Filename: 934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f86bb13d60091dcf01.61.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.5413119793 seconds
Hash: 94d02f4bcd0caf3594f88dc2f4b90927
Uploaded: 1548721163

Logfiles


suricata-report-2019-01-29-T-00-19-45-01292019.0019-934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f86bb13d60091dcf01.61.pcap.txt - (17767 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/94d02f4bcd0caf3594f88dc2f4b9092756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01292019.0019-934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f86bb13d60091dcf01.61.pcap -vvv -k none
elapsedtime:20.594628
stderr:
stdout:
29/1/2019 -- 00:19:24 - <Info> - Configuration node 'rule-files' redefined.
29/1/2019 -- 00:19:24 - <Notice> - This is Suricata version 4.0.0 RELEASE
29/1/2019 -- 00:19:24 - <Info> - CPUs/cores online: 1
29/1/2019 -- 00:19:24 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33963 and 'request-body-inspect-window' set to 16801 after randomization.
29/1/2019 -- 00:19:24 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34311 and 'response-body-inspect-window' set to 16641 after randomization.
29/1/2019 -- 00:19:24 - <Config> - DNS request flood protection level: 500
29/1/2019 -- 00:19:24 - <Config> - DNS per flow memcap (state-memcap): 524288
29/1/2019 -- 00:19:24 - <Config> - DNS global memcap: 16777216
29/1/2019 -- 00:19:24 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
29/1/2019 -- 00:19:24 - <Config> - preallocated 1000 hosts of size 136
29/1/2019 -- 00:19:24 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
29/1/2019 -- 00:19:24 - <Config> - using magic-file /usr/share/file/magic
29/1/2019 -- 00:19:24 - <Config> - Core dump size is unlimited.
29/1/2019 -- 00:19:24 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
29/1/2019 -- 00:19:24 - <Config> - preallocated 1000 defrag trackers of size 168
29/1/2019 -- 00:19:24 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
29/1/2019 -- 00:19:24 - <Config> - stream "prealloc-sessions": 2048 (per thread)
29/1/2019 -- 00:19:24 - <Config> - stream "memcap": 33554432
29/1/2019 -- 00:19:24 - <Config> - stream "midstream" session pickups: disabled
29/1/2019 -- 00:19:24 - <Config> - stream "async-oneside": disabled
29/1/2019 -- 00:19:24 - <Config> - stream "checksum-validation": disabled
29/1/2019 -- 00:19:24 - <Config> - stream."inline": disabled
29/1/2019 -- 00:19:24 - <Config> - stream "bypass": disabled
29/1/2019 -- 00:19:24 - <Config> - stream "max-synack-queued": 5
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly "memcap": 134217728
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly "depth": 0
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly "toserver-chunk-size": 2674
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly "toclient-chunk-size": 2526
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly.raw: enabled
29/1/2019 -- 00:19:24 - <Config> - stream.reassembly "segment-prealloc": 2048
29/1/2019 -- 00:19:24 - <Config> - Delayed detect disabled
29/1/2019 -- 00:19:24 - <Config> - pattern matchers: MPM: ac, SPM: bm
29/1/2019 -- 00:19:24 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
29/1/2019 -- 00:19:24 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
29/1/2019 -- 00:19:24 - <Config> - prefilter engines: MPM
29/1/2019 -- 00:19:24 - <Config> - IP reputation disabled
29/1/2019 -- 00:19:24 - <Perf> - Registered 148 keyword profiling counters.
29/1/2019 -- 00:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
29/1/2019 -- 00:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
29/1/2019 -- 00:19:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
29/1/2019 -- 00:19:29 - <Config> - No rules loaded from ET-icmp.rules.
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
29/1/2019 -- 00:19:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
29/1/2019 -- 00:19:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
29/1/2019 -- 00:19:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
29/1/2019 -- 00:19:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
29/1/2019 -- 00:19:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
29/1/2019 -- 00:19:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
29/1/2019 -- 00:19:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
29/1/2019 -- 00:19:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
29/1/2019 -- 00:19:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
29/1/2019 -- 00:19:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
29/1/2019 -- 00:19:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
29/1/2019 -- 00:19:36 - <Config> - No rules loaded from local.rules.
29/1/2019 -- 00:19:36 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
29/1/2019 -- 00:19:37 - <Info> - Threshold config parsed: 0 rule(s) found
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tcp-packet
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tcp-stream
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for udp-packet
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for other-ip
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_uri
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_request_line
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_client_body
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_response_line
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_header
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_header
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_header_names
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_header_names
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_accept
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_accept_enc
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_accept_lang
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_referer
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_connection
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_content_len
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_content_len
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_content_type
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_content_type
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_protocol
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_protocol
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_start
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_start
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_raw_header
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_raw_header
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_method
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_cookie
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_cookie
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_raw_uri
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_user_agent
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_host
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_raw_host
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_stat_msg
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_stat_code
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for dns_query
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tls_sni
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tls_cert_issuer
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tls_cert_subject
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for tls_cert_serial
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for dce_stub_data
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for dce_stub_data
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for ssh_protocol
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for ssh_protocol
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for ssh_software
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for ssh_software
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for file_data
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for file_data
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_request_line
29/1/2019 -- 00:19:37 - <Perf> - using shared mpm ctx' for http_response_line
29/1/2019 -- 00:19:37 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
29/1/2019 -- 00:19:37 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
29/1/2019 -- 00:19:37 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
29/1/2019 -- 00:19:37 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
29/1/2019 -- 00:19:37 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
29/1/2019 -- 00:19:37 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
29/1/2019 -- 00:19:37 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
29/1/2019 -- 00:19:37 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
29/1/2019 -- 00:19:42 - <Perf> - Unique rule groups: 104
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toserver TCP packet": 35
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toclient TCP packet": 17
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toserver TCP stream": 33
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toclient TCP stream": 19
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toserver UDP packet": 27
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "toclient UDP packet": 17
29/1/2019 -- 00:19:42 - <Perf> - Builtin MPM "other IP packet": 3
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_uri": 14
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_request_line": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_client_body": 6
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_response_line": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_header": 10
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_header": 6
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_header_names": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_accept": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_referer": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_content_len": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_content_type": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_content_type": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_protocol": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_start": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_method": 5
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_cookie": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_cookie": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver http_host": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver dns_query": 4
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver tls_sni": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toserver file_data": 1
29/1/2019 -- 00:19:42 - <Perf> - AppLayer MPM "toclient file_data": 7
29/1/2019 -- 00:19:44 - <Perf> - Registered 39590 rule profiling counters.
29/1/2019 -- 00:19:44 - <Info> - fast output device (regular) initialized: alert
29/1/2019 -- 00:19:44 - <Info> - eve-log output device (regular) initialized: eve.json
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'alert'
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'http'
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'dns'
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'tls'
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'files'
29/1/2019 -- 00:19:44 - <Config> - enabling 'eve-log' module 'ssh'
29/1/2019 -- 00:19:44 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
29/1/2019 -- 00:19:44 - <Info> - stats output device (regular) initialized: stats.log
29/1/2019 -- 00:19:44 - <Config> - AutoFP mode using "Hash" flow load balancer
29/1/2019 -- 00:19:44 - <Info> - reading pcap file /var/pcap/01292019.0019-934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f8

This file has been truncated. Go here to download in full.


packet_stats.log - (9296 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10          1226447       40497504      16812953        168.1m   13.14
 IPv4       6            23           175990       40302962      32012192        736.3m   57.55
 IPv4      17            27          1605110       21484552      13885462        374.9m   29.31
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            55386         862206        175420          1.8m    4.34
TMM_FLOWWORKER              IPv4       6            23            68272       12990583        791407         18.2m   45.03
TMM_FLOWWORKER              IPv4      17            27           115671       10868998        742481         20.0m   49.60
TMM_RECEIVEPCAPFILE         IPv4       2            10             2555           9644          3367         33.7k    0.08
TMM_RECEIVEPCAPFILE         IPv4       6            22             2545           3435          2767         60.9k    0.15
TMM_RECEIVEPCAPFILE         IPv4      17            27             2536           3337          2801         75.6k    0.19
TMM_DECODEPCAPFILE          IPv4       2            10             2694          18330          4392         43.9k    0.11
TMM_DECODEPCAPFILE          IPv4       6            22             2658          17052          3569         78.5k    0.19
TMM_DECODEPCAPFILE          IPv4      17            27             2671          36462          4530        122.3k    0.30

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            22             2844           5417          3380         74.4k  0.26  
flow                    IPv4      17            27             2831          28664          5519        149.0k  0.53  
stream                  IPv4       6            23             2954          42334          9525        219.1k  0.78  
app-layer               IPv4      17            27             2551          45430         11550        311.9k  1.11  
detect                  IPv4       2            10            50118         855261        169062          1.7m  5.99  
detect                  IPv4       6            23            44857         824120        175798          4.0m  14.33 
detect                  IPv4      17            27            92746         871121        303731          8.2m  29.07 
tcp-prune               IPv4       6            23             2543       12894834        588014         13.5m  47.94 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
dns                     IPv4      17            15             3621          18636          6164         92.5k  100.00
Proto detect            IPv4      17            18             3120          38359          7170        129.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            12            27496       10250242        919738         11.0m  100.00

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            14             3109          40444          7698       107.8k  14.34 
payload                           IPv4      17            27             3830         116326         18636       503.2k  66.93 
stream                            IPv4       6            14             2536          38304          6723        94.1k  12.52 
dns_query                         IPv4      17             6             3863          11928          7781        46.7k  6.21  
Total                             IPv4                    61                                         12324       751.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10             3920          78060         42128        421.3k  3.65  
PROF_DETECT_IPONLY          IPv4       6             2            20172          41772         30972         61.9k  0.54  
PROF_DETECT_IPONLY          IPv4      17            19             3975          61355         38959        740.2k  6.42  
PROF_DETECT_RULES           IPv4       2            10             2538          12718          3658         36.6k  0.32  
PROF_DETECT_RULES           IPv4       6            23             2525         142497         11669        268.4k  2.33  
PROF_DETECT_RULES           IPv4      17            27            34666         647597        179956          4.9m  42.14 
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2531           2761          2559         25.6k  0.22  
PROF_DETECT_STATEFUL_CONT    IPv4       6            23             2553           3456          2752         63.3k  0.55  
PROF_DETECT_STATEFUL_CONT    IPv4      17            27             2505          72843          6866        185.4k  1.61  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             2634           4531          2935         35.2k  0.31  
PROF_DETECT_PREFILTER       IPv4       2            10             7819          10648          8360         83.6k  0.73  
PROF_DETECT_PREFILTER       IPv4       6            23             7775          64807         24679        567.6k  4.92  
PROF_DETECT_PREFILTER       IPv4      17            27            24461         154095         45840          1.2m  10.73 
PROF_DETECT_PF_PAYLOAD      IPv4       6            14            13243          50799         22142        310.0k  2.69  
PROF_DETECT_PF_PAYLOAD      IPv4      17            27             8874         121491         23951        646.7k  5.61  
PROF_DETECT_PF_TX           IPv4      17             6             9139          18021         13283         79.7k  0.69  
PROF_DETECT_PF_SORT1        IPv4      17            27             2659           6231          3936        106.3k  0.92  
PROF_DETECT_PF_SORT2        IPv4       2            10             2524           3148          2716         27.2k  0.24  
PROF_DETECT_PF_SORT2        IPv4       6            23             2512           3691          2712         62.4k  0.54  
PROF_DETECT_PF_SORT2        IPv4      17            27             2574           5312          3140         84.8k  0.74  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2523           2881          2679         26.8k  0.23  
PROF_DETECT_NONMPMLIST      IPv4       6            23             2529           3599          2940         67.6k  0.59  
PROF_DETECT_NONMPMLIST      IPv4      17            27             2540           3945          2903         78.4k  0.68  
PROF_DETECT_ALERT           IPv4       2            10             2543          15975          4021         40.2k  0.35  
PROF_DETECT_ALERT           IPv4       6            23             2527           4168          2680         61.7k  0.53  
PROF_DETECT_ALERT           IPv4      17            27             2525           3754          2711         73.2k  0.63  
PROF_DETECT_CLEANUP         IPv4       2            10             2524           3647          2738         27.4k  0.24  
PROF_DETECT_CLEANUP         IPv4       6            23             2554         753116         35894        825.6k  7.16  
PROF_DETECT_CLEANUP         IPv4      17            27             2538           6196          3172         85.7k  0.74  
PROF_DETECT_GETSGH          IPv4       2            10             2529           9265          3367         33.7k  0.29  
PROF_DETECT_GETSGH          IPv4       6            23             2575          46692          5322        122.4k  1.06  
PROF_DETECT_GETSGH          IPv4      17            27             2540          36202          6860        185.2k  1.61  


stats.log - (2827 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 1/29/2019 -- 00:19:45 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 59
decoder.bytes                              | Total                     | 5979
decoder.ipv4                               | Total                     | 59
decoder.ethernet                           | Total                     | 59
decoder.tcp                                | Total                     | 22
decoder.udp                                | Total                     | 27
decoder.avg_pkt_size                       | Total                     | 101
decoder.max_pkt_size                       | Total                     | 694
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 4
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 8
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 6
app_layer.tx.dns_udp                       | Total                     | 6
app_layer.flow.failed_udp                  | Total                     | 6
flow.spare                                 | Total                     | 9991
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (9995 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
{"timestamp":"2019-01-24T01:26:31.758320+0000","flow_id":1784357388259888,"pcap_cnt":14,"event_type":"dns","src_ip":"192.168.180.143","src_port":59533,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22746,"rrname":"wpad.BNA619529386107.local","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T01:26:31.762345+0000","flow_id":1784357388259888,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":59533,"proto":"UDP","dns":{"type":"answer","id":22746,"rcode":"NXDOMAIN","rrname":"wpad.BNA619529386107.local"}}
{"timestamp":"2019-01-24T01:26:31.762345+0000","flow_id":1784357388259888,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":59533,"proto":"UDP","dns":{"type":"answer","id":22746,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2019-01-24T01:26:32.984016+0000","flow_id":117349584208848,"pcap_cnt":18,"event_type":"dns","src_ip":"192.168.180.143","src_port":59564,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9564,"rrname":"isatap.BNA619529386107.local","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T01:26:33.021386+0000","flow_id":117349584208848,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":59564,"proto":"UDP","dns":{"type":"answer","id":9564,"rcode":"NXDOMAIN","rrname":"isatap.BNA619529386107.local"}}
{"timestamp":"2019-01-24T01:26:33.021386+0000","flow_id":117349584208848,"pcap_cnt":19,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":59564,"proto":"UDP","dns":{"type":"answer","id":9564,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2019-01-24T01:26:33.050476+0000","flow_id":1780073158526252,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.180.143","src_port":64542,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35065,"rrname":"teredo.ipv6.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T01:26:33.050841+0000","flow_id":1780073158526252,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":64542,"proto":"UDP","dns":{"type":"answer","id":35065,"rcode":"NXDOMAIN","rrname":"teredo.ipv6.microsoft.com"}}
{"timestamp":"2019-01-24T01:26:33.050841+0000","flow_id":1780073158526252,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":64542,"proto":"UDP","dns":{"type":"answer","id":35065,"rcode":"NXDOMAIN","rrname":"ipv6.microsoft.com","rrtype":"SOA","ttl":1061}}
{"timestamp":"2019-01-24T01:26:37.772808+0000","flow_id":668561392388808,"pcap_cnt":24,"event_type":"dns","src_ip":"192.168.180.143","src_port":51883,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23406,"rrname":"BNA619529386107.BNA619529386107.local","rrtype":"SOA","tx_id":0}}
{"timestamp":"2019-01-24T01:26:37.778018+0000","flow_id":668561392388808,"pcap_cnt":25,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":51883,"proto":"UDP","dns":{"type":"answer","id":23406,"rcode":"NXDOMAIN","rrname":"BNA619529386107.BNA619529386107.local"}}
{"timestamp":"2019-01-24T01:26:37.778018+0000","flow_id":668561392388808,"pcap_cnt":25,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":51883,"proto":"UDP","dns":{"type":"answer","id":23406,"rcode":"NXDOMAIN","rrname":"<root>","rrtype":"SOA","ttl":10800}}
{"timestamp":"2019-01-24T01:26:49.066267+0000","flow_id":1196384956515035,"pcap_cnt":26,"event_type":"dns","src_ip":"192.168.180.143","src_port":52663,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29509,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":1040,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":82,"rdata":"52.168.138.145"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a13-130.akadns.org"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a5-130.akadns.org"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a28-129.akadns.org"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a7-131.akadns.net"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a3-129.akadns.net"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a11-129.akadns.net"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a9-128.akadns.net"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a18-128.akadns.org"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a12-131.akadns.org"}}
{"timestamp":"2019-01-24T01:26:49.066841+0000","flow_id":1196384956515035,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":52663,"proto":"UDP","dns":{"type":"answer","id":29509,"rcode":"NOERROR","rrname":"akadns.net","rrtype":"NS","ttl":670,"rdata":"a1-128.akadns.net"}}
{"timestamp":"2019-01-24T01:27:13.972500+0000","flow_id":715526862132948,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.180.143","src_port":65165,"dest_ip":"192.168.180.250","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33687,"rrname":"paychenco.ddns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T01:27:13.984791+0000","flow_id":715526862132948,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":65165,"proto":"UDP","dns":{"type":"answer","id":33687,"rcode":"NOERROR","rrname":"paychenco.ddns.net","rrtype":"A","ttl":60,"rdata":"172.94.47.103"}}
{"timestamp":"2019-01-24T01:27:13.984791+0000","flow_id":715526862132948,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":65165,"proto":"UDP","dns":{"type":"answer","id":33687,"rcode":"NOERROR","rrname":"ddns.net","rrtype":"NS","ttl":19372,"rdata":"nf4.no-ip.com"}}
{"timestamp":"2019-01-24T01:27:13.984791+0000","flow_id":715526862132948,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":65165,"proto":"UDP","dns":{"type":"answer","id":33687,"rcode":"NOERROR","rrname":"ddns.net","rrtype":"NS","ttl":19372,"rdata":"nf3.no-ip.com"}}
{"timestamp":"2019-01-24T01:27:13.984791+0000","flow_id":715526862132948,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":65165,"proto":"UDP","dns":{"type":"answer","id":33687,"rcode":"NOERROR","rrname":"ddns.net","rrtype":"NS","ttl":19372,"rdata":"nf1.no-ip.com"}}
{"timestamp":"2019-01-24T01:27:13.984791+0000","flow_id":715526862132948,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.180.250","src_port":53,"dest_ip":"192.168.180.143","dest_port":65165,"proto":"UDP","dns":{"type":"answer","id":33687,"rcode":"NOERROR","rrname":"ddns.net","rrtype":"NS","ttl":19372,"rdata":"nf2.no-ip.com"}}


keyword_perf.log - (2314 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/29/2019 -- 00:19:45
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          383296          115             73              36694           3333.00         3499.00         3043.00        
  pcre             78863           8               0               40440           9857.00         0.00            9857.00        
  byte_test        441890          154             122             19754           2869.00         2907.00         2723.00        
  isdataat         13843           5               0               2995            2768.00         0.00            2768.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          383296          115             73              36694           3333.00         3499.00         3043.00        
  pcre             78863           8               0               40440           9857.00         0.00            9857.00        
  byte_test        441890          154             122             19754           2869.00         2907.00         2723.00        
  isdataat         13843           5               0               2995            2768.00         0.00            2768.00        


suricata-4.0.0-etpro-all-perf.txt-2019-01-29-T-00-19-45-01292019.0019-934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f86bb13d60091dcf01.61.pcap.txt - (10070 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
  --------------------------------------------------------------------------
  Date: 1/29/2019 -- 00:19:45. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018316      1        4        168502       5.28   4        0        74998       42125.50    0.00        42125.50   
  2        2010140      1        7        181793       5.70   20       0        61173       9089.65     0.00        9089.65    
  3        2018666      1        4        141546       4.44   4        0        40251       35386.50    0.00        35386.50   
  4        2009702      1        5        162083       5.08   14       0        37895       11577.36    0.00        11577.36   
  5        2811542      1        1        153927       4.83   7        0        37328       21989.57    0.00        21989.57   
  6        2020742      1        1        123140       3.86   4        0        34091       30785.00    0.00        30785.00   
  7        2008120      1        4        101714       3.19   25       0        33374       4068.56     0.00        4068.56    
  8        2019230      1        2        153220       4.80   8        0        32885       19152.50    0.00        19152.50   
  9        2811544      1        1        151772       4.76   8        0        32824       18971.50    0.00        18971.50   
  10       2811577      1        2        149702       4.69   8        0        31257       18712.75    0.00        18712.75   
  11       2020741      1        1        119596       3.75   4        0        31201       29899.00    0.00        29899.00   
  12       2014701      1        12       141035       4.42   14       0        22751       10073.93    0.00        10073.93   
  13       2803760      1        3        89432        2.80   6        0        17049       14905.33    0.00        14905.33   
  14       2826281      1        2        87924        2.76   6        0        16997       14654.00    0.00        14654.00   
  15       2022543      1        1        72324        2.27   5        0        15702       14464.80    0.00        14464.80   
  16       2014702      1        9        103495       3.24   14       0        14547       7392.50     0.00        7392.50    
  17       2014703      1        9        104894       3.29   14       0        14426       7492.43     0.00        7492.43    
  18       2802823      1        1        18045        0.57   6        0        4640        3007.50     0.00        3007.50    
  19       2023620      1        3        32520        1.02   11       0        4389        2956.36     0.00        2956.36    
  20       2025200      1        1        36078        1.13   12       0        4317        3006.50     0.00        3006.50    
  21       2001219      1        20       4070         0.13   1        0        4070        4070.00     0.00        4070.00    
  22       2801347      1        5        11418        0.36   4        0        3793        2854.50     0.00        2854.50    
  23       2023626      1        3        38364        1.20   14       0        3785        2740.29     0.00        2740.29    
  24       2023054      1        2        9332         0.29   3        0        3746        3110.67     0.00        3110.67    
  25       2023615      1        3        28308        0.89   10       0        3699        2830.80     0.00        2830.80    
  26       2008119      1        3        17476        0.55   6        0        3638        2912.67     0.00        2912.67    
  27       2023621      1        4        24846        0.78   9        0        3614        2760.67     0.00        2760.67    
  28       2823788      1        4        17708        0.56   6        0        3595        2951.33     0.00        2951.33    
  29       2010143      1        3        55462        1.74   20       0        3526        2773.10     0.00        2773.10    
  30       2806561      1        5        3524         0.11   1        0        3524        3524.00     0.00        3524.00    
  31       2002993      1        7        3502         0.11   1        0        3502        3502.00     0.00        3502.00    
  32       2802822      1        1        11323        0.36   4        0        3496        2830.75     0.00        2830.75    
  33       2008117      1        3        12401        0.39   4        0        3474        3100.25     0.00        3100.25    
  34       2023622      1        3        50184        1.57   18       0        3466        2788.00     0.00        2788.00    
  35       2023619      1        3        30187        0.95   11       0        3459        2744.27     0.00        2744.27    
  36       2102257      1        10       9322         0.29   3        0        3444        3107.33     0.00        3107.33    
  37       2023627      1        3        19452        0.61   7        0        3413        2778.86     0.00        2778.86    
  38       2008116      1        4        6025         0.19   2        0        3398        3012.50     0.00        3012.50    
  39       2023613      1        3        29780        0.93   11       0        3356        2707.27     0.00        2707.27    
  40       2008118      1        3        30894        0.97   11       0        3345        2808.55     0.00        2808.55    
  41       2023618      1        3        29572        0.93   11       0        3338        2688.36     0.00        2688.36    
  42       2009243      1        2        32761        1.03   11       0        3295        2978.27     0.00        2978.27    
  43       2023625      1        3        39409        1.24   14       0        3291        2814.93     0.00        2814.93    
  44       2013739      1        15       41582        1.30   15       0        3284        2772.13     0.00        2772.13    
  45       2023624      1        3        45459        1.43   17       0        3273        2674.06     0.00        2674.06    
  46       2010939      1        3        3258         0.10   1        0        3258        3258.00     0.00        3258.00    
  47       2016181      1        2        8617         0.27   3        0        3256        2872.33     0.00        2872.33    
  48       2023612      1        4        25161        0.79   9        0        3231        2795.67     0.00        2795.67    
  49       2003068      1        7        3231         0.10   1        0        3231        3231.00     0.00        3231.00    
  50       2023617      1        3        32749        1.03   12       0        3221        2729.08     0.00        2729.08    
  51       2016178      1        2        8348         0.26   3        0        3205        2782.67     0.00        2782.67    
  52       2013506      1        1        3200         0.10   1        0        3200        3200.00     0.00        3200.00    
  53       2002911      1        6        3200         0.10   1        0        3200        3200.00     0.00        3200.00    
  54       2023623      1        3        21841        0.68   8        0        3199        2730.12     0.00        2730.12    
  55       2023053      1        2        8425         0.26   3        0        3199        2808.33     0.00        2808.33    
  56       2102523      1        8        5828         0.18   2        0        3194        2914.00     0.00        2914.00    
  57       2019010      1        3        5800         0.18   2        0        3184        2900.00     0.00        2900.00    
  58       2016179      1        2        8318         0.26   3        0        3165        2772.67     0.00        2772.67    
  59       2010142      1        4        54193        1.70   20       0        3155        2709.65     0.00        2709.65    
  60       2002992      1        7        3139         0.10   1        0        3139        3139.00     0.00        3139.00    
  61       2100518      1        8        5768         0.18   2        0        3105        2884.00     0.00        2884.00    
  62       2010938      1        3        3095         0.10   1        0        3095        3095.00     0.00        3095.00    
  63       2002995      1        10       3048         0.10   1        0        3048        3048.00     0.00        3048.00    
  64       2802205      1        3        5603         0.18   2        0        3032        2801.50     0.00        2801.50    
  65       2002910      1        6        3001         0.09   1        0        3001        3001.00     0.00        3001.00    
  66       2013075      1        8        15951        0.50   6        0        3000        2658.50     0.00        2658.50    
  67       2001580      1        15       2995         0.09   1        0        2995        2995.00     0.00        2995.00    
  68       2019017      1        3        5616         0.18   2        0        2984        2808.00     0.00        2808.00    
  69       2102523      1        8        5564         0.17   2        0        2982        2782.00     0.00        2782.00    
  70       2001582      1        15       2976         0.09   1        0        2976        2976.00     0.00        2976.00    
  71       2002994      1        7        2937         0.09   1        0        2937        2937.00     0.00        2937.00    
  72       2023614      1        3        26452        0.83   10       0        2907        2645.20     0.00        2645.20    
  73       2828876      1        1        8152         0.26   3        0        2798        2717.33     0.00        2717.33    
  74       2023616      1        3        5352         0.17   2        0        2731        2676.00     0.00        2676.00    
  75       2805442      1        2        2533         0.08   1        0        2533        2533.00     0.00        2533.00    


IDSDeathBlossom.py.log - (1207 bytes) - download
1
2
3
4
5
6
7
8
2019-01-29 00:19:23,956 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-29 00:19:24,688 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-29 00:19:24,688 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-29 00:19:24,688 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-29 00:19:24,689 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-29 00:19:24,689 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/94d02f4bcd0caf3594f88dc2f4b9092756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01292019.0019-934fde02fbd9fa2fb462a8ec9e767346b85bdcb62fea26f86bb13d60091dcf01.61.pcap -vvv -k none
2019-01-29 00:19:45,286 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-29 00:19:45,286 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.3380198479