Filename: 4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.80177903175 seconds
Hash: a0abb0edbe02382cc32ec0b2a8ac2a13
Uploaded: 1558447059

Logfiles


suricata-report-2019-05-21-T-13-57-49-05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap.txt - (18016 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a0abb0edbe02382cc32ec0b2a8ac2a13d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap -vvv -k none
elapsedtime:8.819076
stderr:
stdout:
21/5/2019 -- 13:57:40 - <Info> - Configuration node 'rule-files' redefined.
21/5/2019 -- 13:57:40 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/5/2019 -- 13:57:40 - <Info> - CPUs/cores online: 1
21/5/2019 -- 13:57:40 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34154 and 'request-body-inspect-window' set to 15974 after randomization.
21/5/2019 -- 13:57:40 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31216 and 'response-body-inspect-window' set to 16801 after randomization.
21/5/2019 -- 13:57:40 - <Config> - DNS request flood protection level: 500
21/5/2019 -- 13:57:40 - <Config> - DNS per flow memcap (state-memcap): 524288
21/5/2019 -- 13:57:40 - <Config> - DNS global memcap: 16777216
21/5/2019 -- 13:57:40 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/5/2019 -- 13:57:40 - <Config> - preallocated 1000 hosts of size 136
21/5/2019 -- 13:57:40 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/5/2019 -- 13:57:40 - <Config> - using magic-file /usr/share/file/magic
21/5/2019 -- 13:57:40 - <Config> - Core dump size is unlimited.
21/5/2019 -- 13:57:40 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/5/2019 -- 13:57:40 - <Config> - preallocated 1000 defrag trackers of size 168
21/5/2019 -- 13:57:40 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/5/2019 -- 13:57:40 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/5/2019 -- 13:57:40 - <Config> - stream "memcap": 33554432
21/5/2019 -- 13:57:40 - <Config> - stream "midstream" session pickups: disabled
21/5/2019 -- 13:57:40 - <Config> - stream "async-oneside": disabled
21/5/2019 -- 13:57:40 - <Config> - stream "checksum-validation": disabled
21/5/2019 -- 13:57:40 - <Config> - stream."inline": disabled
21/5/2019 -- 13:57:40 - <Config> - stream "bypass": disabled
21/5/2019 -- 13:57:40 - <Config> - stream "max-synack-queued": 5
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly "memcap": 134217728
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly "depth": 0
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly "toserver-chunk-size": 2447
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly "toclient-chunk-size": 2483
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly.raw: enabled
21/5/2019 -- 13:57:40 - <Config> - stream.reassembly "segment-prealloc": 2048
21/5/2019 -- 13:57:40 - <Config> - Delayed detect disabled
21/5/2019 -- 13:57:40 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/5/2019 -- 13:57:40 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/5/2019 -- 13:57:40 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/5/2019 -- 13:57:40 - <Config> - prefilter engines: MPM
21/5/2019 -- 13:57:40 - <Config> - IP reputation disabled
21/5/2019 -- 13:57:40 - <Perf> - Registered 148 keyword profiling counters.
21/5/2019 -- 13:57:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
21/5/2019 -- 13:57:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
21/5/2019 -- 13:57:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
21/5/2019 -- 13:57:41 - <Config> - No rules loaded from ET-emerging-icmp.rules.
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
21/5/2019 -- 13:57:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
21/5/2019 -- 13:57:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
21/5/2019 -- 13:57:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
21/5/2019 -- 13:57:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
21/5/2019 -- 13:57:45 - <Config> - No rules loaded from local.rules.
21/5/2019 -- 13:57:45 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
21/5/2019 -- 13:57:45 - <Info> - Threshold config parsed: 0 rule(s) found
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tcp-packet
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tcp-stream
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for udp-packet
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for other-ip
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_uri
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_client_body
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_accept
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_accept_enc
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_accept_lang
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_referer
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_connection
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_method
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_raw_uri
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_user_agent
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_host
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_raw_host
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_stat_msg
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_stat_code
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for dns_query
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tls_sni
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 13:57:45 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 13:57:45 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
21/5/2019 -- 13:57:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/5/2019 -- 13:57:45 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/5/2019 -- 13:57:45 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/5/2019 -- 13:57:45 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
21/5/2019 -- 13:57:45 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
21/5/2019 -- 13:57:45 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/5/2019 -- 13:57:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/5/2019 -- 13:57:47 - <Perf> - Unique rule groups: 111
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toserver UDP packet": 33
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "toclient UDP packet": 15
21/5/2019 -- 13:57:47 - <Perf> - Builtin MPM "other IP packet": 2
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_header": 6
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_header": 3
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_header_names": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_start": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_method": 3
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver http_host": 2
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver tls_sni": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toserver file_data": 1
21/5/2019 -- 13:57:47 - <Perf> - AppLayer MPM "toclient file_data": 5
21/5/2019 -- 13:57:48 - <Perf> - Registered 18241 rule profiling counters.
21/5/2019 -- 13:57:48 - <Info> - fast output device (regular) initialized: alert
21/5/2019 -- 13:57:48 - <Info> - eve-log output device (regular) initialized: eve.json
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'alert'
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'http'
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'dns'
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'tls'
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'files'
21/5/2019 -- 13:57:48 - <Config> - enabling 'eve-log' module 'ssh'
21/5/2019 -- 13:57:48 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/5/2019 

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-05-21-T-13-57-49-05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap.txt - (10070 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
  --------------------------------------------------------------------------
  Date: 5/21/2019 -- 13:57:49. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021749      1        6        790397       14.73  3        0        589016      263465.67   0.00        263465.67  
  2        2025330      1        1        471229       8.78   1        0        471229      471229.00   0.00        471229.00  
  3        2025189      1        1        486552       9.07   5        0        428276      97310.40    0.00        97310.40   
  4        2018005      1        6        196950       3.67   3        0        95233       65650.00    0.00        65650.00   
  5        2025191      1        1        148983       2.78   5        0        93947       29796.60    0.00        29796.60   
  6        2024720      1        3        68485        1.28   1        0        68485       68485.00    0.00        68485.00   
  7        2018457      1        1        77641        1.45   2        0        54738       38820.50    0.00        38820.50   
  8        2024227      1        3        92792        1.73   5        0        47424       18558.40    0.00        18558.40   
  9        2019083      1        2        43354        0.81   1        0        43354       43354.00    0.00        43354.00   
  10       2022914      1        1        51269        0.96   2        0        42710       25634.50    0.00        25634.50   
  11       2020610      1        3        32413        0.60   1        0        32413       32413.00    0.00        32413.00   
  12       2010142      1        4        201655       3.76   60       0        30373       3360.92     0.00        3360.92    
  13       2025190      1        1        64332        1.20   5        0        29113       12866.40    0.00        12866.40   
  14       2009702      1        5        60251        1.12   4        0        28875       15062.75    0.00        15062.75   
  15       2008120      1        4        193872       3.61   62       0        28392       3126.97     0.00        3126.97    
  16       2025194      1        1        61454        1.14   5        0        27840       12290.80    0.00        12290.80   
  17       2025193      1        1        61057        1.14   5        0        27058       12211.40    0.00        12211.40   
  18       2025192      1        1        61903        1.15   5        0        27032       12380.60    0.00        12380.60   
  19       2014701      1        12       64539        1.20   4        0        23033       16134.75    0.00        16134.75   
  20       2019230      1        2        44877        0.84   4        0        22731       11219.25    0.00        11219.25   
  21       2023612      1        4        29280        0.55   4        0        20456       7320.00     0.00        7320.00    
  22       2020608      1        4        19721        0.37   1        0        19721       19721.00    0.00        19721.00   
  23       2010140      1        7        233101       4.34   60       0        19628       3885.02     0.00        3885.02    
  24       2022543      1        1        36924        0.69   2        0        19181       18462.00    0.00        18462.00   
  25       2020779      1        3        17099        0.32   1        0        17099       17099.00    0.00        17099.00   
  26       2014703      1        9        36339        0.68   4        0        15643       9084.75     0.00        9084.75    
  27       2014702      1        9        34906        0.65   4        0        14792       8726.50     0.00        8726.50    
  28       2018789      1        3        14509        0.27   3        0        5964        4836.33     0.00        4836.33    
  29       2008116      1        4        58742        1.09   20       0        5002        2937.10     0.00        2937.10    
  30       2009243      1        2        37684        0.70   13       0        4712        2898.77     0.00        2898.77    
  31       2102190      1        5        20848        0.39   6        0        4622        3474.67     0.00        3474.67    
  32       2010143      1        3        167955       3.13   60       0        4405        2799.25     0.00        2799.25    
  33       2022547      1        1        30182        0.56   10       0        4148        3018.20     0.00        3018.20    
  34       2023627      1        3        132521       2.47   48       0        4111        2760.85     0.00        2760.85    
  35       2009387      1        4        10256        0.19   3        0        4043        3418.67     0.00        3418.67    
  36       2001330      1        8        35528        0.66   12       0        4006        2960.67     0.00        2960.67    
  37       2025200      1        1        14872        0.28   4        0        3979        3718.00     0.00        3718.00    
  38       2023622      1        3        148543       2.77   56       0        3954        2652.55     0.00        2652.55    
  39       2019011      1        3        54070        1.01   19       0        3918        2845.79     0.00        2845.79    
  40       2100518      1        8        55951        1.04   20       0        3860        2797.55     0.00        2797.55    
  41       2021976      1        2        7355         0.14   2        0        3820        3677.50     0.00        3677.50    
  42       2017935      1        3        16990        0.32   5        0        3752        3398.00     0.00        3398.00    
  43       2016179      1        2        3695         0.07   1        0        3695        3695.00     0.00        3695.00    
  44       2103159      1        4        7041         0.13   2        0        3694        3520.50     0.00        3520.50    
  45       2018281      1        4        7102         0.13   2        0        3659        3551.00     0.00        3551.00    
  46       2021978      1        6        6949         0.13   2        0        3639        3474.50     0.00        3474.50    
  47       2008118      1        3        37341        0.70   13       0        3578        2872.38     0.00        2872.38    
  48       2019010      1        3        45162        0.84   16       0        3564        2822.62     0.00        2822.62    
  49       2023626      1        3        119967       2.24   46       0        3560        2607.98     0.00        2607.98    
  50       2019017      1        3        44144        0.82   16       0        3560        2759.00     0.00        2759.00    
  51       2008297      1        5        3526         0.07   1        0        3526        3526.00     0.00        3526.00    
  52       2021977      1        6        3525         0.07   1        0        3525        3525.00     0.00        3525.00    
  53       2023621      1        4        19527        0.36   7        0        3511        2789.57     0.00        2789.57    
  54       2008117      1        3        51628        0.96   19       0        3489        2717.26     0.00        2717.26    
  55       2023625      1        3        108532       2.02   42       0        3483        2584.10     0.00        2584.10    
  56       2008306      1        3        11912        0.22   4        0        3417        2978.00     0.00        2978.00    
  57       2019016      1        3        52909        0.99   19       0        3369        2784.68     0.00        2784.68    
  58       2023624      1        3        132727       2.47   50       0        3367        2654.54     0.00        2654.54    
  59       2102523      1        8        6526         0.12   2        0        3366        3263.00     0.00        3263.00    
  60       2015986      1        5        15025        0.28   5        0        3349        3005.00     0.00        3005.00    
  61       2024777      1        2        11792        0.22   4        0        3343        2948.00     0.00        2948.00    
  62       2023623      1        3        108198       2.02   42       0        3341        2576.14     0.00        2576.14    
  63       2102257      1        10       3340         0.06   1        0        3340        3340.00     0.00        3340.00    
  64       2016178      1        2        3317         0.06   1        0        3317        3317.00     0.00        3317.00    
  65       2023619      1        3        11118        0.21   4        0        3279        2779.50     0.00        2779.50    
  66       2103238      1        4        5666         0.11   2        0        3139        2833.00     0.00        2833.00    
  67       2102523      1        8        6181         0.12   2        0        3107        3090.50     0.00        3090.50    
  68       2023614      1        3        5609         0.10   2        0        3063        2804.50     0.00        2804.50    
  69       2016181      1        2        3044         0.06   1        0        3044        3044.00     0.00        3044.00    
  70       2103158      1        6        11599        0.22   4        0        3030        2899.75     0.00        2899.75    
  71       2018283      1        5        2945         0.05   1        0        2945        2945.00     0.00        2945.00    
  72       2023617      1        3        11372        0.21   4        0        2917        2843.00     0.00        2843.00    
  73       2013075      1        8        5668         0.11   2        0        2840        2834.00     0.00        2834.00    
  74       2023618      1        3        10164        0.19   4        0        2559        2541.00     0.00        2541.00    
  75       2012236      1        2        2551         0.05   1        0        2551        2551.00     0.00        2551.00    


packet_stats.log - (11390 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            41          1722954       56007527      48287373          2.0b   67.35
 IPv4      17            52          5382395       58002562      15373324        799.4m   27.20
 IPv6      17            10          6215488       56482809      16020624        160.2m    5.45
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            41            69684        2376222        371746         15.2m   28.75
TMM_FLOWWORKER              IPv4      17            52           115956       20448810        666984         34.7m   65.43
TMM_RECEIVEPCAPFILE         IPv4       6            39             2534           3701          2993        116.7k    0.22
TMM_RECEIVEPCAPFILE         IPv4      17            52             2542           9392          3038        158.0k    0.30
TMM_DECODEPCAPFILE          IPv4       6            39             2662           4234          2979        116.2k    0.22
TMM_DECODEPCAPFILE          IPv4      17            52             2681          20312          3225        167.7k    0.32
TMM_FLOWWORKER              IPv6      17            10           103389         994047        245124          2.5m    4.62
TMM_RECEIVEPCAPFILE         IPv6      17            10             2536           3289          2845         28.5k    0.05
TMM_DECODEPCAPFILE          IPv6      17            10             2739          18717          4533         45.3k    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            39             3026           6830          3513        137.0k  0.28  
flow                    IPv4      17            52             2800          35886          4620        240.3k  0.50  
stream                  IPv4       6            41             3803        1439854         58838          2.4m  4.99  
app-layer               IPv4      17            52             2528          46751          5545        288.4k  0.60  
detect                  IPv4       6            41            46358        2336700        276516         11.3m  23.46 
detect                  IPv4      17            52            99219       20416674        603928         31.4m  64.98 
tcp-prune               IPv4       6            41             2549          31484          4173        171.1k  0.35  
flow                    IPv6      17            10             2849          14123          6368         63.7k  0.13  
app-layer               IPv6      17            10             2534           8948          5259         52.6k  0.11  
detect                  IPv6      17            10            86646         969761        222002          2.2m  4.59  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             4             2619           5581          3571         14.3k  29.32 
dns                     IPv4      17             4             6406          10330          8609         34.4k  70.68 
Proto detect            IPv4      17             9             2775          27487         12282        110.5k
Proto detect            IPv6      17             4             2798           3428          3173         12.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4           108528        1599523        505564          2.0m  91.57 
LOGGER_JSON_TLS             IPv4       6             2            70886         115258         93072        186.1k  8.43  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            20             2860         563758         80980         1.6m  37.16 
payload                           IPv4      17            52             3127          61608          9124       474.5k  10.89 
stream                            IPv4       6            20             2549         642238         64750         1.3m  29.71 
dns_query                         IPv4      17             2            10502          10807         10654        21.3k  0.49  
tls_sni                           IPv4       6             3             3531          10144          7764        23.3k  0.53  
tls_cert_issuer                   IPv4       6             2             8841          16924         12882        25.8k  0.59  
tls_cert_subject                  IPv4       6             2             6690           6762          6726        13.5k  0.31  
tls_cert_serial                   IPv4       6             2             6059           7320          6689        13.4k  0.31  
Total                             IPv4                   103                                         33847         3.5m
payload                           IPv6      17            10             2980         797263         87223       872.2k  20.01 
Total                             IPv6                    10                                         87223       872.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            46570          74401         59983        239.9k  0.90  
PROF_DETECT_IPONLY          IPv4      17             9            20370         188637         56819        511.4k  1.92  
PROF_DETECT_RULES           IPv4       6            41             2547        1555538         75968          3.1m  11.70 
PROF_DETECT_RULES           IPv4      17            52            39297         221672         81051          4.2m  15.83 
PROF_DETECT_STATEFUL_START    IPv4       6             1           123993         123993        123993        124.0k  0.47  
PROF_DETECT_STATEFUL_CONT    IPv4       6            41             2540         510247         25694          1.1m  3.96  
PROF_DETECT_STATEFUL_CONT    IPv4      17            52             2739         806506         18528        963.5k  3.62  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            33             2549           3301          2687         88.7k  0.33  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             3068           3602          3271         13.1k  0.05  
PROF_DETECT_PREFILTER       IPv4       6            41             8001         735742        107213          4.4m  16.51 
PROF_DETECT_PREFILTER       IPv4      17            52            24276          92513         34353          1.8m  6.71  
PROF_DETECT_PF_PAYLOAD      IPv4       6            20            21764         653837        153658          3.1m  11.54 
PROF_DETECT_PF_PAYLOAD      IPv4      17            52             8179          66844         14439        750.8k  2.82  
PROF_DETECT_PF_TX           IPv4       6            33             2691          47889          6637        219.0k  0.82  
PROF_DETECT_PF_TX           IPv4      17             2            16791          17411         17101         34.2k  0.13  
PROF_DETECT_PF_SORT1        IPv4       6            19             2574           4054          3027         57.5k  0.22  
PROF_DETECT_PF_SORT1        IPv4      17            52             2610           5618          3289        171.0k  0.64  
PROF_DETECT_PF_SORT2        IPv4       6            41             2520          31347          4930        202.2k  0.76  
PROF_DETECT_PF_SORT2        IPv4      17            52             2550          19576          3476        180.8k  0.68  
PROF_DETECT_NONMPMLIST      IPv4       6            41             2533          18272          3323        136.3k  0.51  
PROF_DETECT_NONMPMLIST      IPv4      17            52             2519          10954          2978        154.9k  0.58  
PROF_DETECT_ALERT           IPv4       6            41             2517           4343          2784        114.2k  0.43  
PROF_DETECT_ALERT           IPv4      17            52             2536          10958          2805        145.9k  0.55  
PROF_DETECT_CLEANUP         IPv4       6            41             2582          62849          4461        182.9k  0.69  
PROF_DETECT_CLEANUP         IPv4      17            52             2522         792635         18031        937.6k  3.52  
PROF_DETECT_GETSGH          IPv4       6            41             2528         400676         13280        544.5k  2.04  
PROF_DETECT_GETSGH          IPv4      17            52             2519          76127          4841        251.8k  0.95  
PROF_DETECT_IPONLY          IPv6      17             4             3103          24011          8473         33.9k  0.13  
PROF_DETECT_RULES           IPv6      17            10            28520         134649         63339        633.4k  2.38  
PROF_DETECT_STATEFUL_CONT    IPv6      17            10             2770           3262          2944         29.4k  0.11  
PROF_DETECT_PREFILTER       IPv6      17            10            23817         827380        115602          1.2m  4.34  
PROF_DETECT_PF_PAYLOAD      IPv6      17            10             8189         802973         92437        924.4k  3.47  
PROF_DETECT_PF_SORT1        IPv6      17            10             2593           5638          3379         33.8k  0.13  
PROF_DETECT_PF_SORT2        IPv6      17            10             2547           4898          3053         30.5k  0.11  
PROF_DETECT_NONMPMLIST      IPv6      17            10             2527           4166          3055         30.6k  0.11  
PROF_DETECT_ALERT           IPv6      17            10             2538           3065          2665         26.7k  0.10  
PROF_DETECT_CLEANUP         IPv6      17            10             2527           3150          2755         27.6k  0.10  
PROF_DETECT_GETSGH          IPv6      17            10             2744           7073          4395         44.0k  0.17  


stats.log - (2757 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 5/21/2019 -- 13:57:49 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 278
decoder.bytes                              | Total                     | 29966
decoder.ipv4                               | Total                     | 91
decoder.ipv6                               | Total                     | 10
decoder.ethernet                           | Total                     | 278
decoder.tcp                                | Total                     | 39
decoder.udp                                | Total                     | 62
decoder.avg_pkt_size                       | Total                     | 107
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 11
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 2
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 8
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 9
flow_mgr.flows_notimeout                   | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65527
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (2291 bytes) - download
1
2
3
4
5
6
7
{"timestamp":"2019-04-29T07:05:36.362784+0000","flow_id":1512694498756896,"pcap_cnt":77,"event_type":"dns","src_ip":"192.168.100.239","src_port":62558,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3489,"rrname":"wtfismyip.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-29T07:05:36.368161+0000","flow_id":1512694498756896,"pcap_cnt":78,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":62558,"proto":"UDP","dns":{"type":"answer","id":3489,"rcode":"NOERROR","rrname":"wtfismyip.com","rrtype":"A","ttl":264,"rdata":"198.27.74.146"}}
{"timestamp":"2019-04-29T07:05:36.713153+0000","flow_id":2062317168674869,"pcap_cnt":87,"event_type":"tls","src_ip":"192.168.100.239","src_port":49443,"dest_ip":"198.27.74.146","dest_port":443,"proto":"TCP","tls":{"subject":"CN=wtfismyip.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-04-29T07:05:39.221410+0000","flow_id":488417813291234,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.100.239","src_port":55310,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55489,"rrname":"discordapp.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-29T07:05:39.226829+0000","flow_id":488417813291234,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":55310,"proto":"UDP","dns":{"type":"answer","id":55489,"rcode":"NOERROR","rrname":"discordapp.com","rrtype":"A","ttl":183,"rdata":"104.16.59.5"}}
{"timestamp":"2019-04-29T07:05:39.226829+0000","flow_id":488417813291234,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":55310,"proto":"UDP","dns":{"type":"answer","id":55489,"rcode":"NOERROR","rrname":"discordapp.com","rrtype":"A","ttl":183,"rdata":"104.16.58.5"}}
{"timestamp":"2019-04-29T07:05:39.309037+0000","flow_id":990959051700644,"pcap_cnt":108,"event_type":"tls","src_ip":"192.168.100.239","src_port":49487,"dest_ip":"104.16.59.5","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL, CN=discordapp.com","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}


keyword_perf.log - (4754 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/21/2019 -- 13:57:49
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             30045           7               7               9943            4292.00         4292.00         0.00           
  content          1407992         148             52              420041          9513.00         4084.00         12454.00       
  pcre             95814           12              0               36960           7984.00         0.00            7984.00        
  byte_test        78930           20              8               11094           3946.00         4452.00         3609.00        
  byte_jump        21146           4               0               10871           5286.00         0.00            5286.00        
  isdataat         6769            2               0               3656            3384.00         0.00            3384.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             30045           7               7               9943            4292.00         4292.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          757382          106             45              402654          7145.00         4094.00         9395.00        
  pcre             95814           12              0               36960           7984.00         0.00            7984.00        
  byte_test        78930           20              8               11094           3946.00         4452.00         3609.00        
  byte_jump        21146           4               0               10871           5286.00         0.00            5286.00        
  isdataat         6769            2               0               3656            3384.00         0.00            3384.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          28142           7               7               4935            4020.00         4020.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          622468          35              0               420041          17784.00        0.00            17784.00       


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-05-21 13:57:39,603 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-21 13:57:40,343 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-21 13:57:40,343 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-05-21 13:57:40,344 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-21 13:57:40,344 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-21 13:57:40,344 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a0abb0edbe02382cc32ec0b2a8ac2a13d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap -vvv -k none
2019-05-21 13:57:49,166 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-21 13:57:49,166 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.57167601585