Filename: 7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopenenall-base
Runtime: 8.34402298927 seconds
Hash: ad3ba4a28a11f5c341c17843629824cc
Uploaded: 1565802922

Logfiles


suricata-4.0.0-etopenenall-base-perf.txt-2019-08-14-T-17-15-31-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (52182 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 8/14/2019 -- 17:15:31. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001118      1        6        18968346     3.92   139      0        18158518    136462.92   0.00        136462.92  
  2        2014702      1        9        13944028     2.88   44       0        13183868    316909.73   0.00        316909.73  
  3        2023083      1        2        1649132      0.34   24       0        485178      68713.83    0.00        68713.83   
  4        2017552      1        6        22700716     4.69   657      0        457708      34552.08    0.00        34552.08   
  5        2001381      1        12       9597122      1.98   777      0        444796      12351.51    0.00        12351.51   
  6        2100527      1        9        20866678     4.32   1399     0        432732      14915.42    0.00        14915.42   
  7        2019848      1        3        6637110      1.37   1259     0        427380      5271.73     0.00        5271.73    
  8        2100524      1        9        4139276      0.86   761      0        417174      5439.26     0.00        5439.26    
  9        2009553      1        7        7252168      1.50   610      0        303356      11888.80    0.00        11888.80   
  10       2024565      1        3        635544       0.13   4        0        223268      158886.00   0.00        158886.00  
  11       2008446      1        9        1088934      0.23   139      0        142100      7834.06     0.00        7834.06    
  12       2018242      1        5        1030442      0.21   31       0        135472      33240.06    0.00        33240.06   
  13       2001382      1        12       8979386      1.86   777      0        130248      11556.48    0.00        11556.48   
  14       2001376      1        12       7616122      1.58   777      0        117438      9801.96     0.00        9801.96    
  15       2001383      1        12       8758926      1.81   777      0        117274      11272.75    0.00        11272.75   
  16       2000543      1        7        1385048      0.29   80       0        111476      17313.10    0.00        17313.10   
  17       2021038      1        4        1053398      0.22   31       0        107274      33980.58    0.00        33980.58   
  18       2100628      1        8        10889452     2.25   1259     0        104834      8649.29     0.00        8649.29    
  19       2000544      1        7        15728628     3.25   622      0        104418      25287.18    0.00        25287.18   
  20       2025064      1        5        1262906      0.26   31       0        101576      40738.90    0.00        40738.90   
  21       2024771      1        1        949252       0.20   18       0        100014      52736.22    0.00        52736.22   
  22       2100623      1        7        15826636     3.27   1259     0        98164       12570.80    0.00        12570.80   
  23       2011894      1        19       976952       0.20   31       0        95382       31514.58    0.00        31514.58   
  24       2003394      1        8        1259702      0.26   18       0        95364       69983.44    0.00        69983.44   
  25       2014025      1        1        1180156      0.24   24       0        94064       49173.17    0.00        49173.17   
  26       2001328      1        13       8194034      1.69   777      0        93592       10545.73    0.00        10545.73   
  27       2018452      1        15       1163990      0.24   31       0        93476       37548.06    0.00        37548.06   
  28       2019800      1        2        264538       0.05   6        0        93402       44089.67    0.00        44089.67   
  29       2010518      1        4        1183186      0.24   33       7        92394       35854.12    38997.71    35007.77   
  30       2024178      1        2        805958       0.17   31       0        88788       25998.65    0.00        25998.65   
  31       2001384      1        13       7677220      1.59   777      0        88036       9880.59     0.00        9880.59    
  32       2017114      1        5        416144       0.09   7        0        87714       59449.14    0.00        59449.14   
  33       2019230      1        2        569980       0.12   24       0        85036       23749.17    0.00        23749.17   
  34       2018983      1        7        1185936      0.25   31       0        82802       38256.00    0.00        38256.00   
  35       2010337      1        19       7330140      1.52   610      0        81490       12016.62    0.00        12016.62   
  36       2024141      1        2        149724       0.03   2        0        80702       74862.00    0.00        74862.00   
  37       2024134      1        2        132732       0.03   2        0        80462       66366.00    0.00        66366.00   
  38       2018496      1        9        943186       0.20   31       0        80350       30425.35    0.00        30425.35   
  39       2001377      1        12       7943004      1.64   777      0        80220       10222.66    0.00        10222.66   
  40       2009702      1        5        1171054      0.24   44       0        79658       26614.86    0.00        26614.86   
  41       2017693      1        2        398610       0.08   7        0        78918       56944.29    0.00        56944.29   
  42       2009293      1        1        7437850      1.54   777      0        78686       9572.52     0.00        9572.52    
  43       2101398      1        11       3043928      0.63   575      0        77952       5293.79     0.00        5293.79    
  44       2018316      1        4        229914       0.05   4        0        76392       57478.50    0.00        57478.50   
  45       2100502      1        3        13007304     2.69   1399     0        76282       9297.57     0.00        9297.57    
  46       2010906      1        5        5462496      1.13   610      0        76108       8954.91     0.00        8954.91    
  47       2000538      1        8        7543540      1.56   622      0        76000       12127.88    0.00        12127.88   
  48       2009584      1        2        534646       0.11   49       0        75642       10911.14    0.00        10911.14   
  49       2017259      1        12       976714       0.20   31       0        75606       31506.90    0.00        31506.90   
  50       2011085      1        7        129930       0.03   2        0        75044       64965.00    0.00        64965.00   
  51       2002658      1        4        8006468      1.66   777      0        72654       10304.33    0.00        10304.33   
  52       2010697      1        8        886454       0.18   18       0        72410       49247.44    0.00        49247.44   
  53       2012137      1        5        1087928      0.22   31       0        71096       35094.45    0.00        35094.45   
  54       2100270      1        7        1810798      0.37   139      0        70944       13027.32    0.00        13027.32   
  55       2001380      1        12       7616926      1.58   777      0        70846       9802.99     0.00        9802.99    
  56       2001378      1        12       7599498      1.57   777      0        70824       9780.56     0.00        9780.56    
  57       2016858      1        10       947210       0.20   31       0        69748       30555.16    0.00        30555.16   
  58       2102437      1        9        925942       0.19   24       0        69356       38580.92    0.00        38580.92   
  59       2010140      1        7        801114       0.17   121      0        69184       6620.78     0.00        6620.78    
  60       2012180      1        3        580146       0.12   18       0        68618       32230.33    0.00        32230.33   
  61       2017295      1        6        417060       0.09   7        0        68236       59580.00    0.00        59580.00   
  62       2101321      1        9        12718212     2.63   1399     0        67728       9090.93     0.00        9090.93    
  63       2020741      1        1        198100       0.04   4        0        67392       49525.00    0.00        49525.00   
  64       2008314      1        7        962336       0.20   24       0        66220       40097.33    0.00        40097.33   
  65       2009026      1        4        2632768      0.54   550      0        66146       4786.85     0.00        4786.85    
  66       2017613      1        9        994334       0.21   31       0        65932       32075.29    0.00        32075.29   
  67       2018981      1        4        969836       0.20   31       0        65610       31285.03    0.00        31285.03   
  68       2101437      1        13       1032658      0.21   22       0        65504       46939.00    0.00        46939.00   
  69       2019881      1        3        1017614      0.21   31       0        65168       32826.26    0.00        32826.26   
  70       2016726      1        6        312754       0.06   6        0        64866       52125.67    0.00        52125.67   
  71       2023626      1        3        614930       0.13   119      0        64812       5167.48     0.00        5167.48    
  72       2006411      1        9        314232       0.06   6        0        63816       52372.00    0.00        52372.00   
  73       2013094      1        9        305306       0.06   6        0        63532       50884.33    0.00        50884.33   
  74       2017982      1        3        949582       0.20   31       0        63426       30631.68    0.00        30631.68   
  75       2013098      1        3        303638       0.06   6        0        62630       50606.33    0.00        50606.33   
  76       2018067      1        3        321804       0.07   56       0        62166       5746.50     0.00        5746.50    
  77       2018666      1        4        194696       0.04   4        0        62042       48674.00    0.00        48674.00   
  78       2019344      1        5        932780       0.19   31       0        61836       30089.68    0.00        30089.68   
  79       2017567      1        3        298720       0.06   6        0        61710       49786.67    0.00        49786.67   
  80       2014701      1        12       1122724      0.23   44       0        61582       25516.45    0.00        25516.45   
  81       2013975      1        3        287832       0.06   6        0        60890       47972.00    0.00        47972.00   
  82       2001022      1        5        15411642     3.19   1259     0        60884       12241.18    0.00        12241.18   
  83       2001023      1        5        10793218     2.23   1259     0        60858       8572.85     0.00        8572.85    
  84       2009206      1        4        723146       0.15   95       7        60286       7612.06     24733.71    6250.11    
  85       2018958      1        18       768336       0.16   31       0        58782       24785.03    0.00        24785.03   
  86       2024137      1        2        108596       0.02   2        0        56498       54298.00    0.00        54298.00   
  87       2000545      1        8        977508       0.20   49       0        56326       19949.14    0.00        19949.14   
  88       2015781      1        2        332594       0.07   6        0        56098       55432.33    0.00        55432.33   
  89       2024133      1        2        107914       0.02   2        0        56032       53957.00    0.00        53957.00   
  90       2024135      1        2        107408       0.02   2        0        56002       53704.00    0.00        53704.00   
  91       2007703      1        11       1019430      0.21   46       0        55648       22161.52    0.00        22161.52   
  92       2024136      1        2        110310       0.02   2        0        55566       55155.00    0.00        55155.00   
  93       2024139      1        2        106198       0.02   2        0        55300       53099.00    0.00        53099.00   
  94       2024138      1        2        108244       0.02   2        0        55282       54122.00    0.00        54122.00   
  95       2011583      1        4        713862       0.15   18       0        54654       39659.00    0.00        39659.00   
  96       2024142      1        2        107358       0.02   2        0        54628       53679.00    0.00        53679.00   
  97       2020742      1        1        183730       0.04   4        0        54500       45932.50    0.00        45932.50   
  98       2024140      1        2        106040       0.02   2        0        54338       53020.00    0.00        53020.00   
  99       2100523      1        6        12736570     2.63   1399     0        53814       9104.05     0.00        9104.05    
  100      2101624      1        9        52770        0.01   1        0        52770       52770.00    0.00        52770.00   
  101      2001375      1        12       7672694      1.59   777      0        52576       9874.77     0.00        9874.77    
  102      2021267      1        2        282228       0.06   12       0        52572       23519.00    0.00        23519.00   
  103      2001379      1        12       7431096      1.54   777      0        52332       9563.83     0.00        9563.83    
  104      2022502      1        4        783212       0.16   31       0        52322       25264.90    0.00        25264.90   
  105      2009294      1        1        7544656      1.56   777      0        52016       9709.98     0.00        9709.98    
  106      2000540      1        8        7433608      1.54   622      0        51956       11951.14    0.00        11951.14   
  107      2020705      1        4        727322       0.15   31       0        51514       23462.00    0.00        23462.00   
  108      2018010      1        5        722938       0.15   31       0        51146       23320.58    0.00        23320.58   
  109      2016223      1        10       711536       0.15   31       0        51050       22952.77    0.00        22952.77   
  110      2014380      1        4        1103358      0.23   36       0        50992       30648.83    0.00        30648.83   
  111      2021266      1        2        258512       0.05   12       0        50980       21542.67    0.00        21542.67   
  112      2017694      1        6        225918       0.05   6        0        50620       37653.00    0.00        37653.00   
  113      2014703      1        9        813964       0.17   44       0        50504       18499.18    0.00        18499.18   
  114      2003657      1        18       744082       0.15   31       0        50164       24002.65    0.00        24002.65   
  115      2008313      1        7        870780       0.18   24       0        46746       36282.50    0.00        36282.50   
  116      2023627      1        3        404632       0.08   80       0        46166       5057.90     0.00        5057.90    
  117      2001117      1        6        857386       0.18   139      3        45456       6168.24     15472.00    5963.01    
  118      2001119      1        6        903374       0.19   139      0        44812       6499.09     0.00        6499.09    
  119      2014379      1        2        372698       0.08   12       0        43236       31058.17    0.00        31058.17   
  120      2001102      1        13       449182       0.09   15       0        42566       29945.47    0.00        29945.47   
  121      2103196      1        3        914498       0.19   80       0        41036       11431.23    0.00        11431.23   
  122      2001024      1        5        500272       0.10   49       0        40536       10209.63    0.00        10209.63   
  123      2001103      1        13       451848       0.09   15       0        40018       30123.20    0.00        30123.20   
  124      2100416      1        8        39984        0.01   1        0        39984       39984.00    0.00        39984.00   
  125      2001116      1        6        8

This file has been truncated. Go here to download in full.


packet_stats.log - (16984 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1        948397282      948397282     948397282        948.4m    0.12
 IPv4       6          1259          5072936      954752060     561720681        707.2b   92.92
 IPv4      17           127         23671232      987432664     408368606         51.9b    6.81
 IPv6      17            12         26193316      191179768      89412201          1.1b    0.14
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1          1597244        1597244       1597244          1.6m    0.14
TMM_FLOWWORKER              IPv4       6          1259           258976       10470938        716412        902.0m   79.11
TMM_FLOWWORKER              IPv4      17           127           770672       26673416       1576771        200.2m   17.56
TMM_RECEIVEPCAPFILE         IPv4       1             1             4728           4728          4728          4.7k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1203             4426        5244650          9423         11.3m    0.99
TMM_RECEIVEPCAPFILE         IPv4      17           127             4442          11346          4756        604.1k    0.05
TMM_DECODEPCAPFILE          IPv4       1             1            23414          23414         23414         23.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6          1203             4554          71260          4959          6.0m    0.52
TMM_DECODEPCAPFILE          IPv4      17           127             4590          29868          5197        660.1k    0.06
TMM_FLOWWORKER              IPv6      17            12           698284        8021178       1472952         17.7m    1.55
TMM_RECEIVEPCAPFILE         IPv6      17            12             4448           4790          4651         55.8k    0.00
TMM_DECODEPCAPFILE          IPv6      17            12             4660          18064          5858         70.3k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             5334           5334          5334          5.3k  0.00  
flow                    IPv4       6          1203             4740          35098          5538          6.7m  0.62  
flow                    IPv4      17           127             4748          27484          6207        788.4k  0.07  
stream                  IPv4       6          1259             4746         448770         18958         23.9m  2.22  
app-layer               IPv4      17           127             4436          75576         12550          1.6m  0.15  
detect                  IPv4       1             1          1577142        1577142       1577142          1.6m  0.15  
detect                  IPv4       6          1259           221450       10420392        654262        823.7m  76.70 
detect                  IPv4      17           127           741734       26633132       1509513        191.7m  17.85 
tcp-prune               IPv4       6          1259             4434          63660          5190          6.5m  0.61  
flow                    IPv6      17            12             4866          17818          7055         84.7k  0.01  
app-layer               IPv6      17            12             4428          18672          9499        114.0k  0.01  
detect                  IPv6      17            12           669286        7970144       1436906         17.2m  1.61  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            58             4636          51302          9390        544.6k  61.31 
dns                     IPv4      17            45             4954          25356          7638        343.7k  38.69 
Proto detect            IPv4       6             4             4986           7338          6062         24.2k
Proto detect            IPv4      17            50             4634          39092         10129        506.5k
Proto detect            IPv6      17             5             5108           8492          6092         30.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             7            17324         207754         56728        397.1k  3.40  
LOGGER_ALERT_FAST           IPv4      17             4            21966         176862         75547        302.2k  2.59  
LOGGER_UNIFIED2             IPv4       6             7            35936          78358         60283        422.0k  3.61  
LOGGER_UNIFIED2             IPv4      17             4            34548         203730         85834        343.3k  2.94  
LOGGER_JSON_ALERT           IPv4       6             7            42572         124454         69856        489.0k  4.18  
LOGGER_JSON_ALERT           IPv4      17             4            41496         318692        126608        506.4k  4.33  
LOGGER_JSON_DNS             IPv4      17            31            35684         215300         66633          2.1m  17.67 
LOGGER_JSON_HTTP            IPv4       6            29            29122         204418        111107          3.2m  27.57 
LOGGER_JSON_FILE            IPv4       6            38            61912         214510        103696          3.9m  33.71 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            15826          15826         15826        15.8k  0.02  
payload                           IPv4       6           637             4464         132808         30588        19.5m  25.60 
payload                           IPv4      17           127             5416          78880         18068         2.3m  3.02  
stream                            IPv4       6           637             4430         565498         34051        21.7m  28.50 
http_uri                          IPv4       6            88             4458          38420          8080       711.1k  0.93  
http_request_line                 IPv4       6            88             4616          46414         10412       916.3k  1.20  
http_client_body                  IPv4       6           603             4472         435350         28218        17.0m  22.36 
http_header (request)             IPv4       6            24            17404         167452         89617         2.2m  2.83  
http_header (request trailer)     IPv4       6            22             4490           7682          4882       107.4k  0.14  
http_header_names (request)       IPv4       6            24             9358          44348         22788       546.9k  0.72  
http_accept (request)             IPv4       6            24             5256          22422          6774       162.6k  0.21  
http_referer (request)            IPv4       6            24             4850           9532          6972       167.3k  0.22  
http_content_len (request)        IPv4       6            24             4860          21888          7113       170.7k  0.22  
http_content_type (request)       IPv4       6            24             5156          32006         11438       274.5k  0.36  
http_start (request)              IPv4       6            24             9678          27888         12884       309.2k  0.41  
http_raw_header (request)         IPv4       6           603             7486          41044          8598         5.2m  6.81  
http_method                       IPv4       6            88             4452          32774          6442       567.0k  0.75  
http_cookie (request)             IPv4       6            24             4890           6672          5423       130.2k  0.17  
http_raw_uri                      IPv4       6            88             4460          22974          6336       557.6k  0.73  
http_user_agent                   IPv4       6            24             4874          52006         26584       638.0k  0.84  
http_host                         IPv4       6            24             7446          27396         10328       247.9k  0.33  
dns_query                         IPv4      17            16             5746          13718          9647       154.4k  0.20  
http_response_line                IPv4       6            22             5028          12182          6573       144.6k  0.19  
http_header (response)            IPv4       6            22             7034          48642         17456       384.0k  0.50  
http_header (response trailer)    IPv4       6            22             4470           4772          4550       100.1k  0.13  
http_raw_header (response)        IPv4       6            22            10618          27726         12801       281.6k  0.37  
http_cookie (response)            IPv4       6            22             4860           8774          5392       118.6k  0.16  
http_stat_code                    IPv4       6            22             4694         490744         28526       627.6k  0.82  
file_data (http response)         IPv4       6            22             4810          90770         33316       733.0k  0.96  
Total                             IPv4                  3392                                         22372        75.9m
payload                           IPv6      17            12             6070          42606         17674       212.1k  0.28  
Total                             IPv6                    12                                         17674       212.1k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            48            20366          53378         28920          1.4m  0.13  
PROF_DETECT_IPONLY          IPv4      17            39            20592          59024         30302          1.2m  0.11  
PROF_DETECT_RULES           IPv4       1             1          1461854        1461854       1461854          1.5m  0.13  
PROF_DETECT_RULES           IPv4       6          1259           148242        7555760        440386        554.4m  50.02 
PROF_DETECT_RULES           IPv4      17           127           630408       26522084       1355725        172.2m  15.53 
PROF_DETECT_STATEFUL_START    IPv4       6           679             4538        1266456         45213         30.7m  2.77  
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             4688           4688          4688          4.7k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1259             4390         558486         29743         37.4m  3.38  
PROF_DETECT_STATEFUL_CONT    IPv4      17           127             4404          45232          6111        776.1k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1131             4460          68540          5009          5.7m  0.51  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            44             4498          47706          6024        265.1k  0.02  
PROF_DETECT_PREFILTER       IPv4       1             1            54234          54234         54234         54.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          1259            13622         966654        105827        133.2m  12.02 
PROF_DETECT_PREFILTER       IPv4      17           127            41928         117338         64280          8.2m  0.74  
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            24944          24944         24944         24.9k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6           637            22418         588186         79011         50.3m  4.54  
PROF_DETECT_PF_PAYLOAD      IPv4      17           127            14498          88042         27520          3.5m  0.32  
PROF_DETECT_PF_TX           IPv4       6          1131             4572         673876         43112         48.8m  4.40  
PROF_DETECT_PF_TX           IPv4      17            29             4450          39566         13480        390.9k  0.04  
PROF_DETECT_PF_SORT1        IPv4       1             1             4798           4798          4798          4.8k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           624             4458          54102          5465          3.4m  0.31  
PROF_DETECT_PF_SORT1        IPv4      17           127             4694          24336          6476        822.6k  0.07  
PROF_DETECT_PF_SORT2        IPv4       1             1             6022           6022          6022          6.0k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1259             4458          28560          5102          6.4m  0.58  
PROF_DETECT_PF_SORT2        IPv4      17           127             4620          37708          5836        741.2k  0.07  
PROF_DETECT_NONMPMLIST      IPv4       1             1             5516           5516          5516          5.5k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1259             4520          60616          5354          6.7m  0.61  
PROF_DETECT_NONMPMLIST      IPv4      17           127             4566          23232          5131        651.7k  0.06  
PROF_DETECT_ALERT           IPv4       1             1             4542           4542          4542          4.5k  0.00  
PROF_DETECT_ALERT           IPv4       6          1259             4418          62672          5066          6.4m  0.58  
PROF_DETECT_ALERT           IPv4      17           127             4428          54252         11322          1.4m  0.13  
PROF_DETECT_CLEANUP         IPv4       1             1             4626           4626          4626          4.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1259             4476          48220          4994          6.3m  0.57  
PROF_DETECT_CLEANUP         IPv4      17           127             4416          10466          5021        637.8k  0.06  
PROF_DETECT_GETSGH          IPv4       1             1             4788           4788          4788          4.8k  0.00  
PROF_DETECT_GETSGH          IPv4       6          1259             4404          50698          5375          6.8m  0.61  
PROF_DETECT_GETSGH          IPv4      17           127             4442          39884          7224        917.5k  0.08  
PROF_DETECT_IPONLY          IPv6      17             5            19566          47062         28171        140.9k  0.01  
PROF_DETECT_RULES           IPv6      17            12           564938        7801496       1296883         15.6m  1.40  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             4400           5596          4721         56.7k  0.01  
PROF_DETECT_PREFILTER       IPv6      17            12            42596          88624         59577        714.9k  0.06  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12            15234          51718         26895        322.7k  0.03  
PROF_DETECT_PF_SORT1        IPv6      17            12             4684           9900          6655         79.9k  0.01  
PROF_DETECT_PF_

This file has been truncated. Go here to download in full.


stats.log - (3534 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
------------------------------------------------------------------------------------
Date: 8/14/2019 -- 17:15:31 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1783
decoder.bytes                              | Total                     | 758834
decoder.ipv4                               | Total                     | 1331
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 1783
decoder.tcp                                | Total                     | 1203
decoder.udp                                | Total                     | 139
decoder.icmpv4                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 425
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 24
flow.udp                                   | Total                     | 29
tcp.sessions                               | Total                     | 24
tcp.syn                                    | Total                     | 25
tcp.synack                                 | Total                     | 24
tcp.rst                                    | Total                     | 35
tcp.overlap                                | Total                     | 70
detect.alert                               | Total                     | 12
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 41
detect.fnonmpm_list                        | Total                     | 25
detect.match_list                          | Total                     | 31
app_layer.flow.http                        | Total                     | 22
app_layer.tx.http                          | Total                     | 46
app_layer.flow.dns_udp                     | Total                     | 16
app_layer.tx.dns_udp                       | Total                     | 16
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 12
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 39
flow_mgr.flows_notimeout                   | Total                     | 33
flow_mgr.flows_timeout                     | Total                     | 6
flow_mgr.flows_timeout_inuse               | Total                     | 4
flow_mgr.flows_removed                     | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65494
flow_mgr.rows_empty                        | Total                     | 3
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7086112


eve.json - (57656 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-08-14T17:03:34.444083+0000","flow_id":373588048135859,"pcap_cnt":1,"event_type":"alert","src_ip":"192.168.100.174","src_port":137,"dest_ip":"192.168.100.255","dest_port":137,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"failed"}
{"timestamp":"2019-08-14T17:04:40.948677+0000","flow_id":1099495507524037,"pcap_cnt":172,"event_type":"dns","src_ip":"192.168.100.174","src_port":56000,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48250,"rrname":"www.shop1457417204564.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":1099495507524037,"pcap_cnt":173,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":1099495507524037,"pcap_cnt":173,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","app_proto":"dns","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":1099495507524037,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"www.shop1457417204564.net"}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":1099495507524037,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"net","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:05:01.006910+0000","flow_id":706791616617214,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.100.174","src_port":58001,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45779,"rrname":"www.48s123w.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":706791616617214,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"www.48s123w.com","rrtype":"CNAME","ttl":1199,"rdata":"48s123w.com"}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":706791616617214,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"48s123w.com","rrtype":"A","ttl":1199,"rdata":"199.188.200.146"}}
{"timestamp":"2019-08-14T17:05:01.450971+0000","flow_id":1638915484006133,"pcap_cnt":201,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html"}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":1638915484006133,"pcap_cnt":203,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":1638915484006133,"pcap_cnt":203,"event_type":"fileinfo","src_ip":"199.188.200.146","src_port":80,"dest_ip":"192.168.100.174","dest_port":50646,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":321},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":321,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.531276+0000","flow_id":379807166576529,"pcap_cnt":223,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1753994837870532,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1753994837870532,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":1753994837870532,"pcap_cnt":314,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":313,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":379807166576529,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":379807166576529,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:04.236024+0000","flow_id":633725633147245,"pcap_cnt":447,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":112921,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":633725633147245,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":633725633147245,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:21.522932+0000","flow_id":1531891342768820,"pcap_cnt":489,"event_type":"dns","src_ip":"192.168.100.174","src_port":49917,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16111,"rrname":"www.fshwxe.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:21.552350+0000","flow_id":1531891342768820,"pcap_cnt":490,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":49917,"proto":"UDP","dns":{"type":"answer","id":16111,"rcode":"NOERROR","rrname":"fshwxe.com","rrtype":"SOA","ttl":599}}
{"timestamp":"2019-08-14T17:05:40.538429+0000","flow_id":1263157387736893,"pcap_cnt":544,"event_type":"dns","src_ip":"192.168.100.174","src_port":58850,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41660,"rrname":"www.astonishingingreen.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1263157387736893,"pcap_cnt":545,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1263157387736893,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"www.astonishingingreen.com"}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1263157387736893,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:06:00.555030+0000","flow_id":1527635032700950,"pcap_cnt":583,"event_type":"dns","src_ip":"192.168.100.174","src_port":65121,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50267,"rrname":"www.baradseirtaban.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":1527635032700950,"pcap_cnt":584,"event_type":"alert","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2001117,"rev":6,"signature":"ET DNS Standard query response, Name Error","category":"Not Suspicious Traffic","severity":3},"app_proto":"dns"}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":1527635032700950,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"www.baradseirtaban.com"}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":1527635032700950,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"baradseirtaban.com","rrtype":"SOA","ttl":1799}}
{"timestamp":"2019-08-14T17:06:20.585598+0000","flow_id":1800539403513726,"pcap_cnt":614,"event_type":"dns","src_ip":"192.168.100.174","src_port":60553,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12208,"rrname":"www.fagree.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:21.060924+0000","flow_id":1800539403513726,"pcap_cnt":615,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":60553,"proto":"UDP","dns":{"type":"answer","id":12208,"rcode":"NOERROR","rrname":"www.fagree.com","rrtype":"A","ttl":3599,"rdata":"58.76.184.4"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1262139483221992,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/?s0H=r\/hZrAErTa\/T0kKj9kXeKJuUFsghRealUCp+B00cDWgG\/4MRuhdLhwDa3un29qIG2GgWXA==&CZ=7notQhC&sql=1"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1262139483221992,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:24.183035+0000","flow_id":1480886462772272,"pcap_cnt":646,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":2130470201494091,"pcap_cnt":871,"event_type":"http","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":2130470201494091,"pcap_cnt":871,"event_type":"http","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":2130470201494091,"pcap_cnt":871,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":313,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:25.017093+0000","flow_id":1480886462772272,"pcap_cnt":874,"event_type":"http","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:25.017093+0000","flow_id":1480886462772272,"pcap_cnt":874,"event_type":"http","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":267216751716111,"pcap_cnt":882,"event_type":"http","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":267216751716111,"pcap_cnt":882,"event_type":"http","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":267216751716111,"pcap_

This file has been truncated. Go here to download in full.


suricata-report-2019-08-14-T-17-15-31-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (17072 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopenenall/suricata400-etopenenall-base.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824cc8f598dd7005855d2d732e17e7de78b5a -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
elapsedtime:7.153830
stderr:
stdout:
14/8/2019 -- 17:15:23 - <Info> - Configuration node 'rule-files' redefined.
14/8/2019 -- 17:15:23 - <Notice> - This is Suricata version 4.0.0 RELEASE
14/8/2019 -- 17:15:23 - <Info> - CPUs/cores online: 1
14/8/2019 -- 17:15:23 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31418 and 'request-body-inspect-window' set to 16765 after randomization.
14/8/2019 -- 17:15:23 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33674 and 'response-body-inspect-window' set to 17024 after randomization.
14/8/2019 -- 17:15:23 - <Config> - DNS request flood protection level: 500
14/8/2019 -- 17:15:23 - <Config> - DNS per flow memcap (state-memcap): 524288
14/8/2019 -- 17:15:23 - <Config> - DNS global memcap: 16777216
14/8/2019 -- 17:15:23 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
14/8/2019 -- 17:15:23 - <Config> - preallocated 1000 hosts of size 136
14/8/2019 -- 17:15:23 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
14/8/2019 -- 17:15:23 - <Config> - using magic-file /usr/share/file/magic
14/8/2019 -- 17:15:23 - <Config> - Core dump size is unlimited.
14/8/2019 -- 17:15:23 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
14/8/2019 -- 17:15:23 - <Config> - preallocated 1000 defrag trackers of size 168
14/8/2019 -- 17:15:23 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
14/8/2019 -- 17:15:24 - <Config> - stream "prealloc-sessions": 2048 (per thread)
14/8/2019 -- 17:15:24 - <Config> - stream "memcap": 33554432
14/8/2019 -- 17:15:24 - <Config> - stream "midstream" session pickups: disabled
14/8/2019 -- 17:15:24 - <Config> - stream "async-oneside": disabled
14/8/2019 -- 17:15:24 - <Config> - stream "checksum-validation": disabled
14/8/2019 -- 17:15:24 - <Config> - stream."inline": disabled
14/8/2019 -- 17:15:24 - <Config> - stream "bypass": disabled
14/8/2019 -- 17:15:24 - <Config> - stream "max-synack-queued": 5
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly "memcap": 134217728
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly "depth": 0
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly "toserver-chunk-size": 2465
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly "toclient-chunk-size": 2493
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly.raw: enabled
14/8/2019 -- 17:15:24 - <Config> - stream.reassembly "segment-prealloc": 2048
14/8/2019 -- 17:15:24 - <Config> - Delayed detect disabled
14/8/2019 -- 17:15:24 - <Config> - pattern matchers: MPM: ac, SPM: bm
14/8/2019 -- 17:15:24 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
14/8/2019 -- 17:15:24 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
14/8/2019 -- 17:15:24 - <Config> - prefilter engines: MPM
14/8/2019 -- 17:15:24 - <Config> - IP reputation disabled
14/8/2019 -- 17:15:24 - <Perf> - Registered 148 keyword profiling counters.
14/8/2019 -- 17:15:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-ftp.rules
14/8/2019 -- 17:15:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-policy.rules
14/8/2019 -- 17:15:24 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-trojan.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-games.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-pop3.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-user_agents.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-rpc.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-attack_response.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-icmp.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-scan.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-voip.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-chat.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-web_client.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-imap.rules
14/8/2019 -- 17:15:25 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-web_server.rules
14/8/2019 -- 17:15:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-current_events.rules
14/8/2019 -- 17:15:26 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-smtp.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-malware.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-snmp.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-worm.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-dns.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-misc.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-sql.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-dos.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-netbios.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-telnet.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-exploit.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-p2p.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-tftp.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/enableall-ET-emerging-mobile_malware.rules
14/8/2019 -- 17:15:27 - <Config> - Loading rule file: /opt/suricata400/etc/etopenenall/local.rules
14/8/2019 -- 17:15:27 - <Config> - No rules loaded from local.rules.
14/8/2019 -- 17:15:27 - <Info> - 31 rule files processed. 14910 rules successfully loaded, 0 rules failed
14/8/2019 -- 17:15:27 - <Info> - Threshold config parsed: 0 rule(s) found
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tcp-packet
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tcp-stream
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for udp-packet
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for other-ip
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_uri
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_request_line
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_client_body
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_response_line
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_header
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_header
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_header_names
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_header_names
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_accept
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_accept_enc
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_accept_lang
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_referer
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_connection
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_content_len
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_content_len
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_content_type
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_content_type
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_protocol
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_protocol
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_start
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_start
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_raw_header
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_raw_header
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_method
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_cookie
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_cookie
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_raw_uri
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_user_agent
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_host
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_raw_host
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_stat_msg
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_stat_code
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for dns_query
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tls_sni
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for dce_stub_data
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for dce_stub_data
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for ssh_protocol
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for ssh_protocol
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for ssh_software
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for ssh_software
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for file_data
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for file_data
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_request_line
14/8/2019 -- 17:15:28 - <Perf> - using shared mpm ctx' for http_response_line
14/8/2019 -- 17:15:28 - <Info> - 14927 signatures processed. 36 are IP-only rules, 6970 are inspecting packet payload, 9846 inspect application layer, 0 are decoder event only
14/8/2019 -- 17:15:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
14/8/2019 -- 17:15:28 - <Perf> - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies
14/8/2019 -- 17:15:28 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
14/8/2019 -- 17:15:28 - <Perf> - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
14/8/2019 -- 17:15:28 - <Perf> - UDP toclient: 21 port groups, 13 unique SGH's, 8 copies
14/8/2019 -- 17:15:28 - <Perf> - OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
14/8/2019 -- 17:15:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
14/8/2019 -- 17:15:28 - <Perf> - Unique rule groups: 104
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toserver TCP packet": 32
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toclient TCP packet": 19
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toserver TCP stream": 33
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toclient TCP stream": 21
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toserver UDP packet": 29
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "toclient UDP packet": 13
14/8/2019 -- 17:15:28 - <Perf> - Builtin MPM "other IP packet": 2
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_uri": 9
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_request_line": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_client_body": 5
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient http_response_line": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_header": 8
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient http_header": 3
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_header_names": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_accept": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_referer": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_content_len": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_content_type": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_start": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_method": 4
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_cookie": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient http_cookie": 2
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver http_host": 2
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver dns_query": 4
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver tls_sni": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toserver file_data": 1
14/8/2019 -- 17:15:28 - <Perf> - AppLayer MPM "toclient file_data": 4
14/8/2019 -- 17:15:29 - <Perf> - Registered 14927 rule profiling counters.
14/8/2019 -- 17:15:29 - <Info> - fast output device (regular) initialized: alert
14/8/2019 -- 17:15:29 - <Info> - eve-log output device (regular) initialized: eve.json
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'alert'
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'http'
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'dns'
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'tls'
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'files'
14/8/2019 -- 17:15:29 - <Config> - enabling 'eve-log' module 'ssh'
14/8/2019 -- 17:15:29 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
14/8/2019 -- 17:15:29 - <Info> - stats output device (regular) initialized: stats.log
14/8/2019 -- 17:15:29 - <Config> - AutoFP mode using "Hash" flow load balancer
14/8/2019 -- 17:15:29 - <Info> - reading pcap file /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap
14/8/2019 -- 17:15:29 - <Config> - using 1 flow manager threads
14/8/2019 -- 17:15:29 - <Config> - using 1 flow recycler threads
14/8/2019 -- 17:15:29 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
14/8/2019 -- 17:15:29 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
14/8/2019 -- 17:15:29 - <Info> - pcap file end of file reached (pcap err code 0)
14/8/2019 -- 17:15:29 - <Notice> - Signal Received.  Stopping engine.
14/8/2019 -- 17:15:30 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
14/8/2019 -- 17:15:30 - <Info> - time elapsed 0.491s
14/8/2019 -- 17:15:31 - <Perf> - 53 flows processed
14/8/2019 -- 17:15:31 - <Notice> - Pcap-file module read 1783 pack

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopenenall-base-alert-2019-08-14-T-17-15-31-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (2518 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
08/14/2019-17:03:34.444083  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.174:137 -> 192.168.100.255:137
08/14/2019-17:04:40.973347  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.2:53 -> 192.168.100.174:56000
08/14/2019-17:04:40.973347  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:56000
08/14/2019-17:05:40.568049  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:58850
08/14/2019-17:06:00.591693  [**] [1:2001117:6] ET DNS Standard query response, Name Error [**] [Classification: Not Suspicious Traffic] [Priority: 3] {UDP} 192.168.100.2:53 -> 192.168.100.174:65121
08/14/2019-17:07:03.694620  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52485
08/14/2019-17:07:09.896971  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52585
08/14/2019-17:07:16.853346  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52583
08/14/2019-17:08:08.821202  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52533
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52585
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52583
08/14/2019-17:08:35.643802  [**] [1:2010518:4] ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.209.194.234:80 -> 192.168.100.174:52485


keyword_perf.log - (12670 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/14/2019 -- 17:15:31
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              4925274         996             0               78278           4945.00         0.00            4945.00        
  ipopts           3083100         611             0               58224           5045.00         0.00            5045.00        
  flags            3142034         606             0               83326           5184.00         0.00            5184.00        
  fragbits         15882870        3217            954             76926           4937.00         4941.00         4935.00        
  fragoffset       2290600         470             0               25722           4873.00         0.00            4873.00        
  ttl              3052218         611             0               58612           4995.00         0.00            4995.00        
  itype            116396          25              0               5298            4655.00         0.00            4655.00        
  icode            209648          35              22              21060           5989.00         6788.00         4638.00        
  dsize            2548056         505             505             36520           5045.00         5045.00         0.00           
  flow             9981452         1961            1913            40542           5089.00         5090.00         5083.00        
  threshold        427834          58              2               35496           7376.00         21494.00        6872.00        
  content          20111816        2576            1016            134570          7807.00         6617.00         8582.00        
  pcre             41193906        4852            21              99406           8490.00         9053.00         8487.00        
  byte_test        2872880         556             224             31606           5167.00         5300.00         5076.00        
  sameip           6788440         1399            0               31856           4852.00         0.00            4852.00        
  isdataat         127122          27              6               5658            4708.00         4641.00         4727.00        
  urilen           852752          164             36              27386           5199.00         5473.00         5122.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              4925274         996             0               78278           4945.00         0.00            4945.00        
  ipopts           3083100         611             0               58224           5045.00         0.00            5045.00        
  flags            3142034         606             0               83326           5184.00         0.00            5184.00        
  fragbits         15882870        3217            954             76926           4937.00         4941.00         4935.00        
  fragoffset       2290600         470             0               25722           4873.00         0.00            4873.00        
  ttl              3052218         611             0               58612           4995.00         0.00            4995.00        
  itype            116396          25              0               5298            4655.00         0.00            4655.00        
  icode            209648          35              22              21060           5989.00         6788.00         4638.00        
  dsize            2548056         505             505             36520           5045.00         5045.00         0.00           
  flow             9981452         1961            1913            40542           5089.00         5090.00         5083.00        
  sameip           6788440         1399            0               31856           4852.00         0.00            4852.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5645336         895             425             64098           6307.00         6817.00         5846.00        
  pcre             40022748        4692            3               99406           8529.00         5793.00         8531.00        
  byte_test        2872880         556             224             31606           5167.00         5300.00         5076.00        
  isdataat         99276           21              0               5658            4727.00         0.00            4727.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        427834          58              2               35496           7376.00         21494.00        6872.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3883876         760             66              22686           5110.00         6143.00         5012.00        
  pcre             747154          102             0               22754           7325.00         0.00            7325.00        
  isdataat         27846           6               6               4882            4641.00         4641.00         0.00           
  urilen           852752          164             36              27386           5199.00         5473.00         5122.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6096768         179             4               134570          34060.00        57090.00        33533.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          361354          66              45              17976           5475.00         5658.00         5082.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2047458         334             242             30004           6130.00         6117.00         6163.00        
  pcre             424004          58              18              36660           7310.00         9596.00         6281.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          111282          18              0               6854            6182.00         0.00            6182.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          109032          18              18              7852            6057.00         6057.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          286586          54              36              6928            5307.00         5327.00         5266.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1570124         252             180             29756           6230.00         6420.00         5756.00        


unified2.alert.1565802929 - (8803 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
4]T>æƳ@À¨d®À¨dÿ‰‰Š]T>æ]T>æƳnÿÿÿÿÿÿRTJ¯E`£€ÔëÀ¨d®À¨dÿ‰‰L˼“( FFFDEFFCCNFAEDCACACACACACACACACA À “àÀ¨d®4]T?(Ú#@À¨dÀ¨d®5ÚÀº]T?(]T?(Ú#žRTJ¯RT6>ÿEÅ
@@+QÀ¨dÀ¨d®5ÚÀ|Â;¼zƒwwwshop1457417204564netÀ"ƒ=agtld-serversÀ"nstldverisign-grscom]T?„	:€Q€4]T?(Ú#ˆÝÀ¨dÀ¨d®5ÚÀº]T?(]T?(Ú#žRTJ¯RT6>ÿEÅ
@@+QÀ¨dÀ¨d®5ÚÀ|Â;¼zƒwwwshop1457417204564netÀ"ƒ=agtld-serversÀ"nstldverisign-grscom]T?„	:€Q€4]T?dªñˆÝÀ¨dÀ¨d®5åâ»]T?d]T?dªñŸRTJ¯RT6>ÿE‘ͯ@@"«À¨dÀ¨d®5åâ}kÄ¢¼ƒwwwastonishingingreencomÀ#ƒ=agtld-serversnetnstldverisign-grsÀ#]T?M„	:€Q€4]T?x	MˆÝÀ¨dÀ¨d®5þa®]T?x]T?x	M’RTJ¯RT6>ÿE„ͳ@@"´À¨dÀ¨d®5þap¸Ä[ƒwwwbaradseirtabancomÀ4mina1
mrsserversÀ
hostmasterÀxWô»XuQ€4]T?·
™\­–¢ÑÂêÀ¨d®PÍç]T?·]T?·
™\ËRTJ¯RT6>ÿE½
¶@?¢r¢ÑÂêÀ¨d®PÍmàƒŽß(ëPTęHTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:02 GMT
Content-Type: text/html
Content-Length: 777
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
4]T?½
¯Ë­–¢ÑÂêÀ¨d®PÍi]T?½]T?½
¯ËìRTJ¯RT6>ÿEÞþ<@?®Ê¢ÑÂêÀ¨d®PÍivŠqD”APýnFHTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:09 GMT
Content-Type: text/html
Content-Length: 810
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
<!-- sipcdn V2.0 CACHE_HXAP -->
4]T?Ä
b­–¢ÑÂêÀ¨d®PÍg]T?Ä]T?Ä
bìRTJ¯RT6>ÿEÞöœ@?¶j¢ÑÂêÀ¨d®PÍg1šy¼`Ë3P£YHTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:09 GMT
Content-Type: text/html
Content-Length: 810
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
<!-- sipcdn V2.0 CACHE_HXAP -->
4	]T?ø‡Ò­–¢ÑÂêÀ¨d®PÍ5	]T?ø]T?ø‡ÒìRTJ¯RT6>ÿEÞC @?ig¢ÑÂêÀ¨d®PÍ5Nj̲TCŽPX2²HTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:09 GMT
Content-Type: text/html
Content-Length: 810
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
<!-- sipcdn V2.0 CACHE_HXAP -->
4
]T@	ÒÚ­–¢ÑÂêÀ¨d®PÍiú
]T@]T@	ÒÚÞEÞ,¢ÑÂêÀ¨d®PÍiP1QHTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:09 GMT
Content-Type: text/html
Content-Length: 810
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
<!-- sipcdn V2.0 CACHE_HXAP -->
4]T@	ÒÚ­–¢ÑÂêÀ¨d®PÍgú]T@]T@	ÒÚÞEÞ,¢ÑÂêÀ¨d®PÍgP1SHTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:09 GMT
Content-Type: text/html
Content-Length: 810
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>
<!-- sipcdn V2.0 CACHE_HXAP -->
4]T@	ÒÚ­–¢ÑÂêÀ¨d®PÍÙ]T@]T@	ÒÚ½E½,)¢ÑÂêÀ¨d®PÍPü?HTTP/1.1 404 Not Found
Server: cf
Date: Wed, 14 Aug 2019 17:07:02 GMT
Content-Type: text/html
Content-Length: 777
Connection: close

<html>
<head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta charset="utf-8"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/css/bootstrap.min.css"><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.4/js/bootstrap.min.js"></script><title>404 Not Found</title></head>
<body>
<div class="container"><div class="row"><div class="panel panel-primary" style="position: fixed;top:50%;left: 50%;margin-top: -75px;margin-left:-100px ;"><div class="panel-heading"><h3 class="panel-title">提示消息</h3></div><div class="panel-body">404 资源不存在</div></div></div></div>
</body>
</html>


IDSDeathBlossom.py.log - (1196 bytes) - download
1
2
3
4
5
6
7
8
2019-08-14 17:15:23,094 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-14 17:15:23,944 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-14 17:15:23,944 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopenenall-base
2019-08-14 17:15:23,944 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-14 17:15:23,945 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-14 17:15:23,945 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopenenall/suricata400-etopenenall-base.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824cc8f598dd7005855d2d732e17e7de78b5a -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
2019-08-14 17:15:31,101 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-14 17:15:31,102 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.02566218376