Filename: 7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.77717113495 seconds
Hash: ad3ba4a28a11f5c341c17843629824cc
Uploaded: 1569088180

Logfiles


suricata-4.0.0-etopen-all-perf.txt-2019-09-21-T-17-49-50-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (20694 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/21/2019 -- 17:49:50. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2017552      1        6        28981994     28.94  661      0        6872204     43845.68    0.00        43845.68   
  2        2024565      1        3        676424       0.68   4        0        241004      169106.00   0.00        169106.00  
  3        2021038      1        4        1089348      1.09   32       0        136872      34042.12    0.00        34042.12   
  4        2016537      1        2        22542008     22.51  695      6        119242      32434.54    110616.00   31753.72   
  5        2018983      1        7        1175594      1.17   32       0        97758       36737.31    0.00        36737.31   
  6        2016858      1        10       961418       0.96   32       0        95580       30044.31    0.00        30044.31   
  7        2018316      1        4        255802       0.26   4        0        94258       63950.50    0.00        63950.50   
  8        2018666      1        4        221900       0.22   4        0        93046       55475.00    0.00        55475.00   
  9        2020741      1        1        228700       0.23   4        0        88924       57175.00    0.00        57175.00   
  10       2018358      1        7        1204564      1.20   32       0        86844       37642.62    0.00        37642.62   
  11       2025064      1        5        1173894      1.17   32       0        83032       36684.19    0.00        36684.19   
  12       2017295      1        6        433894       0.43   7        0        82608       61984.86    0.00        61984.86   
  13       2017567      1        3        344420       0.34   6        0        82416       57403.33    0.00        57403.33   
  14       2024138      1        2        133592       0.13   2        0        79990       66796.00    0.00        66796.00   
  15       2023083      1        2        1163726      1.16   24       0        79756       48488.58    0.00        48488.58   
  16       2017114      1        5        401812       0.40   7        0        76934       57401.71    0.00        57401.71   
  17       2024771      1        1        866082       0.86   18       0        76806       48115.67    0.00        48115.67   
  18       2017613      1        9        997346       1.00   32       0        74322       31167.06    0.00        31167.06   
  19       2017259      1        12       1009242      1.01   32       0        73792       31538.81    0.00        31538.81   
  20       2015781      1        2        353404       0.35   6        0        72562       58900.67    0.00        58900.67   
  21       2021248      1        7        289740       0.29   12       0        72390       24145.00    0.00        24145.00   
  22       2018452      1        15       1154116      1.15   32       0        72296       36066.12    0.00        36066.12   
  23       2018958      1        18       776084       0.77   32       0        70078       24252.62    0.00        24252.62   
  24       2024136      1        2        128954       0.13   2        0        69332       64477.00    0.00        64477.00   
  25       2019881      1        3        924822       0.92   32       0        68894       28900.69    0.00        28900.69   
  26       2024142      1        2        124044       0.12   2        0        67914       62022.00    0.00        62022.00   
  27       2024137      1        2        121360       0.12   2        0        67910       60680.00    0.00        60680.00   
  28       2024140      1        2        122130       0.12   2        0        67584       61065.00    0.00        61065.00   
  29       2018496      1        9        933070       0.93   32       0        66188       29158.44    0.00        29158.44   
  30       2017693      1        2        377778       0.38   7        0        65264       53968.29    0.00        53968.29   
  31       2019344      1        5        995448       0.99   32       0        65108       31107.75    0.00        31107.75   
  32       2010140      1        7        773326       0.77   121      0        64908       6391.12     0.00        6391.12    
  33       2016726      1        6        318712       0.32   6        0        64724       53118.67    0.00        53118.67   
  34       2019230      1        2        463784       0.46   24       0        64256       19324.33    0.00        19324.33   
  35       2025162      1        2        382222       0.38   21       0        63204       18201.05    0.00        18201.05   
  36       2022502      1        4        770648       0.77   32       0        62882       24082.75    0.00        24082.75   
  37       2018981      1        4        925652       0.92   32       0        61996       28926.62    0.00        28926.62   
  38       2018242      1        5        933686       0.93   32       0        61518       29177.69    0.00        29177.69   
  39       2024139      1        2        112802       0.11   2        0        59894       56401.00    0.00        56401.00   
  40       2024133      1        2        114804       0.11   2        0        59520       57402.00    0.00        57402.00   
  41       2011894      1        19       922384       0.92   32       0        59336       28824.50    0.00        28824.50   
  42       2016223      1        10       754824       0.75   32       0        56778       23588.25    0.00        23588.25   
  43       2020705      1        4        754668       0.75   32       0        56212       23583.38    0.00        23583.38   
  44       2009702      1        5        1122004      1.12   44       0        55128       25500.09    0.00        25500.09   
  45       2024135      1        2        107850       0.11   2        0        54756       53925.00    0.00        53925.00   
  46       2024134      1        2        107608       0.11   2        0        54546       53804.00    0.00        53804.00   
  47       2024141      1        2        107714       0.11   2        0        54386       53857.00    0.00        53857.00   
  48       2014701      1        12       1108862      1.11   44       0        53766       25201.41    0.00        25201.41   
  49       2020742      1        1        182100       0.18   4        0        53654       45525.00    0.00        45525.00   
  50       2020380      1        3        750654       0.75   32       0        51478       23457.94    0.00        23457.94   
  51       2003492      1        30       741538       0.74   32       0        51468       23173.06    0.00        23173.06   
  52       2003657      1        18       747250       0.75   32       0        50660       23351.56    0.00        23351.56   
  53       2021266      1        2        254680       0.25   12       0        50648       21223.33    0.00        21223.33   
  54       2018010      1        5        716632       0.72   32       0        50310       22394.75    0.00        22394.75   
  55       2101973      1        11       138330       0.14   13       0        48542       10640.77    0.00        10640.77   
  56       2014703      1        9        855260       0.85   44       0        48192       19437.73    0.00        19437.73   
  57       2022543      1        1        394624       0.39   14       0        44136       28187.43    0.00        28187.43   
  58       2014380      1        4        1105646      1.10   36       0        42912       30712.39    0.00        30712.39   
  59       2018059      1        2        304840       0.30   57       0        42056       5348.07     0.00        5348.07    
  60       2024178      1        2        705436       0.70   32       0        41774       22044.88    0.00        22044.88   
  61       2022914      1        1        52610        0.05   2        0        38466       26305.00    0.00        26305.00   
  62       2008120      1        4        653866       0.65   132      0        37508       4953.53     0.00        4953.53    
  63       2021267      1        2        243368       0.24   12       0        36104       20280.67    0.00        20280.67   
  64       2017694      1        6        210450       0.21   6        0        35944       35075.00    0.00        35075.00   
  65       2012513      1        4        227550       0.23   7        0        35824       32507.14    0.00        32507.14   
  66       2019011      1        3        122086       0.12   19       0        35616       6425.58     0.00        6425.58    
  67       2023316      1        2        35056        0.04   1        0        35056       35056.00    0.00        35056.00   
  68       2017901      1        5        68218        0.07   2        0        34174       34109.00    0.00        34109.00   
  69       2010143      1        3        650146       0.65   121      0        32744       5373.11     0.00        5373.11    
  70       2022544      1        1        31022        0.03   1        0        31022       31022.00    0.00        31022.00   
  71       2014702      1        9        749342       0.75   44       0        30670       17030.50    0.00        17030.50   
  72       2024513      1        5        242544       0.24   22       0        28462       11024.73    0.00        11024.73   
  73       2100540      1        12       435606       0.43   82       0        26478       5312.27     0.00        5312.27    
  74       2018062      1        2        292976       0.29   58       0        26440       5051.31     0.00        5051.31    
  75       2022545      1        1        72476        0.07   3        0        26290       24158.67    0.00        24158.67   
  76       2022531      1        1        72986        0.07   3        0        26014       24328.67    0.00        24328.67   
  77       2025114      1        1        46704        0.05   2        0        24290       23352.00    0.00        23352.00   
  78       2025005      1        13       29436        0.03   2        0        24244       14718.00    0.00        14718.00   
  79       2023624      1        3        525354       0.52   109      0        23938       4819.76     0.00        4819.76    
  80       2010142      1        4        574454       0.57   121      0        22272       4747.55     0.00        4747.55    
  81       2023627      1        3        392332       0.39   80       0        22132       4904.15     0.00        4904.15    
  82       2018063      1        3        229156       0.23   46       0        22022       4981.65     0.00        4981.65    
  83       2100540      1        12       416262       0.42   82       0        20972       5076.37     0.00        5076.37    
  84       2101919      1        24       65180        0.07   10       0        20710       6518.00     0.00        6518.00    
  85       2018065      1        2        285904       0.29   59       0        20612       4845.83     0.00        4845.83    
  86       2023623      1        3        366020       0.37   76       0        20470       4816.05     0.00        4816.05    
  87       2008420      1        4        74662        0.07   12       0        20100       6221.83     0.00        6221.83    
  88       2023614      1        3        75076        0.07   13       0        18544       5775.08     0.00        5775.08    
  89       2023626      1        3        564792       0.56   119      0        8036        4746.15     0.00        4746.15    
  90       2023622      1        3        578328       0.58   124      0        7934        4663.94     0.00        4663.94    
  91       2016363      1        2        39560        0.04   7        0        7644        5651.43     0.00        5651.43    
  92       2025200      1        1        223860       0.22   44       0        7548        5087.73     0.00        5087.73    
  93       2023612      1        4        68798        0.07   14       0        7468        4914.14     0.00        4914.14    
  94       2008119      1        3        12250        0.01   2        0        7304        6125.00     0.00        6125.00    
  95       2019491      1        2        21308        0.02   4        0        7132        5327.00     0.00        5327.00    
  96       2017935      1        3        71938        0.07   14       0        6964        5138.43     0.00        5138.43    
  97       2009243      1        2        109942       0.11   22       0        6950        4997.36     0.00        4997.36    
  98       2102523      1        8        120142       0.12   24       0        6872        5005.92     0.00        5005.92    
  99       2008118      1        3        109412       0.11   22       0        6738        4973.27     0.00        4973.27    
  100      2023613      1        3        63832        0.06   13       0        6662        4910.15     0.00        4910.15    
  101      2100518      1        8        104532       0.10   22       0        6636        4751.45     0.00        4751.45    
  102      2019017      1        3        76710        0.08   16       0        6620        4794.38     0.00        4794.38    
  103      2102523      1        8        127542       0.13   25       0        6610        5101.68     0.00        5101.68    
  104      2016323      1        1        38620        0.04   7        0        6522        5517.14     0.00        5517.14    
  105      2018061      1        2        262070       0.26   56       0        6412        4679.82     0.00        4679.82    
  106      2018066      1        2        263790       0.26   56       0        6386        4710.54     0.00        4710.54    
  107      2008116      1        4        110948       0.11   22       0        6378        5043.09     0.00        5043.09    
  108      2008117      1        3        303612       0.30   63       0        6288        4819.24     0.00        4819.24    
  109      2101229      1        8        52996        0.05   10       0        6262        5299.60     0.00        5299.60    
  110      2018068      1        2        259304       0.26   56       0        6238        4630.43     0.00        4630.43    
  111      2018067      1        3        258906       0.26   56       0        6234        4623.32     0.00        4623.32    
  112      2013926      1        8        94748        0.09   18       0        6204        5263.78     0.00        5263.78    
  113      2023625      1        3        423788       0.42   92       0        6178        4606.39     0.00        4606.39    
  114      2020388      1        8        96594        0.10   18       0        6166        5366.33     0.00        5366.33    
  115      2019010      1        3        77606        0.08   16       0        6016        4850.38     0.00        4850.38    
  116      2018064      1        2        285856       0.29   62       0        5994        4610.58     0.00        4610.58    
  117      2100566      1        5        35892        0.04   7        0        5956        5127.43     0.00        5127.43    
  118      2023616      1        3        48848        0.05   10       0        5908        4884.80     0.00        4884.80    
  119      2101672      1        12       51358        0.05   10       0        5838        5135.80     0.00        5135.80    
  120      2018208      1        2        32562        0.03   6        0        5818        5427.00     0.00        5427.00    
  121      2013075      1        8        133456       0.13   29       0        5812        4601.93     0.00        4601.93    
  122      2018060      1        2        267670       0.27   58       0        5736        4615.00     0.00        4615.00    
  123      2023620      1        3        10150        0.01   2        0        5720        5075.00     0.00        5075.00    
  124      2101621      1        12       63048        0.06   13       0        5704        4849.85     0.00        4849.85    
  125      2010513      1        5        1

This file has been truncated. Go here to download in full.


packet_stats.log - (16251 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1        428253268      428253268     428253268        428.3m    0.12
 IPv4       6          1267          5625394      427036754     266820363        338.1b   93.46
 IPv4      17           127          7967566      438415666     180161894         22.9b    6.33
 IPv6      17            12          8764868       75137372      27463424        329.6m    0.09
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1           179694         179694        179694        179.7k    0.03
TMM_FLOWWORKER              IPv4       6          1267           114396       18869992        353379        447.7m   75.48
TMM_FLOWWORKER              IPv4      17           127           195488       16450986        595708         75.7m   12.75
TMM_RECEIVEPCAPFILE         IPv4       1             1             4480           4480          4480          4.5k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1203             4434       22906082         24186         29.1m    4.91
TMM_RECEIVEPCAPFILE         IPv4      17           127             4442          12404          4755        603.9k    0.10
TMM_DECODEPCAPFILE          IPv4       1             1            26816          26816         26816         26.8k    0.00
TMM_DECODEPCAPFILE          IPv4       6          1203             4548       15517564         29917         36.0m    6.07
TMM_DECODEPCAPFILE          IPv4      17           127             4588          35662          5136        652.3k    0.11
TMM_FLOWWORKER              IPv6      17            12           178524         363118        256897          3.1m    0.52
TMM_RECEIVEPCAPFILE         IPv6      17            12             4438           5814          4936         59.2k    0.01
TMM_DECODEPCAPFILE          IPv6      17            12             4692          18686          6006         72.1k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             5148           5148          5148          5.1k  0.00  
flow                    IPv4       6          1203             4730          29750          5328          6.4m  1.47  
flow                    IPv4      17           127             4728          53182          6625        841.4k  0.19  
stream                  IPv4       6          1267             4686        5576130         19409         24.6m  5.64  
app-layer               IPv4      17           127             4422          73344         11907          1.5m  0.35  
detect                  IPv4       1             1           159730         159730        159730        159.7k  0.04  
detect                  IPv4       6          1267            77150        8158062        265767        336.7m  77.26 
detect                  IPv4      17           127           167958       16388560        443758         56.4m  12.93 
tcp-prune               IPv4       6          1267             4432          43090          5040          6.4m  1.47  
flow                    IPv6      17            12             4772          19500          9325        111.9k  0.03  
app-layer               IPv6      17            12             4446          23142          9517        114.2k  0.03  
detect                  IPv6      17            12           150754         319392        216138          2.6m  0.60  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            66             4596          90638         10364        684.0k  67.33 
dns                     IPv4      17            45             4772          24190          7375        331.9k  32.67 
Proto detect            IPv4       6             4             5272           8182          7088         28.4k
Proto detect            IPv4      17            50             4680          40066          8837        441.9k
Proto detect            IPv6      17             5             4916          11226          6359         31.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            31            35028       12414936        457936         14.2m  38.39 
LOGGER_JSON_HTTP            IPv4       6            29            28960       16366516        657446         19.1m  51.56 
LOGGER_JSON_FILE            IPv4       6            38            54880         235838         97704          3.7m  10.04 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            32632          32632         32632        32.6k  0.05  
payload                           IPv4       6           637             4458         202746         21434        13.7m  20.98 
payload                           IPv4      17           127             5008          88878         14972         1.9m  2.92  
stream                            IPv4       6           637             4426         426072         26756        17.0m  26.19 
http_uri                          IPv4       6            92             4488          73208          9211       847.5k  1.30  
http_request_line                 IPv4       6            92             4918          26658         10417       958.4k  1.47  
http_client_body                  IPv4       6           603             4466         515256         29007        17.5m  26.88 
http_header (request)             IPv4       6            24            18548         148812         74920         1.8m  2.76  
http_header (request trailer)     IPv4       6            22             4470           6126          4766       104.9k  0.16  
http_header_names (request)       IPv4       6            24            10054          44868         22694       544.7k  0.84  
http_accept (request)             IPv4       6            24             5134          10038          5962       143.1k  0.22  
http_referer (request)            IPv4       6            24             4662           9752          6970       167.3k  0.26  
http_content_len (request)        IPv4       6            24             4788          24344          7000       168.0k  0.26  
http_content_type (request)       IPv4       6            24             4732          31380         11551       277.2k  0.43  
http_start (request)              IPv4       6            24             9158          17966         11749       282.0k  0.43  
http_raw_header (request)         IPv4       6           603             7486          31938          8580         5.2m  7.95  
http_method                       IPv4       6            92             4452          21172          6124       563.4k  0.87  
http_cookie (request)             IPv4       6            24             4926          22576          6201       148.8k  0.23  
http_raw_uri                      IPv4       6            92             4438          30116          6031       554.9k  0.85  
http_user_agent                   IPv4       6            24             4886          56440         25954       622.9k  0.96  
http_host                         IPv4       6            24             5324          12932          8103       194.5k  0.30  
dns_query                         IPv4      17            16             5110          15030         10951       175.2k  0.27  
http_response_line                IPv4       6            22             5036          10190          6307       138.8k  0.21  
http_header (response)            IPv4       6            22             6820          59782         22060       485.3k  0.75  
http_header (response trailer)    IPv4       6            22             4472           4748          4559       100.3k  0.15  
http_content_type (response)      IPv4       6            22             4744          35122          7002       154.0k  0.24  
http_raw_header (response)        IPv4       6            22            10042          16056         12085       265.9k  0.41  
http_cookie (response)            IPv4       6            22             4730          21758          6178       135.9k  0.21  
http_stat_code                    IPv4       6            22             4570           6506          5254       115.6k  0.18  
file_data (http response)         IPv4       6            22             4852          89658         29342       645.5k  0.99  
Total                             IPv4                  3430                                         18918        64.9m
payload                           IPv6      17            12             5310          48148         15874       190.5k  0.29  
Total                             IPv6                    12                                         15874       190.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            48             5756          70872         27759          1.3m  0.28  
PROF_DETECT_IPONLY          IPv4      17            39            22188       16135040        450312         17.6m  3.65  
PROF_DETECT_RULES           IPv4       1             1            21116          21116         21116         21.1k  0.00  
PROF_DETECT_RULES           IPv4       6          1267             4424        7593150         86839        110.0m  22.87 
PROF_DETECT_RULES           IPv4      17           127            68314         635478        171186         21.7m  4.52  
PROF_DETECT_STATEFUL_START    IPv4       6           679             4518        7204332         61868         42.0m  8.73  
PROF_DETECT_STATEFUL_CONT    IPv4       1             1             4748           4748          4748          4.7k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1267             4400         489126         10496         13.3m  2.76  
PROF_DETECT_STATEFUL_CONT    IPv4      17           127             4412          39796          5941        754.6k  0.16  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1139             4452          27970          4783          5.4m  1.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            44             4496          21840          5338        234.9k  0.05  
PROF_DETECT_PREFILTER       IPv4       1             1            78316          78316         78316         78.3k  0.02  
PROF_DETECT_PREFILTER       IPv4       6          1267            13530        4774334         96294        122.0m  25.37 
PROF_DETECT_PREFILTER       IPv4      17           127            40998         141636         59502          7.6m  1.57  
PROF_DETECT_PF_PAYLOAD      IPv4       1             1            41752          41752         41752         41.8k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv4       6           637            22462        4600678         70082         44.6m  9.28  
PROF_DETECT_PF_PAYLOAD      IPv4      17           127            13924          97996         24458          3.1m  0.65  
PROF_DETECT_PF_TX           IPv4       6          1139             4570         538646         42320         48.2m  10.02 
PROF_DETECT_PF_TX           IPv4      17            29             4464          26394         13513        391.9k  0.08  
PROF_DETECT_PF_SORT1        IPv4       6           172             4458          22814          5531        951.3k  0.20  
PROF_DETECT_PF_SORT1        IPv4      17           127             4528           7950          5250        666.9k  0.14  
PROF_DETECT_PF_SORT2        IPv4       1             1             4842           4842          4842          4.8k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1267             4404          27688          4804          6.1m  1.27  
PROF_DETECT_PF_SORT2        IPv4      17           127             4438          22824          5004        635.5k  0.13  
PROF_DETECT_NONMPMLIST      IPv4       1             1             4730           4730          4730          4.7k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1267             4422          45164          5089          6.4m  1.34  
PROF_DETECT_NONMPMLIST      IPv4      17           127             4408          19950          5255        667.5k  0.14  
PROF_DETECT_ALERT           IPv4       1             1             4456           4456          4456          4.5k  0.00  
PROF_DETECT_ALERT           IPv4       6          1267             4408          23580          4822          6.1m  1.27  
PROF_DETECT_ALERT           IPv4      17           127             4422          31684          5091        646.6k  0.13  
PROF_DETECT_CLEANUP         IPv4       1             1             4748           4748          4748          4.7k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1267             4464          36276          5002          6.3m  1.32  
PROF_DETECT_CLEANUP         IPv4      17           127             4414           8376          4949        628.5k  0.13  
PROF_DETECT_GETSGH          IPv4       1             1             4746           4746          4746          4.7k  0.00  
PROF_DETECT_GETSGH          IPv4       6          1267             4408        3255156          7822          9.9m  2.06  
PROF_DETECT_GETSGH          IPv4      17           127             4414          26562          7081        899.3k  0.19  
PROF_DETECT_IPONLY          IPv6      17             5             5324          13876          9205         46.0k  0.01  
PROF_DETECT_RULES           IPv6      17            12            49670         156356         88804          1.1m  0.22  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             4406           5422          4723         56.7k  0.01  
PROF_DETECT_PREFILTER       IPv6      17            12            41392          91162         54939        659.3k  0.14  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12            14420          57434         25178        302.1k  0.06  
PROF_DETECT_PF_SORT1        IPv6      17            12             4472           6528          5079         60.9k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17            12             4446           6280          4788         57.5k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            12             4424           6674          4885         58.6k  0.01  
PROF_DETECT_ALERT           IPv6      17            12             4434           5480          4632         55.6k  0.01  
PROF_DETECT_CLEANUP         IPv6      17            12             4440           7846          5061         60.7k  0.01  
PROF_DETECT_GETSGH          IPv6      17            12             4652          17756          7870         94.4k  0.02  


stats.log - (3380 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
------------------------------------------------------------------------------------
Date: 9/21/2019 -- 17:49:50 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1783
decoder.bytes                              | Total                     | 758834
decoder.ipv4                               | Total                     | 1331
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 1783
decoder.tcp                                | Total                     | 1203
decoder.udp                                | Total                     | 139
decoder.icmpv4                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 425
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 24
flow.udp                                   | Total                     | 29
tcp.sessions                               | Total                     | 24
tcp.syn                                    | Total                     | 25
tcp.synack                                 | Total                     | 24
tcp.rst                                    | Total                     | 35
tcp.overlap                                | Total                     | 70
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 22
app_layer.tx.http                          | Total                     | 46
app_layer.flow.dns_udp                     | Total                     | 16
app_layer.tx.dns_udp                       | Total                     | 16
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 12
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 40
flow_mgr.flows_notimeout                   | Total                     | 31
flow_mgr.flows_timeout                     | Total                     | 9
flow_mgr.flows_timeout_inuse               | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65496
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7086400


eve.json - (52705 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-08-14T17:04:40.948677+0000","flow_id":627508666464709,"pcap_cnt":172,"event_type":"dns","src_ip":"192.168.100.174","src_port":56000,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":48250,"rrname":"www.shop1457417204564.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":627508666464709,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"www.shop1457417204564.net"}}
{"timestamp":"2019-08-14T17:04:40.973347+0000","flow_id":627508666464709,"pcap_cnt":173,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":56000,"proto":"UDP","dns":{"type":"answer","id":48250,"rcode":"NXDOMAIN","rrname":"net","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:05:01.006910+0000","flow_id":946107194350334,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.100.174","src_port":58001,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45779,"rrname":"www.48s123w.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":946107194350334,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"www.48s123w.com","rrtype":"CNAME","ttl":1199,"rdata":"48s123w.com"}}
{"timestamp":"2019-08-14T17:05:01.040303+0000","flow_id":946107194350334,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58001,"proto":"UDP","dns":{"type":"answer","id":45779,"rcode":"NOERROR","rrname":"48s123w.com","rrtype":"A","ttl":1199,"rdata":"199.188.200.146"}}
{"timestamp":"2019-08-14T17:05:01.450971+0000","flow_id":245855726450421,"pcap_cnt":201,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html"}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":245855726450421,"pcap_cnt":203,"event_type":"http","src_ip":"192.168.100.174","src_port":50646,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:01.484158+0000","flow_id":245855726450421,"pcap_cnt":203,"event_type":"fileinfo","src_ip":"199.188.200.146","src_port":80,"dest_ip":"192.168.100.174","dest_port":50646,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/?s0H=rgy0hQQ8PXUjQsouwPqsxe3CMbvlVgTnN62lXwNFCPVcnwP5Lc4yD89203\/\/4zs0\/w8s0Q==&CZ=7notQhC&sql=1","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":321},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":321,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.531276+0000","flow_id":1533693080319889,"pcap_cnt":223,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":974460421130180,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":974460421130180,"pcap_cnt":314,"event_type":"http","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:03.855387+0000","flow_id":974460421130180,"pcap_cnt":314,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50685,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":313,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":1533693080319889,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:03.882974+0000","flow_id":1533693080319889,"pcap_cnt":318,"event_type":"http","src_ip":"192.168.100.174","src_port":50687,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:04.236024+0000","flow_id":833271961203053,"pcap_cnt":447,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.48s123w.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":112921,"tx_id":0}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":833271961203053,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.48s123w.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:05:04.451457+0000","flow_id":833271961203053,"pcap_cnt":453,"event_type":"http","src_ip":"192.168.100.174","src_port":50688,"dest_ip":"199.188.200.146","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:05:21.522932+0000","flow_id":1709477503040180,"pcap_cnt":489,"event_type":"dns","src_ip":"192.168.100.174","src_port":49917,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16111,"rrname":"www.fshwxe.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:21.552350+0000","flow_id":1709477503040180,"pcap_cnt":490,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":49917,"proto":"UDP","dns":{"type":"answer","id":16111,"rcode":"NOERROR","rrname":"fshwxe.com","rrtype":"SOA","ttl":599}}
{"timestamp":"2019-08-14T17:05:40.538429+0000","flow_id":1097500499130173,"pcap_cnt":544,"event_type":"dns","src_ip":"192.168.100.174","src_port":58850,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41660,"rrname":"www.astonishingingreen.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1097500499130173,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"www.astonishingingreen.com"}}
{"timestamp":"2019-08-14T17:05:40.568049+0000","flow_id":1097500499130173,"pcap_cnt":545,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":58850,"proto":"UDP","dns":{"type":"answer","id":41660,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"2019-08-14T17:06:00.555030+0000","flow_id":82874606319638,"pcap_cnt":583,"event_type":"dns","src_ip":"192.168.100.174","src_port":65121,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50267,"rrname":"www.baradseirtaban.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":82874606319638,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"www.baradseirtaban.com"}}
{"timestamp":"2019-08-14T17:06:00.591693+0000","flow_id":82874606319638,"pcap_cnt":584,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":65121,"proto":"UDP","dns":{"type":"answer","id":50267,"rcode":"NXDOMAIN","rrname":"baradseirtaban.com","rrtype":"SOA","ttl":1799}}
{"timestamp":"2019-08-14T17:06:20.585598+0000","flow_id":639135149518718,"pcap_cnt":614,"event_type":"dns","src_ip":"192.168.100.174","src_port":60553,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12208,"rrname":"www.fagree.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:21.060924+0000","flow_id":639135149518718,"pcap_cnt":615,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":60553,"proto":"UDP","dns":{"type":"answer","id":12208,"rcode":"NOERROR","rrname":"www.fagree.com","rrtype":"A","ttl":3599,"rdata":"58.76.184.4"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1615928824295400,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/?s0H=r\/hZrAErTa\/T0kKj9kXeKJuUFsghRealUCp+B00cDWgG\/4MRuhdLhwDa3un29qIG2GgWXA==&CZ=7notQhC&sql=1"}}
{"timestamp":"2019-08-14T17:06:22.115158+0000","flow_id":1615928824295400,"pcap_cnt":626,"event_type":"http","src_ip":"192.168.100.174","src_port":51879,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:24.183035+0000","flow_id":791267186373680,"pcap_cnt":646,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":3769,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":869091993750091,"pcap_cnt":871,"event_type":"http","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":869091993750091,"pcap_cnt":871,"event_type":"http","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:24.989779+0000","flow_id":869091993750091,"pcap_cnt":871,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51926,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":313,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:25.017093+0000","flow_id":791267186373680,"pcap_cnt":874,"event_type":"http","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:25.017093+0000","flow_id":791267186373680,"pcap_cnt":874,"event_type":"http","src_ip":"192.168.100.174","src_port":51928,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":843678672250639,"pcap_cnt":882,"event_type":"http","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":843678672250639,"pcap_cnt":882,"event_type":"http","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:26.846227+0000","flow_id":843678672250639,"pcap_cnt":882,"event_type":"fileinfo","src_ip":"192.168.100.174","src_port":51929,"dest_ip":"58.76.184.4","dest_port":80,"proto":"TCP","http":{"hostname":"www.fagree.com","url":"\/wi2\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/www.fagree.com\/wi2\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/wi2\/","gaps":false,"state":"CLOSED","stored":false,"size":112921,"tx_id":0}}
{"timestamp":"2019-08-14T17:06:42.180010+0000","flow_id":965430258876202,"pcap_cnt":895,"event_type":"dns","src_ip":"192.168.100.174","src_port":59396,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42807,"rrname":"www.mansiobok.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-08-14T17:06:42.207567+0000","flow_id":965430258876202,"pcap_cnt":896,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.174","dest_port":59396,"proto":"UDP","dns":{"type":"answer","id":42807,"rcode":"NOERROR","rrname":"www.mansiobok.com","rrtype":"A","ttl":1798,"rdata":"162.213.255.220"}}
{"timestamp":"2019-08-14T17:06:42.741082+0000","flow_id":466322846789743,"pcap_cnt":904,"event_type":"http","src_ip":"192.168.100.174","src_port":52193,"dest_ip":"162.213.255.220","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.mansiobok.com","url":"\/wi2\/?s0H=BeiLFcW\/v82NJ4dXoUZ68PBfzKaZAC3R+XD\/KgPOsBDBxz\/gLr9sWCJO\/YZiLxDtmFsBSA==&CZ=7notQhC","http_content_type":"text\/html"}}
{"timestamp":"2019-08-14T17:06:42.766569+0000","flow_id":466322846789743,"pcap_cnt":906,"event_type":"http","src_ip":"192.168.100.174","src_port":52193,"dest_ip":"162.213.255.220","dest_port":80,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-08-14T17:06:42.766569+0000","flow_id":466322846789743,"pcap_cnt":906,"event_type":"fileinfo","src_ip":"162.213.255.220","src_port":80,"dest_ip

This file has been truncated. Go here to download in full.


keyword_perf.log - (10182 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/21/2019 -- 17:49:50
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9245638         1819            1819            202968          5082.00         5082.00         0.00           
  content          19913382        2243            628             6833370         8878.00         6253.00         9898.00        
  pcre             1039294         126             18              40608           8248.00         8040.00         8283.00        
  byte_test        1473406         276             145             29898           5338.00         5455.00         5209.00        
  isdataat         151606          27              6               24980           5615.00         4573.00         5912.00        
  flowbits         103858          16              7               14420           6491.00         7794.00         5477.00        
  urilen           669298          134             36              6542            4994.00         5052.00         4973.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9245638         1819            1819            202968          5082.00         5082.00         0.00           
  flowbits         54274           10              1               6582            5427.00         4976.00         5477.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1602334         284             191             30862           5642.00         5717.00         5487.00        
  pcre             266040          30              0               37594           8868.00         0.00            8868.00        
  byte_test        1473406         276             145             29898           5338.00         5455.00         5209.00        
  isdataat         124166          21              0               24980           5912.00         0.00            5912.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         49584           6               6               14420           8264.00         8264.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10272622        693             18              6833370         14823.00        5980.00         15059.00       
  pcre             628524          78              0               40608           8058.00         0.00            8058.00        
  isdataat         27440           6               6               4590            4573.00         4573.00         0.00           
  urilen           669298          134             36              6542            4994.00         5052.00         4973.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          568932          15              4               135402          37928.00        57342.00        30869.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          378514          66              45              22480           5735.00         5684.00         5843.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5093036         849             160             36142           5998.00         6181.00         5956.00        
  pcre             144730          18              18              25178           8040.00         8040.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          158268          24              6               21796           6594.00         5846.00         6843.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          116760          18              18              22230           6486.00         6486.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          139452          24              6               21868           5810.00         5093.00         6049.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1583464         270             180             25758           5864.00         5950.00         5693.00        


suricata-report-2019-09-21-T-17-49-50-08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap.txt - (18126 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824ccd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
elapsedtime:8.717149
stderr:
stdout:
21/9/2019 -- 17:49:41 - <Info> - Configuration node 'rule-files' redefined.
21/9/2019 -- 17:49:41 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/9/2019 -- 17:49:41 - <Info> - CPUs/cores online: 1
21/9/2019 -- 17:49:41 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33510 and 'request-body-inspect-window' set to 16800 after randomization.
21/9/2019 -- 17:49:41 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32284 and 'response-body-inspect-window' set to 15689 after randomization.
21/9/2019 -- 17:49:41 - <Config> - DNS request flood protection level: 500
21/9/2019 -- 17:49:41 - <Config> - DNS per flow memcap (state-memcap): 524288
21/9/2019 -- 17:49:41 - <Config> - DNS global memcap: 16777216
21/9/2019 -- 17:49:41 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/9/2019 -- 17:49:41 - <Config> - preallocated 1000 hosts of size 136
21/9/2019 -- 17:49:41 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/9/2019 -- 17:49:41 - <Config> - using magic-file /usr/share/file/magic
21/9/2019 -- 17:49:41 - <Config> - Core dump size is unlimited.
21/9/2019 -- 17:49:41 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/9/2019 -- 17:49:41 - <Config> - preallocated 1000 defrag trackers of size 168
21/9/2019 -- 17:49:41 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/9/2019 -- 17:49:41 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/9/2019 -- 17:49:41 - <Config> - stream "memcap": 33554432
21/9/2019 -- 17:49:41 - <Config> - stream "midstream" session pickups: disabled
21/9/2019 -- 17:49:41 - <Config> - stream "async-oneside": disabled
21/9/2019 -- 17:49:41 - <Config> - stream "checksum-validation": disabled
21/9/2019 -- 17:49:41 - <Config> - stream."inline": disabled
21/9/2019 -- 17:49:41 - <Config> - stream "bypass": disabled
21/9/2019 -- 17:49:41 - <Config> - stream "max-synack-queued": 5
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly "memcap": 134217728
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly "depth": 0
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly "toserver-chunk-size": 2660
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly "toclient-chunk-size": 2550
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly.raw: enabled
21/9/2019 -- 17:49:41 - <Config> - stream.reassembly "segment-prealloc": 2048
21/9/2019 -- 17:49:41 - <Config> - Delayed detect disabled
21/9/2019 -- 17:49:41 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/9/2019 -- 17:49:41 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/9/2019 -- 17:49:41 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/9/2019 -- 17:49:41 - <Config> - prefilter engines: MPM
21/9/2019 -- 17:49:41 - <Config> - IP reputation disabled
21/9/2019 -- 17:49:41 - <Perf> - Registered 148 keyword profiling counters.
21/9/2019 -- 17:49:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
21/9/2019 -- 17:49:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
21/9/2019 -- 17:49:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
21/9/2019 -- 17:49:43 - <Config> - No rules loaded from ET-emerging-icmp.rules.
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
21/9/2019 -- 17:49:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
21/9/2019 -- 17:49:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
21/9/2019 -- 17:49:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
21/9/2019 -- 17:49:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
21/9/2019 -- 17:49:46 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
21/9/2019 -- 17:49:46 - <Config> - No rules loaded from local.rules.
21/9/2019 -- 17:49:46 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
21/9/2019 -- 17:49:46 - <Info> - Threshold config parsed: 0 rule(s) found
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tcp-packet
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tcp-stream
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for udp-packet
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for other-ip
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_uri
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_request_line
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_client_body
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_response_line
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_header
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_header
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_header_names
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_header_names
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_accept
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_accept_enc
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_accept_lang
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_referer
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_connection
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_content_len
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_content_len
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_content_type
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_content_type
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_protocol
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_protocol
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_start
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_start
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_raw_header
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_raw_header
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_method
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_cookie
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_cookie
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_raw_uri
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_user_agent
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_host
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_raw_host
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_stat_msg
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_stat_code
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for dns_query
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tls_sni
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for dce_stub_data
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for dce_stub_data
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for ssh_protocol
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for ssh_protocol
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for ssh_software
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for ssh_software
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for file_data
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for file_data
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_request_line
21/9/2019 -- 17:49:46 - <Perf> - using shared mpm ctx' for http_response_line
21/9/2019 -- 17:49:46 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
21/9/2019 -- 17:49:46 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/9/2019 -- 17:49:46 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/9/2019 -- 17:49:46 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/9/2019 -- 17:49:46 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
21/9/2019 -- 17:49:46 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
21/9/2019 -- 17:49:46 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/9/2019 -- 17:49:46 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/9/2019 -- 17:49:47 - <Perf> - Unique rule groups: 111
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toserver UDP packet": 33
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "toclient UDP packet": 15
21/9/2019 -- 17:49:47 - <Perf> - Builtin MPM "other IP packet": 2
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_header": 6
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_header": 3
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_header_names": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_start": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_method": 3
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver http_host": 2
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver tls_sni": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toserver file_data": 1
21/9/2019 -- 17:49:47 - <Perf> - AppLayer MPM "toclient file_data": 5
21/9/2019 -- 17:49:48 - <Perf> - Registered 18241 rule profiling counters.
21/9/2019 -- 17:49:48 - <Info> - fast output device (regular) initialized: alert
21/9/2019 -- 17:49:48 - <Info> - eve-log output device (regular) initialized: eve.json
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'alert'
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'http'
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'dns'
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'tls'
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'files'
21/9/2019 -- 17:49:48 - <Config> - enabling 'eve-log' module 'ssh'
21/9/2019 -- 17:49:48 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/9/2019 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-09-21 17:49:40,616 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-21 17:49:41,432 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-21 17:49:41,432 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-09-21 17:49:41,433 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-21 17:49:41,433 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-21 17:49:41,434 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/ad3ba4a28a11f5c341c17843629824ccd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08142019.1715-7dd80c47-f43c-4fa3-8b62-65655e2d7e16.pcap -vvv -k none
2019-09-21 17:49:50,153 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-21 17:49:50,154 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.54738306999