Filename: c5b86e36-85df-4817-b472-da7807707b80.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.6679530144 seconds
Hash: bf388b83da5075cd8872b72cf35a4d2f
Uploaded: 1542978190

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2018-11-23-T-13-03-35-11232018.1303-c5b86e36-85df-4817-b472-da7807707b80.pcap.txt - (8791 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
  --------------------------------------------------------------------------
  Date: 11/23/2018 -- 13:03:35. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        771474       15.60  13       0        112042      59344.15    0.00        59344.15   
  2        2821615      1        2        80030        1.62   1        0        80030       80030.00    0.00        80030.00   
  3        2016537      1        2        66159        1.34   1        1        66159       66159.00    66159.00    0.00       
  4        2830124      1        1        59850        1.21   1        0        59850       59850.00    0.00        59850.00   
  5        2023083      1        2        50479        1.02   1        0        50479       50479.00    0.00        50479.00   
  6        2826256      1        2        47803        0.97   1        0        47803       47803.00    0.00        47803.00   
  7        2022969      1        2        44098        0.89   1        0        44098       44098.00    0.00        44098.00   
  8        2816165      1        5        41488        0.84   1        0        41488       41488.00    0.00        41488.00   
  9        2021070      1        2        39123        0.79   1        1        39123       39123.00    39123.00    0.00       
  10       2829607      1        1        38304        0.77   1        0        38304       38304.00    0.00        38304.00   
  11       2102257      1        10       84056        1.70   11       0        37777       7641.45     0.00        7641.45    
  12       2830035      1        2        35502        0.72   1        0        35502       35502.00    0.00        35502.00   
  13       2013739      1        15       245831       4.97   79       0        32234       3111.78     0.00        3111.78    
  14       2010140      1        7        337699       6.83   79       0        30787       4274.67     0.00        4274.67    
  15       2022200      1        2        29759        0.60   1        0        29759       29759.00    0.00        29759.00   
  16       2025162      1        2        29264        0.59   1        0        29264       29264.00    0.00        29264.00   
  17       2829644      1        1        28462        0.58   1        0        28462       28462.00    0.00        28462.00   
  18       2809267      1        8        28335        0.57   1        0        28335       28335.00    0.00        28335.00   
  19       2008118      1        3        74083        1.50   18       0        26473       4115.72     0.00        4115.72    
  20       2022914      1        1        43684        0.88   3        0        24930       14561.33    0.00        14561.33   
  21       2023626      1        3        182276       3.69   59       0        23223       3089.42     0.00        3089.42    
  22       2017552      1        6        21145        0.43   1        0        21145       21145.00    0.00        21145.00   
  23       2023623      1        3        117081       2.37   38       0        16135       3081.08     0.00        3081.08    
  24       2008117      1        3        80672        1.63   24       0        15903       3361.33     0.00        3361.33    
  25       2016181      1        2        43727        0.88   11       0        15440       3975.18     0.00        3975.18    
  26       2805211      1        1        27153        0.55   3        0        9670        9051.00     0.00        9051.00    
  27       2008116      1        4        73480        1.49   24       0        5692        3061.67     0.00        3061.67    
  28       2016363      1        2        26027        0.53   8        0        4872        3253.38     0.00        3253.38    
  29       2802822      1        1        71081        1.44   24       0        4697        2961.71     0.00        2961.71    
  30       2008420      1        4        8134         0.16   2        0        4616        4067.00     0.00        4067.00    
  31       2009243      1        2        53068        1.07   18       0        4494        2948.22     0.00        2948.22    
  32       2010143      1        3        224434       4.54   79       0        4304        2840.94     0.00        2840.94    
  33       2802205      1        3        70109        1.42   24       0        4188        2921.21     0.00        2921.21    
  34       2023627      1        3        132706       2.68   47       0        4056        2823.53     0.00        2823.53    
  35       2100518      1        8        68222        1.38   24       0        4035        2842.58     0.00        2842.58    
  36       2019011      1        3        69726        1.41   24       0        3879        2905.25     0.00        2905.25    
  37       2023624      1        3        156632       3.17   57       0        3805        2747.93     0.00        2747.93    
  38       2016323      1        1        25039        0.51   8        0        3783        3129.88     0.00        3129.88    
  39       2801347      1        5        47881        0.97   17       0        3748        2816.53     0.00        2816.53    
  40       2008120      1        4        214090       4.33   79       0        3680        2710.00     0.00        2710.00    
  41       2023622      1        3        201058       4.07   74       0        3614        2717.00     0.00        2717.00    
  42       2019017      1        3        40324        0.82   14       0        3605        2880.29     0.00        2880.29    
  43       2019010      1        3        40746        0.82   14       0        3569        2910.43     0.00        2910.43    
  44       2019016      1        3        66655        1.35   24       0        3566        2777.29     0.00        2777.29    
  45       2023617      1        3        51900        1.05   19       0        3490        2731.58     0.00        2731.58    
  46       2804586      1        2        3458         0.07   1        0        3458        3458.00     0.00        3458.00    
  47       2023613      1        3        21773        0.44   8        0        3444        2721.62     0.00        2721.62    
  48       2102523      1        8        3439         0.07   1        0        3439        3439.00     0.00        3439.00    
  49       2010142      1        4        210479       4.26   79       0        3413        2664.29     0.00        2664.29    
  50       2023621      1        4        41052        0.83   15       0        3405        2736.80     0.00        2736.80    
  51       2023614      1        3        29902        0.60   11       0        3389        2718.36     0.00        2718.36    
  52       2016178      1        2        31610        0.64   11       0        3380        2873.64     0.00        2873.64    
  53       2023625      1        3        135247       2.73   50       0        3376        2704.94     0.00        2704.94    
  54       2828876      1        1        6616         0.13   2        0        3365        3308.00     0.00        3308.00    
  55       2019012      1        3        3358         0.07   1        0        3358        3358.00     0.00        3358.00    
  56       2023612      1        4        51954        1.05   19       0        3343        2734.42     0.00        2734.42    
  57       2016179      1        2        30183        0.61   11       0        3338        2743.91     0.00        2743.91    
  58       2100566      1        5        22328        0.45   8        0        3291        2791.00     0.00        2791.00    
  59       2023619      1        3        29923        0.61   11       0        3238        2720.27     0.00        2720.27    
  60       2023615      1        3        21625        0.44   8        0        3201        2703.12     0.00        2703.12    
  61       2102523      1        8        3020         0.06   1        0        3020        3020.00     0.00        3020.00    
  62       2019019      1        3        2958         0.06   1        0        2958        2958.00     0.00        2958.00    
  63       2810793      1        5        2837         0.06   1        0        2837        2837.00     0.00        2837.00    
  64       2810795      1        5        2601         0.05   1        0        2601        2601.00     0.00        2601.00    
  65       2100474      1        5        2599         0.05   1        0        2599        2599.00     0.00        2599.00    


suricata-report-2018-11-23-T-13-03-35-11232018.1303-c5b86e36-85df-4817-b472-da7807707b80.pcap.txt - (17921 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf388b83da5075cd8872b72cf35a4d2f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11232018.1303-c5b86e36-85df-4817-b472-da7807707b80.pcap -vvv -k none
elapsedtime:23.716184
stderr:
stdout:
23/11/2018 -- 13:03:11 - <Info> - Configuration node 'rule-files' redefined.
23/11/2018 -- 13:03:11 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/11/2018 -- 13:03:11 - <Info> - CPUs/cores online: 1
23/11/2018 -- 13:03:11 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33760 and 'request-body-inspect-window' set to 16705 after randomization.
23/11/2018 -- 13:03:11 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32922 and 'response-body-inspect-window' set to 16090 after randomization.
23/11/2018 -- 13:03:11 - <Config> - DNS request flood protection level: 500
23/11/2018 -- 13:03:11 - <Config> - DNS per flow memcap (state-memcap): 524288
23/11/2018 -- 13:03:11 - <Config> - DNS global memcap: 16777216
23/11/2018 -- 13:03:11 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/11/2018 -- 13:03:11 - <Config> - preallocated 1000 hosts of size 136
23/11/2018 -- 13:03:11 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/11/2018 -- 13:03:11 - <Config> - using magic-file /usr/share/file/magic
23/11/2018 -- 13:03:11 - <Config> - Core dump size is unlimited.
23/11/2018 -- 13:03:11 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/11/2018 -- 13:03:11 - <Config> - preallocated 1000 defrag trackers of size 168
23/11/2018 -- 13:03:11 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/11/2018 -- 13:03:11 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/11/2018 -- 13:03:11 - <Config> - stream "memcap": 33554432
23/11/2018 -- 13:03:11 - <Config> - stream "midstream" session pickups: disabled
23/11/2018 -- 13:03:11 - <Config> - stream "async-oneside": disabled
23/11/2018 -- 13:03:11 - <Config> - stream "checksum-validation": disabled
23/11/2018 -- 13:03:11 - <Config> - stream."inline": disabled
23/11/2018 -- 13:03:11 - <Config> - stream "bypass": disabled
23/11/2018 -- 13:03:11 - <Config> - stream "max-synack-queued": 5
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly "memcap": 134217728
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly "depth": 0
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly "toserver-chunk-size": 2671
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly "toclient-chunk-size": 2469
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly.raw: enabled
23/11/2018 -- 13:03:11 - <Config> - stream.reassembly "segment-prealloc": 2048
23/11/2018 -- 13:03:11 - <Config> - Delayed detect disabled
23/11/2018 -- 13:03:11 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/11/2018 -- 13:03:11 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/11/2018 -- 13:03:11 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/11/2018 -- 13:03:11 - <Config> - prefilter engines: MPM
23/11/2018 -- 13:03:11 - <Config> - IP reputation disabled
23/11/2018 -- 13:03:11 - <Perf> - Registered 148 keyword profiling counters.
23/11/2018 -- 13:03:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/11/2018 -- 13:03:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/11/2018 -- 13:03:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/11/2018 -- 13:03:17 - <Config> - No rules loaded from ET-icmp.rules.
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/11/2018 -- 13:03:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/11/2018 -- 13:03:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/11/2018 -- 13:03:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/11/2018 -- 13:03:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/11/2018 -- 13:03:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/11/2018 -- 13:03:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/11/2018 -- 13:03:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/11/2018 -- 13:03:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/11/2018 -- 13:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/11/2018 -- 13:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/11/2018 -- 13:03:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/11/2018 -- 13:03:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/11/2018 -- 13:03:25 - <Config> - No rules loaded from local.rules.
23/11/2018 -- 13:03:25 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/11/2018 -- 13:03:25 - <Info> - Threshold config parsed: 0 rule(s) found
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tcp-packet
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tcp-stream
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for udp-packet
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for other-ip
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_uri
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_request_line
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_client_body
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_response_line
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_header
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_header
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_header_names
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_header_names
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_accept
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_accept_enc
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_accept_lang
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_referer
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_connection
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_content_len
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_content_len
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_content_type
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_content_type
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_protocol
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_protocol
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_start
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_start
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_raw_header
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_raw_header
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_method
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_cookie
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_cookie
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_raw_uri
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_user_agent
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_host
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_raw_host
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_stat_msg
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_stat_code
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for dns_query
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tls_sni
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for dce_stub_data
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for dce_stub_data
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for ssh_protocol
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for ssh_protocol
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for ssh_software
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for ssh_software
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for file_data
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for file_data
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_request_line
23/11/2018 -- 13:03:26 - <Perf> - using shared mpm ctx' for http_response_line
23/11/2018 -- 13:03:26 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/11/2018 -- 13:03:26 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/11/2018 -- 13:03:26 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/11/2018 -- 13:03:26 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/11/2018 -- 13:03:26 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/11/2018 -- 13:03:26 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/11/2018 -- 13:03:26 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/11/2018 -- 13:03:26 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/11/2018 -- 13:03:32 - <Perf> - Unique rule groups: 104
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/11/2018 -- 13:03:32 - <Perf> - Builtin MPM "other IP packet": 3
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_header": 10
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_header": 6
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_start": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_method": 5
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver http_host": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toserver file_data": 1
23/11/2018 -- 13:03:32 - <Perf> - AppLayer MPM "toclient file_data": 7
23/11/2018 -- 13:03:34 - <Perf> - Registered 39590 rule profiling counters.
23/11/2018 -- 13:03:34 - <Info> - fast output device (regular) initialized: alert
23/11/2018 -- 13:03:34 - <Info> - eve-log output device (regular) initialized: eve.json
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'alert'
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'http'
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'dns'
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'tls'
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'files'
23/11/2018 -- 13:03:34 - <Config> - enabling 'eve-log' module 'ssh'
23/11/2018 -- 13:03:34 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/11/2018 -- 13:03:34 - <Info> - stats output device (regular) initialized: stats.log
23/11/2018 -- 13:03:34 - <Config> - Aut

This file has been truncated. Go here to download in full.


packet_stats.log - (14736 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             7          4281405       36175480      26695128        186.9m    8.17
 IPv4      17            52          3486684       39571093      23107939          1.2b   52.56
 IPv6      17            35          3058196       40593023      23086428        808.0m   35.34
 IPv6      58             5         17744926       18367421      17977033         89.9m    3.93
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             7            71438        1640445        402723          2.8m    9.35
TMM_FLOWWORKER              IPv4      17            52           119410        9874889        391589         20.4m   67.57
TMM_RECEIVEPCAPFILE         IPv4       6             5             3105           3606          3342         16.7k    0.06
TMM_RECEIVEPCAPFILE         IPv4      17            52             2565           3837          3001        156.1k    0.52
TMM_DECODEPCAPFILE          IPv4       6             5             3295           5360          3880         19.4k    0.06
TMM_DECODEPCAPFILE          IPv4      17            52             2678           3815          2933        152.5k    0.51
TMM_FLOWWORKER              IPv6      17            35           108654         414712        170627          6.0m   19.82
TMM_FLOWWORKER              IPv6      58             5            66739          84067         72856        364.3k    1.21
TMM_RECEIVEPCAPFILE         IPv6      17            35             2606           9364          3120        109.2k    0.36
TMM_RECEIVEPCAPFILE         IPv6      58             5             2584           2841          2757         13.8k    0.05
TMM_DECODEPCAPFILE          IPv6      17            35             2691          28009          3638        127.3k    0.42
TMM_DECODEPCAPFILE          IPv6      58             5             2846          11101          4578         22.9k    0.08

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             5             3009           5651          3665         18.3k  0.07  
flow                    IPv4      17            52             2785          22872          3849        200.2k  0.72  
stream                  IPv4       6             7             5638         321699         63766        446.4k  1.60  
app-layer               IPv4      17            52             2530          34034          4288        223.0k  0.80  
detect                  IPv4       6             7            45957        1115955        253776          1.8m  6.37  
detect                  IPv4      17            52           102649        9849266        371256         19.3m  69.27 
tcp-prune               IPv4       6             7             2615          19268          5224         36.6k  0.13  
flow                    IPv6      17            35             2836          20999          4706        164.7k  0.59  
flow                    IPv6      58             5             2835           4196          3228         16.1k  0.06  
app-layer               IPv6      17            35             2534          16613          4715        165.0k  0.59  
detect                  IPv6      17            35            92616         355473        148914          5.2m  18.70 
detect                  IPv6      58             5            55078          71637         61084        305.4k  1.10  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            39654          39654         39654         39.7k  100.00
Proto detect            IPv4       6             1             5959           5959          5959          6.0k
Proto detect            IPv4      17             7             2779           5905          3425         24.0k
Proto detect            IPv6      17             9             2929           9352          4293         38.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_HTTP            IPv4       6             1           432901         432901        432901        432.9k  100.00

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             2             3428          84253         43840        87.7k  7.79  
payload                           IPv4      17            52             3303          41516         10323       536.8k  47.72 
stream                            IPv4       6             2             2849          32924         17886        35.8k  3.18  
http_uri                          IPv4       6             1            14315          14315         14315        14.3k  1.27  
http_request_line                 IPv4       6             1             8351           8351          8351         8.4k  0.74  
http_client_body                  IPv4       6             1             5209           5209          5209         5.2k  0.46  
http_header (request)             IPv4       6             1            33023          33023         33023        33.0k  2.94  
http_header (request trailer)     IPv4       6             1             2657           2657          2657         2.7k  0.24  
http_header_names (request)       IPv4       6             1            12153          12153         12153        12.2k  1.08  
http_accept (request)             IPv4       6             1             7183           7183          7183         7.2k  0.64  
http_referer (request)            IPv4       6             1             3181           3181          3181         3.2k  0.28  
http_content_len (request)        IPv4       6             1             4135           4135          4135         4.1k  0.37  
http_content_type (request)       IPv4       6             1             3920           3920          3920         3.9k  0.35  
http_protocol (request)           IPv4       6             1             5485           5485          5485         5.5k  0.49  
http_start (request)              IPv4       6             1            11808          11808         11808        11.8k  1.05  
http_raw_header (request)         IPv4       6             1             9560           9560          9560         9.6k  0.85  
http_method                       IPv4       6             1             7100           7100          7100         7.1k  0.63  
http_cookie (request)             IPv4       6             1             3229           3229          3229         3.2k  0.29  
http_raw_uri                      IPv4       6             1             6216           6216          6216         6.2k  0.55  
http_user_agent                   IPv4       6             1             3212           3212          3212         3.2k  0.29  
http_host                         IPv4       6             1             6489           6489          6489         6.5k  0.58  
Total                             IPv4                    74                                         10912       807.5k
payload                           IPv6      17            35             3144          38565          8399       294.0k  26.13 
payload                           IPv6      58             5             2836           7445          4681        23.4k  2.08  
Total                             IPv6                    40                                          7934       317.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            20697          59318         40007         80.0k  0.30  
PROF_DETECT_IPONLY          IPv4      17             7            45311          63322         51978        363.8k  1.35  
PROF_DETECT_RULES           IPv4       6             7             2566         764802        120154        841.1k  3.12  
PROF_DETECT_RULES           IPv4      17            52            44513        9722690        289579         15.1m  55.89 
PROF_DETECT_STATEFUL_START    IPv4       6             1           424933         424933        424933        424.9k  1.58  
PROF_DETECT_STATEFUL_CONT    IPv4       6             7             2748          48079         11619         81.3k  0.30  
PROF_DETECT_STATEFUL_CONT    IPv4      17            52             2515           3422          2867        149.1k  0.55  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             3             2835           3118          2947          8.8k  0.03  
PROF_DETECT_PREFILTER       IPv4       6             7             7951         291125         67228        470.6k  1.75  
PROF_DETECT_PREFILTER       IPv4      17            52            24064          64678         34698          1.8m  6.70  
PROF_DETECT_PF_PAYLOAD      IPv4       6             2            44123          95001         69562        139.1k  0.52  
PROF_DETECT_PF_PAYLOAD      IPv4      17            52             8436          46830         15878        825.7k  3.06  
PROF_DETECT_PF_TX           IPv4       6             3             3530         222788         77390        232.2k  0.86  
PROF_DETECT_PF_SORT1        IPv4       6             2             2700           4146          3423          6.8k  0.03  
PROF_DETECT_PF_SORT1        IPv4      17            52             2605           5945          3566        185.5k  0.69  
PROF_DETECT_PF_SORT2        IPv4       6             7             2572           4236          2956         20.7k  0.08  
PROF_DETECT_PF_SORT2        IPv4      17            52             2549           4023          2909        151.3k  0.56  
PROF_DETECT_NONMPMLIST      IPv4       6             7             2800           3804          3279         23.0k  0.09  
PROF_DETECT_NONMPMLIST      IPv4      17            52             2543           3788          2907        151.2k  0.56  
PROF_DETECT_ALERT           IPv4       6             7             2536          23632          5761         40.3k  0.15  
PROF_DETECT_ALERT           IPv4      17            52             2531          48760          3674        191.0k  0.71  
PROF_DETECT_CLEANUP         IPv4       6             7             2613          12131          4376         30.6k  0.11  
PROF_DETECT_CLEANUP         IPv4      17            52             2527           4800          2797        145.5k  0.54  
PROF_DETECT_GETSGH          IPv4       6             7             2545           6261          3784         26.5k  0.10  
PROF_DETECT_GETSGH          IPv4      17            52             2568          19785          3879        201.7k  0.75  
PROF_DETECT_IPONLY          IPv6      17             9             2861          12330          5065         45.6k  0.17  
PROF_DETECT_IPONLY          IPv6      58             1             2951           2951          2951          3.0k  0.01  
PROF_DETECT_RULES           IPv6      17            35            33847         190137         74402          2.6m  9.66  
PROF_DETECT_RULES           IPv6      58             5             2540           8826          3849         19.2k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv6      17            35             2525           3573          2823         98.8k  0.37  
PROF_DETECT_STATEFUL_CONT    IPv6      58             5             2516           2792          2706         13.5k  0.05  
PROF_DETECT_PREFILTER       IPv6      17            35            24222          68048         32068          1.1m  4.17  
PROF_DETECT_PREFILTER       IPv6      58             5            18513          23487         20559        102.8k  0.38  
PROF_DETECT_PF_PAYLOAD      IPv6      17            35             8408          43762         13762        481.7k  1.79  
PROF_DETECT_PF_PAYLOAD      IPv6      58             5             8128          12763          9969         49.8k  0.19  
PROF_DETECT_PF_SORT1        IPv6      17            35             2612           6266          3350        117.3k  0.44  
PROF_DETECT_PF_SORT2        IPv6      17            35             2551           5358          2882        100.9k  0.37  
PROF_DETECT_PF_SORT2        IPv6      58             5             2522           2803          2649         13.2k  0.05  
PROF_DETECT_NONMPMLIST      IPv6      17            35             2540           3516          2829         99.0k  0.37  
PROF_DETECT_NONMPMLIST      IPv6      58             5             2533           2807          2737         13.7k  0.05  
PROF_DETECT_ALERT           IPv6      17            35             2533           9569          2882        100.9k  0.37  
PROF_DETECT_ALERT           IPv6      58             5             2529           2571          2546         12.7k  0.05  
PROF_DETECT_CLEANUP         IPv6      17            35             2529           6386          2848         99.7k  0.37  
PROF_DETECT_CLEANUP         IPv6      58             5             2530           3085          2649         13.2k  0.05  
PROF_DETECT_GETSGH          IPv6      17            35             2527          25681          4658        163.0k  0.61  
PROF_DETECT_GETSGH          IPv6      58             5             2553           5549          3352         16.8k  0.06  


stats.log - (2683 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 11/23/2018 -- 13:03:35 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 150
decoder.bytes                              | Total                     | 14279
decoder.ipv4                               | Total                     | 57
decoder.ipv6                               | Total                     | 40
decoder.ethernet                           | Total                     | 150
decoder.tcp                                | Total                     | 5
decoder.udp                                | Total                     | 87
decoder.icmpv6                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 95
decoder.max_pkt_size                       | Total                     | 250
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 16
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.tx.http                          | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 16
flow.spare                                 | Total                     | 9989
flow_mgr.flows_checked                     | Total                     | 6
flow_mgr.flows_notimeout                   | Total                     | 6
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65530
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076032


eve.json - (260 bytes) - download
1
{"timestamp":"2018-11-23T13:02:21.615728+0000","flow_id":1312245554920477,"event_type":"http","src_ip":"192.168.100.138","src_port":49285,"dest_ip":"46.173.219.63","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"46.173.219.63","url":"\/dobby.soc"}}


keyword_perf.log - (7184 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/23/2018 -- 13:03:35
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             53987           15              15              5285            3599.00         3599.00         0.00           
  content          375458          96              67              20680           3911.00         3748.00         4286.00        
  pcre             90703           5               1               45187           18140.00        8654.00         20512.00       
  byte_test        206491          45              39              67636           4588.00         4710.00         3795.00        
  byte_jump        41839           13              13              5370            3218.00         3218.00         0.00           
  flowbits         9873            2               2               5935            4936.00         4936.00         0.00           
  urilen           6793            2               1               3754            3396.00         3754.00         3039.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             53987           15              15              5285            3599.00         3599.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          213542          57              37              20680           3746.00         3659.00         3907.00        
  pcre             49388           2               0               45187           24694.00        0.00            24694.00       
  byte_test        206491          45              39              67636           4588.00         4710.00         3795.00        
  byte_jump        41839           13              13              5370            3218.00         3218.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         9873            2               2               5935            4936.00         4936.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43479           8               1               16864           5434.00         4446.00         5576.00        
  pcre             4378            1               0               4378            4378.00         0.00            4378.00        
  urilen           6793            2               1               3754            3396.00         3754.00         3039.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          72538           19              18              4985            3817.00         3802.00         4100.00        
  pcre             36937           2               1               28283           18468.00        8654.00         28283.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37759           10              10              4716            3775.00         3775.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8140            2               1               5129            4070.00         5129.00         3011.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2018-11-23 13:03:10,787 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-23 13:03:11,534 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-23 13:03:11,534 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-11-23 13:03:11,535 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-23 13:03:11,535 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-23 13:03:11,535 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf388b83da5075cd8872b72cf35a4d2f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/11232018.1303-c5b86e36-85df-4817-b472-da7807707b80.pcap -vvv -k none
2018-11-23 13:03:35,253 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-23 13:03:35,254 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.4744777679