Filename: 12e0edf5-c330-4214-bc1e-6657251f9209.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.7574880123 seconds
Hash: a22496ab7f31fb6658995ae80228994d
Uploaded: 1576182730

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-12-12-T-20-32-36-12122019.2032-12e0edf5-c330-4214-bc1e-6657251f9209.pcap.txt - (8663 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
  --------------------------------------------------------------------------
  Date: 12/12/2019 -- 20:32:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023623      1        3        942670       14.70  26       0        829374      36256.54    0.00        36256.54   
  2        2023617      1        3        877448       13.69  12       0        825686      73120.67    0.00        73120.67   
  3        2805348      1        4        886338       13.83  11       0        139716      80576.18    0.00        80576.18   
  4        2826281      1        2        67094        1.05   1        0        67094       67094.00    0.00        67094.00   
  5        2014701      1        12       41642        0.65   2        0        36906       20821.00    0.00        20821.00   
  6        2009702      1        5        38918        0.61   2        0        34056       19459.00    0.00        19459.00   
  7        2020773      1        2        32888        0.51   1        0        32888       32888.00    0.00        32888.00   
  8        2010143      1        3        228186       3.56   43       0        29330       5306.65     0.00        5306.65    
  9        2803760      1        3        28998        0.45   1        0        28998       28998.00    0.00        28998.00   
  10       2022543      1        1        27946        0.44   1        0        27946       27946.00    0.00        27946.00   
  11       2802822      1        1        101900       1.59   17       0        27114       5994.12     0.00        5994.12    
  12       2010140      1        7        291574       4.55   43       0        27014       6780.79     0.00        6780.79    
  13       2014703      1        9        30212        0.47   2        0        25008       15106.00    0.00        15106.00   
  14       2023612      1        4        80618        1.26   13       0        24856       6201.38     0.00        6201.38    
  15       2014702      1        9        28970        0.45   2        0        24376       14485.00    0.00        14485.00   
  16       2023622      1        3        220436       3.44   44       0        23030       5009.91     0.00        5009.91    
  17       2019010      1        3        70136        1.09   11       0        21612       6376.00     0.00        6376.00    
  18       2023627      1        3        172530       2.69   34       0        18840       5074.41     0.00        5074.41    
  19       2008120      1        4        215176       3.36   44       0        11764       4890.36     0.00        4890.36    
  20       2823788      1        4        8174         0.13   1        0        8174        8174.00     0.00        8174.00    
  21       2102523      1        8        14148        0.22   2        0        7990        7074.00     0.00        7074.00    
  22       2001580      1        15       7246         0.11   1        0        7246        7246.00     0.00        7246.00    
  23       2100327      1        10       7124         0.11   1        0        7124        7124.00     0.00        7124.00    
  24       2102523      1        8        12228        0.19   2        0        6962        6114.00     0.00        6114.00    
  25       2002993      1        7        6884         0.11   1        0        6884        6884.00     0.00        6884.00    
  26       2023626      1        3        186370       2.91   40       0        6774        4659.25     0.00        4659.25    
  27       2002992      1        7        6722         0.10   1        0        6722        6722.00     0.00        6722.00    
  28       2016323      1        1        33012        0.51   6        0        6590        5502.00     0.00        5502.00    
  29       2828876      1        1        17384        0.27   3        0        6456        5794.67     0.00        5794.67    
  30       2008117      1        3        80324        1.25   17       0        6352        4724.94     0.00        4724.94    
  31       2008118      1        3        46610        0.73   9        0        6312        5178.89     0.00        5178.89    
  32       2013739      1        15       195406       3.05   42       0        6234        4652.52     0.00        4652.52    
  33       2100518      1        8        80424        1.25   17       0        6166        4730.82     0.00        4730.82    
  34       2010939      1        3        6160         0.10   1        0        6160        6160.00     0.00        6160.00    
  35       2008116      1        4        81056        1.26   17       0        6110        4768.00     0.00        4768.00    
  36       2019011      1        3        83076        1.30   17       0        5976        4886.82     0.00        4886.82    
  37       2010142      1        4        199340       3.11   43       0        5948        4635.81     0.00        4635.81    
  38       2001582      1        15       5910         0.09   1        0        5910        5910.00     0.00        5910.00    
  39       2801347      1        5        73252        1.14   15       0        5840        4883.47     0.00        4883.47    
  40       2009243      1        2        43540        0.68   9        0        5830        4837.78     0.00        4837.78    
  41       2023624      1        3        172582       2.69   38       0        5776        4541.63     0.00        4541.63    
  42       2806561      1        5        5760         0.09   1        0        5760        5760.00     0.00        5760.00    
  43       2016363      1        2        30882        0.48   6        0        5750        5147.00     0.00        5147.00    
  44       2023621      1        4        33288        0.52   7        0        5716        4755.43     0.00        4755.43    
  45       2100566      1        5        29370        0.46   6        0        5580        4895.00     0.00        4895.00    
  46       2019017      1        3        51650        0.81   11       0        5534        4695.45     0.00        4695.45    
  47       2019016      1        3        78844        1.23   17       0        5516        4637.88     0.00        4637.88    
  48       2023625      1        3        155756       2.43   34       0        5496        4581.06     0.00        4581.06    
  49       2013506      1        1        5484         0.09   1        0        5484        5484.00     0.00        5484.00    
  50       2025200      1        1        10400        0.16   2        0        5404        5200.00     0.00        5200.00    
  51       2802205      1        3        79088        1.23   17       0        5274        4652.24     0.00        4652.24    
  52       2003068      1        7        5258         0.08   1        0        5258        5258.00     0.00        5258.00    
  53       2002911      1        6        5244         0.08   1        0        5244        5244.00     0.00        5244.00    
  54       2010938      1        3        5224         0.08   1        0        5224        5224.00     0.00        5224.00    
  55       2001219      1        20       5202         0.08   1        0        5202        5202.00     0.00        5202.00    
  56       2002994      1        7        5154         0.08   1        0        5154        5154.00     0.00        5154.00    
  57       2023613      1        3        32640        0.51   7        0        5078        4662.86     0.00        4662.86    
  58       2023614      1        3        42424        0.66   9        0        4974        4713.78     0.00        4713.78    
  59       2002995      1        10       4950         0.08   1        0        4950        4950.00     0.00        4950.00    
  60       2002910      1        6        4932         0.08   1        0        4932        4932.00     0.00        4932.00    
  61       2023616      1        3        9308         0.15   2        0        4870        4654.00     0.00        4654.00    
  62       2023615      1        3        27730        0.43   6        0        4754        4621.67     0.00        4621.67    
  63       2023619      1        3        26868        0.42   6        0        4670        4478.00     0.00        4478.00    
  64       2013075      1        8        4588         0.07   1        0        4588        4588.00     0.00        4588.00    


packet_stats.log - (10139 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             9          7841672       53483882      42692041        384.2m   23.76
 IPv4      17            38          4787852       50639956      27493854          1.0b   64.62
 IPv6      17            12          3866024       54544014      15654723        187.9m   11.62
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             9           116470         842930        413175          3.7m    7.25
TMM_FLOWWORKER              IPv4      17            38           225376       12225194       1123905         42.7m   83.22
TMM_RECEIVEPCAPFILE         IPv4       6             7             4730           5568          4958         34.7k    0.07
TMM_RECEIVEPCAPFILE         IPv4      17            38             4454           6272          4866        184.9k    0.36
TMM_DECODEPCAPFILE          IPv4       6             7             4600          25692          7817         54.7k    0.11
TMM_DECODEPCAPFILE          IPv4      17            38             4598           6370          4928        187.3k    0.36
TMM_FLOWWORKER              IPv6      17            12           188058        1134828        354636          4.3m    8.29
TMM_RECEIVEPCAPFILE         IPv6      17            12             4472          11520          5557         66.7k    0.13
TMM_DECODEPCAPFILE          IPv6      17            12             4658          53418          9004        108.1k    0.21

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             7             5076           7008          5781         40.5k  0.08  
flow                    IPv4      17            38             4768          15482          5844        222.1k  0.46  
stream                  IPv4       6             9             5588          75716         26540        238.9k  0.49  
app-layer               IPv4      17            38             4448          69892          8210        312.0k  0.64  
detect                  IPv4       6             9            78296         773068        342970          3.1m  6.34  
detect                  IPv4      17            38           197214       12186844       1070888         40.7m  83.56 
tcp-prune               IPv4       6             9             4612          42872         10099         90.9k  0.19  
flow                    IPv6      17            12             4782          53688         11920        143.0k  0.29  
app-layer               IPv6      17            12             4458          54276         11312        135.8k  0.28  
detect                  IPv6      17            12           159590         995480        311307          3.7m  7.67  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
dns                     IPv4      17             2             8886          25878         17382         34.8k  100.00
Proto detect            IPv4      17             7             4718          29052         12504         87.5k
Proto detect            IPv6      17             4             4724          43038         14480         57.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2           114744         460226        287485        575.0k  100.00

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             5             6592         535526        142572       712.9k  19.49 
payload                           IPv4      17            38             5066         815202         58820         2.2m  61.10 
stream                            IPv4       6             5             4468         191722         61054       305.3k  8.34  
dns_query                         IPv4      17             1            12680          12680         12680        12.7k  0.35  
Total                             IPv4                    49                                         66652         3.3m
payload                           IPv6      17            12             5476         209868         32704       392.5k  10.73 
Total                             IPv6                    12                                         32704       392.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            89508         168738        129123        258.2k  0.51  
PROF_DETECT_IPONLY          IPv4      17             7            43702        8901816       1362741          9.5m  18.80 
PROF_DETECT_RULES           IPv4       6             9             4472         237668         47291        425.6k  0.84  
PROF_DETECT_RULES           IPv4      17            38            77418       12078098        588547         22.4m  44.07 
PROF_DETECT_STATEFUL_CONT    IPv4       6             9             4680           5904          5136         46.2k  0.09  
PROF_DETECT_STATEFUL_CONT    IPv4      17            38             4424          66076          6660        253.1k  0.50  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             5042           5756          5399         10.8k  0.02  
PROF_DETECT_PREFILTER       IPv4       6             9            13926         597206        145091          1.3m  2.57  
PROF_DETECT_PREFILTER       IPv4      17            38            41436         899704        141645          5.4m  10.61 
PROF_DETECT_PF_PAYLOAD      IPv4       6             5            79386         553460        218472          1.1m  2.15  
PROF_DETECT_PF_PAYLOAD      IPv4      17            38            14156         824488         83409          3.2m  6.25  
PROF_DETECT_PF_TX           IPv4      17             1            24814          24814         24814         24.8k  0.05  
PROF_DETECT_PF_SORT1        IPv4      17            38             4472          21950          5927        225.2k  0.44  
PROF_DETECT_PF_SORT2        IPv4       6             9             4476          29936         10469         94.2k  0.19  
PROF_DETECT_PF_SORT2        IPv4      17            38             4456          91256          9396        357.1k  0.70  
PROF_DETECT_NONMPMLIST      IPv4       6             9             4514          13352          6037         54.3k  0.11  
PROF_DETECT_NONMPMLIST      IPv4      17            38             4422         828800         27340          1.0m  2.05  
PROF_DETECT_ALERT           IPv4       6             9             4446           6706          5127         46.1k  0.09  
PROF_DETECT_ALERT           IPv4      17            38             4434           6490          4805        182.6k  0.36  
PROF_DETECT_CLEANUP         IPv4       6             9             4546          30438          8286         74.6k  0.15  
PROF_DETECT_CLEANUP         IPv4      17            38             4424          24004          5355        203.5k  0.40  
PROF_DETECT_GETSGH          IPv4       6             9             4686         310148         49968        449.7k  0.89  
PROF_DETECT_GETSGH          IPv4      17            38             4434          14862          5952        226.2k  0.45  
PROF_DETECT_IPONLY          IPv6      17             4             5296          69406         21944         87.8k  0.17  
PROF_DETECT_RULES           IPv6      17            12            58850         221700        126586          1.5m  2.99  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             4400           5490          4904         58.9k  0.12  
PROF_DETECT_PREFILTER       IPv6      17            12            41960         355424         79924        959.1k  1.89  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12            14350         220278         41949        503.4k  0.99  
PROF_DETECT_PF_SORT1        IPv6      17            12             4474          28566          7267         87.2k  0.17  
PROF_DETECT_PF_SORT2        IPv6      17            12             4444          63244          9607        115.3k  0.23  
PROF_DETECT_NONMPMLIST      IPv6      17            12             4466           6726          5117         61.4k  0.12  
PROF_DETECT_ALERT           IPv6      17            12             4442          18338          5732         68.8k  0.14  
PROF_DETECT_CLEANUP         IPv6      17            12             4442           7544          4909         58.9k  0.12  
PROF_DETECT_GETSGH          IPv6      17            12             4498         329564         33331        400.0k  0.79  


stats.log - (2755 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 12/12/2019 -- 20:32:36 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 98
decoder.bytes                              | Total                     | 9801
decoder.ipv4                               | Total                     | 45
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 98
decoder.tcp                                | Total                     | 7
decoder.udp                                | Total                     | 50
decoder.avg_pkt_size                       | Total                     | 100
decoder.max_pkt_size                       | Total                     | 274
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 12
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 8
flow_mgr.flows_notimeout                   | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65528
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076608


eve.json - (639 bytes) - download
1
2
{"timestamp":"2019-12-09T10:04:18.434101+0000","flow_id":1132050772041653,"pcap_cnt":71,"event_type":"dns","src_ip":"192.168.100.233","src_port":55200,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19470,"rrname":"fax4paralx.dyn-ip24.de","rrtype":"A","tx_id":0}}
{"timestamp":"2019-12-09T10:04:18.453284+0000","flow_id":1132050772041653,"pcap_cnt":72,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.233","dest_port":55200,"proto":"UDP","dns":{"type":"answer","id":19470,"rcode":"NOERROR","rrname":"fax4paralx.dyn-ip24.de","rrtype":"A","ttl":9,"rdata":"149.202.233.217"}}


keyword_perf.log - (2315 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/12/2019 -- 20:32:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          316552          50              33              40572           6331.00         6990.00         5050.00        
  byte_test        216372          40              36              25260           5409.00         5479.00         4777.00        
  byte_jump        63306           12              11              10420           5275.00         5258.00         5462.00        
  isdataat         4820            1               0               4820            4820.00         0.00            4820.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          316552          50              33              40572           6331.00         6990.00         5050.00        
  byte_test        216372          40              36              25260           5409.00         5479.00         4777.00        
  byte_jump        63306           12              11              10420           5275.00         5258.00         5462.00        
  isdataat         4820            1               0               4820            4820.00         0.00            4820.00        


suricata-report-2019-12-12-T-20-32-36-12122019.2032-12e0edf5-c330-4214-bc1e-6657251f9209.pcap.txt - (17919 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a22496ab7f31fb6658995ae80228994d56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12122019.2032-12e0edf5-c330-4214-bc1e-6657251f9209.pcap -vvv -k none
elapsedtime:24.732602
stderr:
stdout:
12/12/2019 -- 20:32:11 - <Info> - Configuration node 'rule-files' redefined.
12/12/2019 -- 20:32:11 - <Notice> - This is Suricata version 4.0.0 RELEASE
12/12/2019 -- 20:32:11 - <Info> - CPUs/cores online: 1
12/12/2019 -- 20:32:11 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33556 and 'request-body-inspect-window' set to 15865 after randomization.
12/12/2019 -- 20:32:11 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32156 and 'response-body-inspect-window' set to 16836 after randomization.
12/12/2019 -- 20:32:11 - <Config> - DNS request flood protection level: 500
12/12/2019 -- 20:32:11 - <Config> - DNS per flow memcap (state-memcap): 524288
12/12/2019 -- 20:32:11 - <Config> - DNS global memcap: 16777216
12/12/2019 -- 20:32:11 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
12/12/2019 -- 20:32:11 - <Config> - preallocated 1000 hosts of size 136
12/12/2019 -- 20:32:11 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
12/12/2019 -- 20:32:11 - <Config> - using magic-file /usr/share/file/magic
12/12/2019 -- 20:32:11 - <Config> - Core dump size is unlimited.
12/12/2019 -- 20:32:11 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
12/12/2019 -- 20:32:11 - <Config> - preallocated 1000 defrag trackers of size 168
12/12/2019 -- 20:32:11 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
12/12/2019 -- 20:32:11 - <Config> - stream "prealloc-sessions": 2048 (per thread)
12/12/2019 -- 20:32:11 - <Config> - stream "memcap": 33554432
12/12/2019 -- 20:32:11 - <Config> - stream "midstream" session pickups: disabled
12/12/2019 -- 20:32:11 - <Config> - stream "async-oneside": disabled
12/12/2019 -- 20:32:11 - <Config> - stream "checksum-validation": disabled
12/12/2019 -- 20:32:11 - <Config> - stream."inline": disabled
12/12/2019 -- 20:32:11 - <Config> - stream "bypass": disabled
12/12/2019 -- 20:32:11 - <Config> - stream "max-synack-queued": 5
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly "memcap": 134217728
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly "depth": 0
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly "toserver-chunk-size": 2544
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly "toclient-chunk-size": 2533
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly.raw: enabled
12/12/2019 -- 20:32:11 - <Config> - stream.reassembly "segment-prealloc": 2048
12/12/2019 -- 20:32:11 - <Config> - Delayed detect disabled
12/12/2019 -- 20:32:11 - <Config> - pattern matchers: MPM: ac, SPM: bm
12/12/2019 -- 20:32:11 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
12/12/2019 -- 20:32:11 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
12/12/2019 -- 20:32:11 - <Config> - prefilter engines: MPM
12/12/2019 -- 20:32:11 - <Config> - IP reputation disabled
12/12/2019 -- 20:32:11 - <Perf> - Registered 148 keyword profiling counters.
12/12/2019 -- 20:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
12/12/2019 -- 20:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
12/12/2019 -- 20:32:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
12/12/2019 -- 20:32:17 - <Config> - No rules loaded from ET-icmp.rules.
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
12/12/2019 -- 20:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
12/12/2019 -- 20:32:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
12/12/2019 -- 20:32:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
12/12/2019 -- 20:32:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
12/12/2019 -- 20:32:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
12/12/2019 -- 20:32:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
12/12/2019 -- 20:32:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
12/12/2019 -- 20:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
12/12/2019 -- 20:32:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
12/12/2019 -- 20:32:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
12/12/2019 -- 20:32:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
12/12/2019 -- 20:32:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
12/12/2019 -- 20:32:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
12/12/2019 -- 20:32:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
12/12/2019 -- 20:32:25 - <Config> - No rules loaded from local.rules.
12/12/2019 -- 20:32:25 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
12/12/2019 -- 20:32:25 - <Info> - Threshold config parsed: 0 rule(s) found
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tcp-packet
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tcp-stream
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for udp-packet
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for other-ip
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_uri
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_request_line
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_client_body
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_response_line
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_header
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_header
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_header_names
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_header_names
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_accept
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_accept_enc
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_accept_lang
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_referer
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_connection
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_content_len
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_content_len
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_content_type
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_content_type
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_protocol
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_protocol
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_start
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_start
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_raw_header
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_raw_header
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_method
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_cookie
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_cookie
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_raw_uri
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_user_agent
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_host
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_raw_host
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_stat_msg
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_stat_code
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for dns_query
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tls_sni
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tls_cert_issuer
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tls_cert_subject
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for tls_cert_serial
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for dce_stub_data
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for dce_stub_data
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for ssh_protocol
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for ssh_protocol
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for ssh_software
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for ssh_software
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for file_data
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for file_data
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_request_line
12/12/2019 -- 20:32:26 - <Perf> - using shared mpm ctx' for http_response_line
12/12/2019 -- 20:32:26 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
12/12/2019 -- 20:32:26 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
12/12/2019 -- 20:32:26 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
12/12/2019 -- 20:32:26 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
12/12/2019 -- 20:32:26 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
12/12/2019 -- 20:32:26 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
12/12/2019 -- 20:32:26 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
12/12/2019 -- 20:32:26 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
12/12/2019 -- 20:32:32 - <Perf> - Unique rule groups: 104
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
12/12/2019 -- 20:32:32 - <Perf> - Builtin MPM "other IP packet": 3
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_header": 10
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_header": 6
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_start": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_method": 5
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver http_host": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toserver file_data": 1
12/12/2019 -- 20:32:32 - <Perf> - AppLayer MPM "toclient file_data": 7
12/12/2019 -- 20:32:35 - <Perf> - Registered 39590 rule profiling counters.
12/12/2019 -- 20:32:35 - <Info> - fast output device (regular) initialized: alert
12/12/2019 -- 20:32:35 - <Info> - eve-log output device (regular) initialized: eve.json
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'alert'
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'http'
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'dns'
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'tls'
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'files'
12/12/2019 -- 20:32:35 - <Config> - enabling 'eve-log' module 'ssh'
12/12/2019 -- 20:32:35 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
12/12/2019 -- 20:32:35 - <Info> - stats output device (regular) initialized: stats.log
12/12/2019 -- 20:32:35 - <Config> - Aut

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-12-12 20:32:10,995 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-12-12 20:32:11,771 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-12-12 20:32:11,771 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-12-12 20:32:11,771 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-12-12 20:32:11,772 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-12-12 20:32:11,772 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a22496ab7f31fb6658995ae80228994d56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12122019.2032-12e0edf5-c330-4214-bc1e-6657251f9209.pcap -vvv -k none
2019-12-12 20:32:36,508 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-12-12 20:32:36,509 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.5224571228