1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b91de2200d51643069b5c562d66cd0af56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10212019.1414-CVE-2014-6332.pcap -vvv -k none
elapsedtime:25.219510
stderr:
stdout:
21/10/2019 -- 14:14:14 - <Info> - Configuration node 'rule-files' redefined.
21/10/2019 -- 14:14:14 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/10/2019 -- 14:14:14 - <Info> - CPUs/cores online: 1
21/10/2019 -- 14:14:14 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32848 and 'request-body-inspect-window' set to 15623 after randomization.
21/10/2019 -- 14:14:14 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33766 and 'response-body-inspect-window' set to 17031 after randomization.
21/10/2019 -- 14:14:14 - <Config> - DNS request flood protection level: 500
21/10/2019 -- 14:14:14 - <Config> - DNS per flow memcap (state-memcap): 524288
21/10/2019 -- 14:14:14 - <Config> - DNS global memcap: 16777216
21/10/2019 -- 14:14:14 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/10/2019 -- 14:14:14 - <Config> - preallocated 1000 hosts of size 136
21/10/2019 -- 14:14:14 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/10/2019 -- 14:14:14 - <Config> - using magic-file /usr/share/file/magic
21/10/2019 -- 14:14:14 - <Config> - Core dump size is unlimited.
21/10/2019 -- 14:14:14 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/10/2019 -- 14:14:14 - <Config> - preallocated 1000 defrag trackers of size 168
21/10/2019 -- 14:14:14 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/10/2019 -- 14:14:14 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/10/2019 -- 14:14:14 - <Config> - stream "memcap": 33554432
21/10/2019 -- 14:14:14 - <Config> - stream "midstream" session pickups: disabled
21/10/2019 -- 14:14:14 - <Config> - stream "async-oneside": disabled
21/10/2019 -- 14:14:14 - <Config> - stream "checksum-validation": disabled
21/10/2019 -- 14:14:14 - <Config> - stream."inline": disabled
21/10/2019 -- 14:14:14 - <Config> - stream "bypass": disabled
21/10/2019 -- 14:14:14 - <Config> - stream "max-synack-queued": 5
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly "memcap": 134217728
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly "depth": 0
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly "toserver-chunk-size": 2631
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly "toclient-chunk-size": 2618
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly.raw: enabled
21/10/2019 -- 14:14:14 - <Config> - stream.reassembly "segment-prealloc": 2048
21/10/2019 -- 14:14:14 - <Config> - Delayed detect disabled
21/10/2019 -- 14:14:14 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/10/2019 -- 14:14:14 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/10/2019 -- 14:14:14 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/10/2019 -- 14:14:14 - <Config> - prefilter engines: MPM
21/10/2019 -- 14:14:14 - <Config> - IP reputation disabled
21/10/2019 -- 14:14:14 - <Perf> - Registered 148 keyword profiling counters.
21/10/2019 -- 14:14:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
21/10/2019 -- 14:14:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
21/10/2019 -- 14:14:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
21/10/2019 -- 14:14:19 - <Config> - No rules loaded from ET-icmp.rules.
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
21/10/2019 -- 14:14:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
21/10/2019 -- 14:14:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
21/10/2019 -- 14:14:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
21/10/2019 -- 14:14:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
21/10/2019 -- 14:14:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
21/10/2019 -- 14:14:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
21/10/2019 -- 14:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
21/10/2019 -- 14:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
21/10/2019 -- 14:14:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
21/10/2019 -- 14:14:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
21/10/2019 -- 14:14:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
21/10/2019 -- 14:14:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
21/10/2019 -- 14:14:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
21/10/2019 -- 14:14:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
21/10/2019 -- 14:14:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
21/10/2019 -- 14:14:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
21/10/2019 -- 14:14:27 - <Config> - No rules loaded from local.rules.
21/10/2019 -- 14:14:27 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
21/10/2019 -- 14:14:27 - <Info> - Threshold config parsed: 0 rule(s) found
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tcp-packet
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tcp-stream
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for udp-packet
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for other-ip
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_uri
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_request_line
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_client_body
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_response_line
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_header
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_header
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_header_names
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_header_names
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_accept
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_accept_enc
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_accept_lang
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_referer
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_connection
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_content_len
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_content_len
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_content_type
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_content_type
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_protocol
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_protocol
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_start
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_start
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_raw_header
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_raw_header
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_method
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_cookie
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_cookie
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_raw_uri
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_user_agent
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_host
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_raw_host
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_stat_msg
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_stat_code
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for dns_query
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tls_sni
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for dce_stub_data
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for dce_stub_data
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for ssh_protocol
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for ssh_protocol
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for ssh_software
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for ssh_software
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for file_data
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for file_data
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_request_line
21/10/2019 -- 14:14:28 - <Perf> - using shared mpm ctx' for http_response_line
21/10/2019 -- 14:14:28 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
21/10/2019 -- 14:14:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/10/2019 -- 14:14:28 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
21/10/2019 -- 14:14:28 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
21/10/2019 -- 14:14:28 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
21/10/2019 -- 14:14:28 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
21/10/2019 -- 14:14:28 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
21/10/2019 -- 14:14:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/10/2019 -- 14:14:35 - <Perf> - Unique rule groups: 104
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toserver TCP packet": 35
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toclient TCP packet": 17
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toserver TCP stream": 33
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toclient TCP stream": 19
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toserver UDP packet": 27
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "toclient UDP packet": 17
21/10/2019 -- 14:14:35 - <Perf> - Builtin MPM "other IP packet": 3
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_uri": 14
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_header": 10
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_header": 6
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_header_names": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_protocol": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_start": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_method": 5
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver http_host": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver tls_sni": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toserver file_data": 1
21/10/2019 -- 14:14:35 - <Perf> - AppLayer MPM "toclient file_data": 7
21/10/2019 -- 14:14:38 - <Perf> - Registered 39590 rule profiling counters.
21/10/2019 -- 14:14:38 - <Info> - fast output device (regular) initialized: alert
21/10/2019 -- 14:14:38 - <Info> - eve-log output device (regular) initialized: eve.json
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'alert'
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'http'
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'dns'
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'tls'
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'files'
21/10/2019 -- 14:14:38 - <Config> - enabling 'eve-log' module 'ssh'
21/10/2019 -- 14:14:38 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/10/2019 -- 14:14:38 - <Info> - stats output device (regular) initialized: stats.log
21/10/2019 -- 14:14:38 - <Config> - AutoFP mode using "Hash" f
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 6 82 1816484 55683526 33033167 2.7b 98.71
IPv4 17 1 35454098 35454098 35454098 35.5m 1.29
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 6 82 117240 12725406 814591 66.8m 80.97
TMM_FLOWWORKER IPv4 17 1 1539260 1539260 1539260 1.5m 1.87
TMM_RECEIVEPCAPFILE IPv4 6 82 4452 36260 6028 494.4k 0.60
TMM_RECEIVEPCAPFILE IPv4 17 1 4492 4492 4492 4.5k 0.01
TMM_DECODEPCAPFILE IPv4 6 82 4596 13206122 166365 13.6m 16.54
TMM_DECODEPCAPFILE IPv4 17 1 17762 17762 17762 17.8k 0.02
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 6 82 4582 428512 11298 926.5k 1.45
flow IPv4 17 1 7528 7528 7528 7.5k 0.01
stream IPv4 6 82 5302 560280 48271 4.0m 6.20
app-layer IPv4 17 1 30072 30072 30072 30.1k 0.05
detect IPv4 6 82 76798 12658644 695345 57.0m 89.27
detect IPv4 17 1 1480208 1480208 1480208 1.5m 2.32
tcp-prune IPv4 6 82 4456 28860 5526 453.2k 0.71
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 3 16122 47826 30545 91.6k 85.04
http IPv4 17 1 16122 16122 16122 16.1k 14.96
Proto detect IPv4 17 1 19560 19560 19560 19.6k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_HTTP IPv4 6 3 145124 602740 305485 916.5k 51.98
LOGGER_JSON_FILE IPv4 6 3 120944 571374 282224 846.7k 48.02
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 35 4924 162630 35551 1.2m 6.18
payload IPv4 17 1 73406 73406 73406 73.4k 0.36
stream IPv4 6 35 4442 9727340 398981 14.0m 69.38
http_uri IPv4 6 3 7386 36684 19420 58.3k 0.29
http_request_line IPv4 6 3 9952 436342 152263 456.8k 2.27
http_client_body IPv4 6 3 5816 7190 6323 19.0k 0.09
http_header (request) IPv4 6 3 157444 179470 168920 506.8k 2.52
http_header (request trailer) IPv4 6 3 4546 4868 4666 14.0k 0.07
http_header_names (request) IPv4 6 3 22926 26014 24222 72.7k 0.36
http_accept (request) IPv4 6 3 9880 14144 11520 34.6k 0.17
http_referer (request) IPv4 6 3 5424 8804 6551 19.7k 0.10
http_content_len (request) IPv4 6 3 5354 5432 5388 16.2k 0.08
http_content_type (request) IPv4 6 3 5714 6430 6068 18.2k 0.09
http_protocol (request) IPv4 6 3 7774 8472 8222 24.7k 0.12
http_start (request) IPv4 6 3 22054 25900 23450 70.4k 0.35
http_raw_header (request) IPv4 6 3 25660 28846 27028 81.1k 0.40
http_method IPv4 6 3 10242 11664 10972 32.9k 0.16
http_cookie (request) IPv4 6 3 5174 5832 5555 16.7k 0.08
http_raw_uri IPv4 6 3 5002 8692 7101 21.3k 0.11
http_user_agent IPv4 6 3 52008 54218 53008 159.0k 0.79
http_host IPv4 6 3 9374 11528 10170 30.5k 0.15
http_response_line IPv4 6 3 9004 9886 9335 28.0k 0.14
http_header (response) IPv4 6 18 4632 460238 35658 641.9k 3.19
http_header (response trailer) IPv4 6 3 4752 6234 5248 15.7k 0.08
http_content_type (response) IPv4 6 18 4686 12412 7149 128.7k 0.64
http_raw_header (response) IPv4 6 12 5686 16490 9132 109.6k 0.54
http_cookie (response) IPv4 6 18 4584 5884 5006 90.1k 0.45
http_stat_code IPv4 6 18 4554 825432 51359 924.5k 4.59
file_data (http response) IPv4 6 9 4714 1187666 139444 1.3m 6.24
Total IPv4 224 89857 20.1m
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 6 5750 114552 31927 191.6k 0.21
PROF_DETECT_IPONLY IPv4 17 1 131580 131580 131580 131.6k 0.15
PROF_DETECT_RULES IPv4 6 82 4432 961356 79748 6.5m 7.32
PROF_DETECT_RULES IPv4 17 1 678688 678688 678688 678.7k 0.76
PROF_DETECT_STATEFUL_CONT IPv4 6 82 4416 445824 14881 1.2m 1.37
PROF_DETECT_STATEFUL_CONT IPv4 17 1 427952 427952 427952 428.0k 0.48
PROF_DETECT_STATEFUL_UPDATE IPv4 6 67 4450 8224 5017 336.1k 0.38
PROF_DETECT_PREFILTER IPv4 6 82 13538 12506124 496148 40.7m 45.54
PROF_DETECT_PREFILTER IPv4 17 1 115454 115454 115454 115.5k 0.13
PROF_DETECT_PF_PAYLOAD IPv4 6 35 23436 9747322 449632 15.7m 17.61
PROF_DETECT_PF_PAYLOAD IPv4 17 1 82572 82572 82572 82.6k 0.09
PROF_DETECT_PF_TX IPv4 6 67 4542 1324574 110880 7.4m 8.31
PROF_DETECT_PF_SORT1 IPv4 6 35 4478 12431046 360435 12.6m 14.12
PROF_DETECT_PF_SORT1 IPv4 17 1 6850 6850 6850 6.8k 0.01
PROF_DETECT_PF_SORT2 IPv4 6 82 4434 21312 5483 449.7k 0.50
PROF_DETECT_PF_SORT2 IPv4 17 1 6822 6822 6822 6.8k 0.01
PROF_DETECT_NONMPMLIST IPv4 6 82 4508 6852 5074 416.1k 0.47
PROF_DETECT_NONMPMLIST IPv4 17 1 5980 5980 5980 6.0k 0.01
PROF_DETECT_ALERT IPv4 6 82 4430 7742 4861 398.7k 0.45
PROF_DETECT_ALERT IPv4 17 1 5140 5140 5140 5.1k 0.01
PROF_DETECT_CLEANUP IPv4 6 82 4480 829194 15628 1.3m 1.43
PROF_DETECT_CLEANUP IPv4 17 1 7742 7742 7742 7.7k 0.01
PROF_DETECT_GETSGH IPv4 6 82 4440 32464 6303 516.9k 0.58
PROF_DETECT_GETSGH IPv4 17 1 60186 60186 60186 60.2k 0.07
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 10/21/2019 -- 14:14:39. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2101529 1 12 446108 13.90 3 0 434656 148702.67 0.00 148702.67
2 2016179 1 2 422330 13.16 1 0 422330 422330.00 0.00 422330.00
3 2016537 1 2 458492 14.29 29 0 313142 15810.07 0.00 15810.07
4 2010140 1 7 48786 1.52 1 0 48786 48786.00 0.00 48786.00
5 2020747 1 8 27662 0.86 3 0 14820 9220.67 0.00 9220.67
6 2019732 1 3 7828 0.24 1 0 7828 7828.00 0.00 7828.00
7 2017500 1 2 7774 0.24 1 0 7774 7774.00 0.00 7774.00
8 2012196 1 3 17714 0.55 3 0 7548 5904.67 0.00 5904.67
9 2100540 1 12 34394 1.07 6 0 7526 5732.33 0.00 5732.33
10 2016567 1 6 7522 0.23 1 0 7522 7522.00 0.00 7522.00
11 2008420 1 4 36770 1.15 6 0 7426 6128.33 0.00 6128.33
12 2008955 1 7 18496 0.58 3 0 7306 6165.33 0.00 6165.33
13 2100540 1 12 35422 1.10 6 0 7290 5903.67 0.00 5903.67
14 2809163 1 4 16734 0.52 3 0 7290 5578.00 0.00 5578.00
15 2022797 1 2 7226 0.23 1 0 7226 7226.00 0.00 7226.00
16 2017502 1 2 7152 0.22 1 0 7152 7152.00 0.00 7152.00
17 2008073 1 15 18402 0.57 3 0 7106 6134.00 0.00 6134.00
18 2019735 1 3 7060 0.22 1 0 7060 7060.00 0.00 7060.00
19 2022502 1 4 18002 0.56 3 0 6992 6000.67 0.00 6000.67
20 2018067 1 3 17722 0.55 3 0 6984 5907.33 0.00 5907.33
21 2021276 1 4 6942 0.22 1 0 6942 6942.00 0.00 6942.00
22 2807302 1 4 6846 0.21 1 0 6846 6846.00 0.00 6846.00
23 2809308 1 3 6792 0.21 1 0 6792 6792.00 0.00 6792.00
24 2019715 1 2 6782 0.21 1 0 6782 6782.00 0.00 6782.00
25 2828986 1 2 53426 1.66 10 0 6756 5342.60 0.00 5342.60
26 2809481 1 1 23958 0.75 4 0 6752 5989.50 0.00 5989.50
27 2024019 1 2 6672 0.21 1 0 6672 6672.00 0.00 6672.00
28 2017901 1 5 6636 0.21 1 0 6636 6636.00 0.00 6636.00
29 2102523 1 8 17170 0.54 3 0 6618 5723.33 0.00 5723.33
30 2802876 1 3 27128 0.85 5 0 6586 5425.60 0.00 5425.60
31 2019733 1 5 6568 0.20 1 0 6568 6568.00 0.00 6568.00
32 2017552 1 6 161598 5.04 32 0 6524 5049.94 0.00 5049.94
33 2823940 1 4 6488 0.20 1 0 6488 6488.00 0.00 6488.00
34 2814845 1 1 6486 0.20 1 0 6486 6486.00 0.00 6486.00
35 2820599 1 3 6478 0.20 1 0 6478 6478.00 0.00 6478.00
36 2017501 1 2 6396 0.20 1 0 6396 6396.00 0.00 6396.00
37 2011499 1 5 11928 0.37 2 0 6378 5964.00 0.00 5964.00
38 2013272 1 3 15828 0.49 3 0 6342 5276.00 0.00 5276.00
39 2023943 1 3 6336 0.20 1 0 6336 6336.00 0.00 6336.00
40 2807284 1 4 17246 0.54 3 0 6304 5748.67 0.00 5748.67
41 2816382 1 1 12106 0.38 2 0 6298 6053.00 0.00 6053.00
42 2025062 1 2 6292 0.20 1 0 6292 6292.00 0.00 6292.00
43 2023083 1 2 16778 0.52 3 0 6282 5592.67 0.00 5592.67
44 2826092 1 2 6260 0.20 1 0 6260 6260.00 0.00 6260.00
45 2802880 1 3 10776 0.34 2 0 6254 5388.00 0.00 5388.00
46 2025231 1 1 6240 0.19 1 0 6240 6240.00 0.00 6240.00
47 2009243 1 2 6226 0.19 1 0 6226 6226.00 0.00 6226.00
48 2804626 1 9 17350 0.54 3 0 6204 5783.33 0.00 5783.33
49 2828060 1 4 6176 0.19 1 0 6176 6176.00 0.00 6176.00
50 2101972 1 18 6170 0.19 1 0 6170 6170.00 0.00 6170.00
51 2804586 1 2 17432 0.54 3 0 6136 5810.67 0.00 5810.67
52 2828877 1 1 114168 3.56 22 0 6122 5189.45 0.00 5189.45
53 2810614 1 3 6122 0.19 1 0 6122 6122.00 0.00 6122.00
54 2024513 1 5 6080 0.19 1 0 6080 6080.00 0.00 6080.00
55 2816857 1 2 17994 0.56 3 0 6066 5998.00 0.00 5998.00
56 2019707 1 2 6062 0.19 1 0 6062 6062.00 0.00 6062.00
57 2826256 1 2 17888 0.56 3 0 6060 5962.67 0.00 5962.67
58 2100361 1 17 17032 0.53 3 0 6060 5677.33 0.00 5677.33
59 2823571 1 2 27632 0.86 5 0 6026 5526.40 0.00 5526.40
60 2815751 1 2 6018 0.19 1 0 6018 6018.00 0.00 6018.00
61 2828838 1 1 6016 0.19 1 0 6016 6016.00 0.00 6016.00
62 2829848 1 2 50588 1.58 10 0 6016 5058.80 0.00 5058.80
63 2815003 1 5 5988 0.19 1 0 5988 5988.00 0.00 5988.00
64 2806131 1 3 17414 0.54 3 0 5974 5804.67 0.00 5804.67
65 2827279 1 5 17604 0.55 3 0 5942 5868.00 0.00 5868.00
66 2017191 1 3 5940 0.19 1 0 5940 5940.00 0.00 5940.00
67 2828190 1 2 16972 0.53 3 0 5916 5657.33 0.00 5657.33
68 2811745 1 4 5904 0.18 1 0 5904 5904.00 0.00 5904.00
69 2815225 1 3 5900 0.18 1 0 5900 5900.00 0.00 5900.00
70 2811041 1 3 5896 0.18 1 0 5896 5896.00 0.00 5896.00
71 2820117 1 2 5890 0.18 1 0 5890 5890.00 0.00 5890.00
72 2025255 1 2 5890 0.18 1 0 5890 5890.00 0.00 5890.00
73 2810487 1 1 5886 0.18 1 0 5886 5886.00 0.00 5886.00
74 2815263 1 3 5886 0.18 1 0 5886 5886.00 0.00 5886.00
75 2820157 1 2 5860 0.18 1 0 5860 5860.00 0.00 5860.00
76 2810795 1 5 11064 0.34 2 0 5850 5532.00 0.00 5532.00
77 2828748 1 2 111124 3.46 22 0 5846 5051.09 0.00 5051.09
78 2017774 1 9 5822 0.18 1 0 5822 5822.00 0.00 5822.00
79 2102257 1 10 5814 0.18 1 0 5814 5814.00 0.00 5814.00
80 2826156 1 2 5806 0.18 1 0 5806 5806.00 0.00 5806.00
81 2816165 1 5 17306 0.54 3 0 5804 5768.67 0.00 5768.67
82 2811356 1 2 5786 0.18 1 0 5786 5786.00 0.00 5786.00
83 2018768 1 2 5778 0.18 1 0 5778 5778.00 0.00 5778.00
84 2821646 1 2 5764 0.18 1 0 5764 5764.00 0.00 5764.00
85 2019189 1 2 5736 0.18 1 0 5736 5736.00 0.00 5736.00
86 2024771 1 1 11312 0.35 2 0 5730 5656.00 0.00 5656.00
87 2828008 1 2 16640 0.52 3 0 5674 5546.67 0.00 5546.67
88 2811277 1 7 5662 0.18 1 0 5662 5662.00 0.00 5662.00
89 2010513 1 5 5654 0.18 1 0 5654 5654.00 0.00 5654.00
90 2025061 1 2 5652 0.18 1 0 5652 5652.00 0.00 5652.00
91 2017693 1 2 5642 0.18 1 0 5642 5642.00 0.00 5642.00
92 2822367 1 2 5636 0.18 1 0 5636 5636.00 0.00 5636.00
93 2816701 1 3 5630 0.18 1 0 5630 5630.00 0.00 5630.00
94 2816850 1 3 5612 0.17 1 0 5612 5612.00 0.00 5612.00
95 2808004 1 5 5608 0.17 1 0 5608 5608.00 0.00 5608.00
96 2017499 1 2 5604 0.17 1 0 5604 5604.00 0.00 5604.00
97 2828876 1 1 31556 0.98 6 0 5598 5259.33 0.00 5259.33
98 2810910 1 3 5586 0.17 1 0 5586 5586.00 0.00 5586.00
99 2023627 1 3 5570 0.17 1 0 5570 5570.00 0.00 5570.00
100 2828837 1 2 5554 0.17 1 0 5554 5554.00 0.00 5554.00
101 2812101 1 2 5538 0.17 1 0 5538 5538.00 0.00 5538.00
102 2013739 1 15 5512 0.17 1 0 5512 5512.00 0.00 5512.00
103 2017114 1 5 5492 0.17 1 0 5492 5492.00 0.00 5492.00
104 2010143 1 3 5488 0.17 1 0 5488 5488.00 0.00 5488.00
105 2810852 1 2 5482 0.17 1 0 5482 5482.00 0.00 5482.00
106 2101888 1 9 16364 0.51 3 0 5476 5454.67 0.00 5454.67
107 2823937 1 13 5436 0.17 1 0 5436 5436.00 0.00 5436.00
108 2814226 1 2 5414 0.17 1 0 5414 5414.00 0.00 5414.00
109 2017295 1 6 5412 0.17 1 0 5412 5412.00 0.00 5412.00
110 2820932 1 2 5394 0.17 1 0 5394 5394.00 0.00 5394.00
111 2016181 1 2 5368 0.17 1 0 5368 5368.00 0.00 5368.00
112 2024650 1 1 5358 0.17 1 0 5358 5358.00 0.00 5358.00
113 2103070 1 3 15546 0.48 3 0 5352 5182.00 0.00 5182.00
114 2018259 1 10 5346 0.17 1 0 5346 5346.00 0.00 5346.00
115 2815478 1 5 5290 0.16 1 0 5290 5290.00 0.00 5290.00
116 2811668 1 6 5290 0.16 1 0 5290 5290.00 0.00 5290.00
117 2010515 1 6 5274 0.16 1 0 5274 5274.00 0.00 5274.00
118 2820812 1 2 5272 0.16 1 0 5272 5272.00 0.00 5272.00
119 2816840 1 3 5254 0.16 1 0 5254 5254.00 0.00 5254.00
120 2016379 1 5 5244 0.16 1 0 5244 5244.00 0.00 5244.00
121 2024602 1 2 5238 0.16 1 0 5238 5238.00 0.00 5238.00
122 2815907 1 4 5230 0.16 1 0 5230 5230.00 0.00 5230.00
123 2015809 1 5 5226 0.16 1 0 5226 5226.00 0.00 5226.00
124 2815901 1 4 5226 0.16 1 0 5226 5226.00 0.00 5226.00
125 2820856 1 2
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | ------------------------------------------------------------------------------------
Date: 10/21/2019 -- 14:14:39 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 90
decoder.bytes | Total | 50163
decoder.ipv4 | Total | 83
decoder.null | Total | 90
decoder.tcp | Total | 82
decoder.udp | Total | 1
decoder.avg_pkt_size | Total | 557
decoder.max_pkt_size | Total | 8248
flow.tcp | Total | 3
flow.udp | Total | 1
tcp.sessions | Total | 3
tcp.syn | Total | 3
tcp.synack | Total | 3
detect.mpm_list | Total | 3
detect.nonmpm_list | Total | 2
detect.match_list | Total | 4
app_layer.flow.http | Total | 3
app_layer.tx.http | Total | 3
app_layer.flow.failed_udp | Total | 1
flow.spare | Total | 9997
flow_mgr.flows_checked | Total | 1
flow_mgr.flows_notimeout | Total | 1
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_empty | Total | 65535
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7074592
|
1 2 3 4 5 6 | {"timestamp":"2019-10-21T14:12:07.465438+0000","flow_id":1128286779806721,"pcap_cnt":22,"event_type":"http","src_ip":"127.0.0.1","src_port":56152,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-21T14:12:07.465471+0000","flow_id":1128286779806721,"pcap_cnt":23,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":56152,"proto":"TCP","http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":522},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":522,"tx_id":0}}
{"timestamp":"2019-10-21T14:12:07.594993+0000","flow_id":1414219932569625,"pcap_cnt":50,"event_type":"http","src_ip":"127.0.0.1","src_port":56154,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/favicon.ico","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-21T14:12:07.594993+0000","flow_id":1414219932569625,"pcap_cnt":50,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":56154,"proto":"TCP","http":{"hostname":"localhost","url":"\/favicon.ico","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_refer":"http:\/\/localhost\/","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":195},"app_proto":"http","fileinfo":{"filename":"\/favicon.ico","gaps":false,"state":"CLOSED","stored":false,"size":195,"tx_id":0}}
{"timestamp":"2019-10-21T14:12:11.942589+0000","flow_id":377878684065367,"pcap_cnt":86,"event_type":"http","src_ip":"127.0.0.1","src_port":56157,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/4021853ef93d0e99eca553d64c469c2079408adeecfecddc2914887dd1fe389b.html","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-21T14:12:11.942623+0000","flow_id":377878684065367,"pcap_cnt":87,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":56157,"proto":"TCP","http":{"hostname":"localhost","url":"\/4021853ef93d0e99eca553d64c469c2079408adeecfecddc2914887dd1fe389b.html","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":42080},"app_proto":"http","fileinfo":{"filename":"\/4021853ef93d0e99eca553d64c469c2079408adeecfecddc2914887dd1fe389b.html","gaps":false,"state":"CLOSED","stored":false,"size":42080,"tx_id":0}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | --------------------------------------------------------------------------------------------------------------------------------
Date: 10/21/2019 -- 14:14:39
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 14914 2 1 9244 7457.00 9244.00 5670.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 14914 2 1 9244 7457.00 9244.00 5670.00
|
1 2 3 4 5 6 7 8 | 2019-10-21 14:14:13,239 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-21 14:14:14,093 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-21 14:14:14,094 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-21 14:14:14,094 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-21 14:14:14,094 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-21 14:14:14,095 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b91de2200d51643069b5c562d66cd0af56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10212019.1414-CVE-2014-6332.pcap -vvv -k none
2019-10-21 14:14:39,317 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-21 14:14:39,318 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.0984919071
|