1 115187 0.53 36 0 17049 3199.64 0.00 3199.64
43 2018639 1 2 16792 0.08 1 0 16792 16792.00 0.00 16792.00
44 2014703 1 9 153685 0.70 18 0 16620 8538.06 0.00 8538.06
45 2826281 1 2 133320 0.61 9 0 16164 14813.33 0.00 14813.33
46 2811577 1 2 69230 0.32 8 0 15905 8653.75 0.00 8653.75
47 2811544 1 1 71029 0.33 8 0 15101 8878.62 0.00 8878.62
48 2811542 1 1 17885 0.08 2 0 14602 8942.50 0.00 8942.50
49 2018375 1 3 24685 0.11 2 0 14280 12342.50 0.00 12342.50
50 2018193 1 3 13792 0.06 1 0 13792 13792.00 0.00 13792.00
51 2023349 1 2 10434 0.05 1 0 10434 10434.00 0.00 10434.00
52 2018181 1 3 10185 0.05 1 0 10185 10185.00 0.00 10185.00
53 2103158 1 6 128926 0.59 44 0 7127 2930.14 0.00 2930.14
54 2020205 1 4 33592 0.15 9 0 6334 3732.44 0.00 3732.44
55 2018789 1 3 33876 0.16 9 0 6221 3764.00 0.00 3764.00
56 2018382 1 8 7586 0.03 2 0 4734 3793.00 0.00 3793.00
57 2017935 1 3 54163 0.25 18 0 4534 3009.06 0.00 3009.06
58 2009243 1 2 30251 0.14 10 0 4485 3025.10 0.00 3025.10
59 2102190 1 5 104878 0.48 36 0 4384 2913.28 0.00 2913.28
60 2008120 1 4 190587 0.87 69 0 4337 2762.13 0.00 2762.13
61 2025200 1 1 53710 0.25 18 0 4181 2983.89 0.00 2983.89
62 2023617 1 3 7780 0.04 2 0 4111 3890.00 0.00 3890.00
63 2023624 1 3 135953 0.62 51 0 4095 2665.75 0.00 2665.75
64 2100327 1 10 11237 0.05 3 0 4087 3745.67 0.00 3745.67
65 2806561 1 5 29069 0.13 9 0 4063 3229.89 0.00 3229.89
66 2802205 1 3 20733 0.10 7 0 3901 2961.86 0.00 2961.86
67 2008117 1 3 26784 0.12 9 0 3844 2976.00 0.00 2976.00
68 2009387 1 4 28166 0.13 9 0 3809 3129.56 0.00 3129.56
69 2100518 1 8 20606 0.09 7 0 3793 2943.71 0.00 2943.71
70 2024777 1 2 51670 0.24 18 0 3789 2870.56 0.00 2870.56
71 2809487 1 2 56818 0.26 20 0 3715 2840.90 0.00 2840.90
72 2823788 1 4 28249 0.13 9 0 3634 3138.78 0.00 3138.78
73 2019017 1 3 17217 0.08 6 0 3619 2869.50 0.00 2869.50
74 2821129 1 2 48118 0.22 18 0 3608 2673.22 0.00 2673.22
75 2008116 1 4 20740 0.10 7 0 3596 2962.86 0.00 2962.86
76 2801914 1 2 3574 0.02 1 0 3574 3574.00 0.00 3574.00
77 2101892 1 7 8786 0.04 3 0 3503 2928.67 0.00 2928.67
78 2102523 1 8 25773 0.12 9 0 3494 2863.67 0.00 2863.67
79 2828876 1 1 140160 0.64 53 0 3490 2644.53 0.00 2644.53
80 2010143 1 3 163024 0.75 60 0 3483 2717.07 0.00 2717.07
81 2023622 1 3 173675 0.80 65 0 3473 2671.92 0.00 2671.92
82 2023625 1 3 61322 0.28 23 0 3459 2666.17 0.00 2666.17
83 2808175 1 1 9290 0.04 3 0 3454 3096.67 0.00 3096.67
84 2018558 1 5 27938 0.13 9 0 3445 3104.22 0.00 3104.22
85 2023627 1 3 115215 0.53 43 0 3435 2679.42 0.00 2679.42
86 2809132 1 1 24784 0.11 9 0 3418 2753.78 0.00 2753.78
87 2010142 1 4 157725 0.72 60 0 3402 2628.75 0.00 2628.75
88 2001330 1 8 100522 0.46 36 0 3371 2792.28 0.00 2792.28
89 2823966 1 1 51473 0.24 18 0 3360 2859.61 0.00 2859.61
90 2809256 1 3 52549 0.24 18 0 3312 2919.39 0.00 2919.39
91 2802822 1 1 26248 0.12 9 0 3311 2916.44 0.00 2916.44
92 2802987 1 5 24998 0.11 9 0 3295 2777.56 0.00 2777.56
93 2808577 1 5 99016 0.45 36 0 3292 2750.44 0.00 2750.44
94 2023621 1 4 11522 0.05 4 0 3279 2880.50 0.00 2880.50
95 2103238 1 4 25856 0.12 9 0 3275 2872.89 0.00 2872.89
96 2023620 1 3 8452 0.04 3 0 3274 2817.33 0.00 2817.33
97 2021248 1 7 3251 0.01 1 0 3251 3251.00 0.00 3251.00
98 2023616 1 3 6016 0.03 2 0 3220 3008.00 0.00 3008.00
99 2021152 1 1 24815 0.11 9 0 3219 2757.22 0.00 2757.22
100 2019010 1 3 16728 0.08 6 0 3214 2788.00 0.00 2788.00
101 2019011 1 3 16605 0.08 6 0 3199 2767.50 0.00 2767.50
102 2008118 1 3 28807 0.13 10 0 3161 2880.70 0.00 2880.70
103 2102523 1 8 25425 0.12 9 0 3098 2825.00 0.00 2825.00
104 2824993 1 1 48790 0.22 18 0 3087 2710.56 0.00 2710.56
105 2806901 1 4 3069 0.01 1 0 3069 3069.00 0.00 3069.00
106 2022024 1 1 5669 0.03 2 0 3048 2834.50 0.00 2834.50
107 2023453 1 5 5749 0.03 2 0 3021 2874.50 0.00 2874.50
108 2021266 1 2 2990 0.01 1 0 2990 2990.00 0.00 2990.00
109 2019016 1 3 16090 0.07 6 0 2986 2681.67 0.00 2681.67
110 2023619 1 3 7996 0.04 3 0 2914 2665.33 0.00 2665.33
111 2824992 1 1 47475 0.22 18 0 2839 2637.50 0.00 2637.50
112 2018624 1 5 2823 0.01 1 0 2823 2823.00 0.00 2823.00
113 2808772 1 1 2818 0.01 1 0 2818 2818.00 0.00 2818.00
114 2810289 1 2 2811 0.01 1 0 2811 2811.00 0.00 2811.00
115 2013075 1 8 23545 0.11 9 0 2809 2616.11 0.00 2616.11
116 2824671 1 2 2796 0.01 1 0 2796 2796.00 0.00 2796.00
117 2018373 1 3 5288 0.02 2 0 2750 2644.00 0.00 2644.00
118 2018064 1 2 2682 0.01 1 0 2682 2682.00 0.00 2682.00
119 2804906 1 3 2678 0.01 1 0 2678 2678.00 0.00 2678.00
120 2018377 1 3 5131 0.02 2 0 2586 2565.50 0.00 2565.50
121 2816381 1 1 2564 0.01 1 0 2564 2564.00 0.00 2564.00
122 2805442 1 2 7666 0.04 3 0 2558 2555.33 0.00 2555.33
123 2021267 1 2 2533 0.01 1 0 2533 2533.00 0.00 2533.00
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | --------------------------------------------------------------------------------------------------------------------------------
Date: 7/5/2019 -- 13:35:28
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 2917440 840 374 33018 3473.00 3767.00 3236.00
pcre 433279 118 37 27833 3671.00 3758.00 3632.00
byte_test 356567 119 58 7340 2996.00 3023.00 2970.00
byte_jump 52427 17 6 4082 3083.00 3060.00 3096.00
isdataat 26466 9 0 3818 2940.00 0.00 2940.00
byte_extract 79090 18 18 15608 4393.00 4393.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 2917440 840 374 33018 3473.00 3767.00 3236.00
pcre 433279 118 37 27833 3671.00 3758.00 3632.00
byte_test 356567 119 58 7340 2996.00 3023.00 2970.00
byte_jump 52427 17 6 4082 3083.00 3060.00 3096.00
isdataat 26466 9 0 3818 2940.00 0.00 2940.00
byte_extract 79090 18 18 15608 4393.00 4393.00 0.00
|
1 2 3 4 5 6 7 8 | 2019-07-05 13:35:05,314 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 13:35:06,098 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 13:35:06,098 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 13:35:06,099 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 13:35:06,099 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 13:35:06,099 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8b5bc9e40658d463220fe71ff404efa856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1335-f1946aee-ad2f-482a-86fe-52b396951b28.pcap -vvv -k none
2019-07-05 13:35:28,278 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-05 13:35:28,278 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.9714679718
|