Filename: exploit.pcap
Status: Analysis complete
IDS: suricata-2.0.3
Ruleset: etopen-all
Runtime: 11.8388948441 seconds
Hash: c1cc63c329b0666dd275df5ea24fa0ce
Uploaded: 1566443373

Logfiles


suricata-2.0.3-etopen-all-perf.txt-2019-08-22-T-03-09-45-08222019.0309-exploit.pcap.txt - (6207 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
  --------------------------------------------------------------------------
  Date: 8/22/2019 -- 03:09:45
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021067      1        2        93182        7.22   1        1        93182       93182.00    93182.00    0.00       
  2        2020027      1        3        71364        5.53   1        0        71364       71364.00    0.00        71364.00   
  3        2021079      1        3        70820        5.49   1        0        70820       70820.00    0.00        70820.00   
  4        2012612      1        15       44996        3.49   1        0        44996       44996.00    0.00        44996.00   
  5        2019236      1        3        43946        3.41   1        0        43946       43946.00    0.00        43946.00   
  6        2007616      1        14       42292        3.28   1        0        42292       42292.00    0.00        42292.00   
  7        2024771      1        1        39980        3.10   1        0        39980       39980.00    0.00        39980.00   
  8        2100366      1        8        74264        5.76   2        1        48496       37132.00    48496.00    25768.00   
  9        2010524      1        3        72676        5.63   2        0        43648       36338.00    0.00        36338.00   
  10       2016537      1        2        35926        2.78   1        0        35926       35926.00    0.00        35926.00   
  11       2010525      1        4        69964        5.42   2        0        42054       34982.00    0.00        34982.00   
  12       2019232      1        4        34626        2.68   1        1        34626       34626.00    34626.00    0.00       
  13       2019904      1        2        34492        2.67   1        0        34492       34492.00    0.00        34492.00   
  14       2017552      1        6        34372        2.66   1        0        34372       34372.00    0.00        34372.00   
  15       2022028      1        1        66656        5.17   2        1        60484       33328.00    60484.00    6172.00    
  16       2024513      1        5        32776        2.54   1        0        32776       32776.00    0.00        32776.00   
  17       2022197      1        3        25098        1.95   1        0        25098       25098.00    0.00        25098.00   
  18       2013382      1        3        24814        1.92   1        0        24814       24814.00    0.00        24814.00   
  19       2009387      1        4        7102         0.55   1        0        7102        7102.00     0.00        7102.00    
  20       2002994      1        7        13312        1.03   2        0        8362        6656.00     0.00        6656.00    
  21       2102523      1        8        12220        0.95   2        0        6878        6110.00     0.00        6110.00    
  22       2014385      1        5        12128        0.94   2        0        6986        6064.00     0.00        6064.00    
  23       2001219      1        20       11990        0.93   2        0        6026        5995.00     0.00        5995.00    
  24       2013479      1        5        11720        0.91   2        0        6574        5860.00     0.00        5860.00    
  25       2100540      1        12       11688        0.91   2        0        5908        5844.00     0.00        5844.00    
  26       2019389      1        4        11540        0.89   2        0        6560        5770.00     0.00        5770.00    
  27       2002993      1        7        11192        0.87   2        0        6252        5596.00     0.00        5596.00    
  28       2008420      1        4        5564         0.43   1        0        5564        5564.00     0.00        5564.00    
  29       2019293      1        2        11096        0.86   2        0        5828        5548.00     0.00        5548.00    
  30       2001583      1        16       10906        0.85   2        0        5856        5453.00     0.00        5453.00    
  31       2014386      1        2        81680        6.33   15       0        13338       5445.33     0.00        5445.33    
  32       2019290      1        2        10882        0.84   2        0        6164        5441.00     0.00        5441.00    
  33       2100540      1        12       10768        0.83   2        0        5416        5384.00     0.00        5384.00    
  34       2002995      1        10       10650        0.83   2        0        5648        5325.00     0.00        5325.00    
  35       2001330      1        8        31944        2.48   6        0        6832        5324.00     0.00        5324.00    
  36       2010935      1        3        10580        0.82   2        0        5304        5290.00     0.00        5290.00    
  37       2003068      1        7        10536        0.82   2        0        5376        5268.00     0.00        5268.00    
  38       2001972      1        20       10198        0.79   2        0        5174        5099.00     0.00        5099.00    
  39       2019403      1        1        10192        0.79   2        0        5150        5096.00     0.00        5096.00    
  40       2002992      1        7        10122        0.78   2        0        5080        5061.00     0.00        5061.00    
  41       2014384      1        8        10064        0.78   2        0        5270        5032.00     0.00        5032.00    
  42       2019323      1        2        10010        0.78   2        0        5086        5005.00     0.00        5005.00    
  43       2001579      1        15       9992         0.77   2        0        5086        4996.00     0.00        4996.00    
  44       2001569      1        15       9970         0.77   2        0        4996        4985.00     0.00        4985.00    
  45       2010936      1        3        9874         0.77   2        0        5020        4937.00     0.00        4937.00    


suricata-2.0.3-etopen-all-http.log-2019-08-22-T-03-09-45-08222019.0309-exploit.pcap.txt - (143 bytes) - download
1
09/25/2014-17:30:07.677308 10.246.50.6 [**] /exploitable.cgi [**] () { :;}; /bin/ping -c1 10.246.50.2 [**] 10.246.50.2:43616 -> 10.246.50.6:80


packet_stats.log - (8523 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2           237822        1135884        686853          1.4m    6.01
 IPv4       6            29           148554       10763060        741017         21.5m   93.99
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_RECEIVEPCAPFILE         IPv4       1             2             4758           5160          4959          9.9k    0.05
TMM_RECEIVEPCAPFILE         IPv4       6            29             4716          15154          5787        167.8k    0.78
TMM_DECODEPCAPFILE          IPv4       1             2             6204          39596         22900         45.8k    0.21
TMM_DECODEPCAPFILE          IPv4       6            29             5150          40560          7780        225.6k    1.04
TMM_DETECT                  IPv4       1             2           171556         220868        196212        392.4k    1.81
TMM_DETECT                  IPv4       6            29            84786        1287798        279690          8.1m   37.47
TMM_STREAMTCP               IPv4       1             2             4554           5054          4804          9.6k    0.04
TMM_STREAMTCP               IPv4       6            29             4616         454416         31743        920.6k    4.25
TMM_PACKETLOGGER            IPv4       1             2             4818         820192        412505        825.0k    3.81
TMM_PACKETLOGGER            IPv4       6            29             4618         202824         12449        361.0k    1.67
TMM_TXLOGGER                IPv4       1             2             4462           4606          4534          9.1k    0.04
TMM_TXLOGGER                IPv4       6            29             4494         339386         17024        493.7k    2.28
TMM_FILELOGGER              IPv4       1             2             4466           4962          4714          9.4k    0.04
TMM_FILELOGGER              IPv4       6            29             4502        9862930        347005         10.1m   46.49
Note: TMM_STREAMTCP includes TCP app layer parsers, see below.

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3            77238         344224        168171        504.5k  100.00
Proto detect            IPv4       6             2            31022          74410         52716        105.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_ALERTFASTLOG            IPv4       1             1           183732         183732        183732        183.7k   11.81
TMM_ALERTFASTLOG            IPv4       6             1            33532          33532         33532         33.5k    2.15
TMM_ALERTUNIFIED2ALERT      IPv4       1             1           120054         120054        120054        120.1k    7.71
TMM_ALERTUNIFIED2ALERT      IPv4       6             1            45874          45874         45874         45.9k    2.95
TMM_LOGHTTPLOG              IPv4       6             1           259442         259442        259442        259.4k   16.67
TMM_JSONALERTLOG            IPv4       1             1           496404         496404        496404        496.4k   31.90
TMM_JSONALERTLOG            IPv4       6             1            98794          98794         98794         98.8k    6.35
TMM_JSONHTTPLOG             IPv4       6             1            59316          59316         59316         59.3k    3.81
TMM_JSONFILELOG             IPv4       6             1           259010         259010        259010        259.0k   16.64

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_MPM             IPv4       1             2            37406          63414         50410        100.8k  1.14  
PROF_DETECT_MPM             IPv4       6            29             4430         369934         59553          1.7m  19.60 
PROF_DETECT_MPM_PACKET      IPv4       1             2            11336          34018         22677         45.4k  0.51  
PROF_DETECT_MPM_PACKET      IPv4       6            15             8624          96362         33187        497.8k  5.65  
PROF_DETECT_MPM_PKT_STR     IPv4       1             2            11956          14992         13474         26.9k  0.31  
PROF_DETECT_MPM_PKT_STR     IPv4       6            13            12150          85938         28943        376.3k  4.27  
PROF_DETECT_MPM_STREAM      IPv4       6             2            47068         139634         93351        186.7k  2.12  
PROF_DETECT_MPM_URI         IPv4       6             1            17854          17854         17854         17.9k  0.20  
PROF_DETECT_MPM_HCBD        IPv4       6             1            11800          11800         11800         11.8k  0.13  
PROF_DETECT_MPM_HSBD        IPv4       6             1           124424         124424        124424        124.4k  1.41  
PROF_DETECT_MPM_HHD         IPv4       6             2            34954          44986         39970         79.9k  0.91  
PROF_DETECT_MPM_HRHD        IPv4       6             2             7592           9288          8440         16.9k  0.19  
PROF_DETECT_MPM_HMD         IPv4       6             1             6804           6804          6804          6.8k  0.08  
PROF_DETECT_MPM_HCD         IPv4       6             2             5656          12086          8871         17.7k  0.20  
PROF_DETECT_MPM_HRUD        IPv4       6             1             9036           9036          9036          9.0k  0.10  
PROF_DETECT_MPM_HSCD        IPv4       6             1             8120           8120          8120          8.1k  0.09  
PROF_DETECT_MPM_HUAD        IPv4       6             1            15642          15642         15642         15.6k  0.18  
UNKNOWN                     IPv4       6             1             6400           6400          6400          6.4k  0.07  
PROF_DETECT_IPONLY          IPv4       1             2            24638          29300         26969         53.9k  0.61  
PROF_DETECT_IPONLY          IPv4       6             6            23052          94732         43952        263.7k  2.99  
PROF_DETECT_RULES           IPv4       1             2            35292          62274         48783         97.6k  1.11  
PROF_DETECT_RULES           IPv4       6            29             4482         793964         66065          1.9m  21.74 
PROF_DETECT_STATEFUL        IPv4       1             2             4418           4440          4429          8.9k  0.10  
PROF_DETECT_STATEFUL        IPv4       6            29             4396         229102         15433        447.6k  5.08  
PROF_DETECT_PREFILTER       IPv4       1             2             6730           6858          6794         13.6k  0.15  
PROF_DETECT_PREFILTER       IPv4       6            29            11750         306908         72177          2.1m  23.75 
PROF_DETECT_ALERT           IPv4       1             2             5194           5848          5521         11.0k  0.13  
PROF_DETECT_ALERT           IPv4       6            29             4422          29394          5812        168.6k  1.91  
PROF_DETECT_CLEANUP         IPv4       1             2             4872           5360          5116         10.2k  0.12  
PROF_DETECT_CLEANUP         IPv4       6            29             4686          22776          6206        180.0k  2.04  
PROF_DETECT_GETSGH          IPv4       1             2             6248           8140          7194         14.4k  0.16  
PROF_DETECT_GETSGH          IPv4       6            29             4410          55560          8936        259.2k  2.94  


suricata-2.0.3-etopen-all-alert-2019-08-22-T-03-09-45-08222019.0309-exploit.pcap.txt - (591 bytes) - download
1
2
3
09/25/2014-17:30:07.588581  [**] [1:2100366:8] GPL ICMP_INFO PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.246.50.6:8 -> 10.246.50.2:0
09/25/2014-17:30:07.677308  [**] [1:2019232:4] ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 10.246.50.2:43616 -> 10.246.50.6:80
09/25/2014-17:30:07.677308  [**] [1:2022028:1] ET WEB_SERVER Possible CVE-2014-6271 Attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 10.246.50.2:43616 -> 10.246.50.6:80


suricata-report-2019-08-22-T-03-09-45-08222019.0309-exploit.pcap.txt - (8027 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
lastcmd:ulimit -c unlimited; /opt/suricata203/bin/suricata -c /opt/suricata203/etc/etopen/suricata203-etopen-all.yaml -l /var/www/html/c1cc63c329b0666dd275df5ea24fa0ce760f1e847443cd58852aac2412abb46c -r /var/pcap/08222019.0309-exploit.pcap -vvv --runmode=single -k none
elapsedtime:10.515990
stderr:
22/8/2019 -- 03:09:40 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata203/etc/etopen/luajit.rules: No such file or directory.
stdout:
22/8/2019 -- 03:09:35 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
22/8/2019 -- 03:09:35 - <Notice> - This is Suricata version 2.0.3 RELEASE
22/8/2019 -- 03:09:35 - <Info> - CPUs/cores online: 1
22/8/2019 -- 03:09:35 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
22/8/2019 -- 03:09:35 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
22/8/2019 -- 03:09:35 - <Info> - DNS request flood protection level: 500
22/8/2019 -- 03:09:35 - <Info> - DNS per flow memcap (state-memcap): 524288
22/8/2019 -- 03:09:35 - <Info> - DNS global memcap: 16777216
22/8/2019 -- 03:09:35 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/8/2019 -- 03:09:35 - <Info> - preallocated 1000 defrag trackers of size 168
22/8/2019 -- 03:09:35 - <Info> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/8/2019 -- 03:09:35 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
22/8/2019 -- 03:09:35 - <Info> - preallocated 1024 packets. Total memory 3573760
22/8/2019 -- 03:09:35 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/8/2019 -- 03:09:35 - <Info> - preallocated 1000 hosts of size 112
22/8/2019 -- 03:09:35 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
22/8/2019 -- 03:09:35 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
22/8/2019 -- 03:09:35 - <Info> - preallocated 10000 flows of size 280
22/8/2019 -- 03:09:35 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
22/8/2019 -- 03:09:35 - <Info> - IP reputation disabled
22/8/2019 -- 03:09:35 - <Info> - Registered 106 keyword profiling counters.
22/8/2019 -- 03:09:35 - <Info> - using magic-file /usr/share/file/magic
22/8/2019 -- 03:09:35 - <Info> - Delayed detect disabled
22/8/2019 -- 03:09:36 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/ET-emerging-icmp.rules
22/8/2019 -- 03:09:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/local.rules
22/8/2019 -- 03:09:40 - <Info> - 45 rule files processed. 18223 rules successfully loaded, 0 rules failed
22/8/2019 -- 03:09:40 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
22/8/2019 -- 03:09:40 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
22/8/2019 -- 03:09:41 - <Info> - building signature grouping structure, stage 2: building source address list... complete
22/8/2019 -- 03:09:44 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
22/8/2019 -- 03:09:45 - <Info> - Registered 18228 rule profiling counters.
22/8/2019 -- 03:09:45 - <Info> - Threshold config parsed: 0 rule(s) found
22/8/2019 -- 03:09:45 - <Info> - Core dump size is unlimited.
22/8/2019 -- 03:09:45 - <Info> - fast output device (regular) initialized: alert
22/8/2019 -- 03:09:45 - <Info> - eve-log output device (regular) initialized: eve.json
22/8/2019 -- 03:09:45 - <Info> - returning output_ctx 0x6be74c0
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'alert'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'http'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'dns'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'tls'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'files'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'ssh'
22/8/2019 -- 03:09:45 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/8/2019 -- 03:09:45 - <Info> - http-log output device (regular) initialized: http.log
22/8/2019 -- 03:09:45 - <Info> - reading pcap file /var/pcap/08222019.0309-exploit.pcap
22/8/2019 -- 03:09:45 - <Info> - stream "prealloc-sessions": 2048 (per thread)
22/8/2019 -- 03:09:45 - <Info> - stream "memcap": 33554432
22/8/2019 -- 03:09:45 - <Info> - stream "midstream" session pickups: disabled
22/8/2019 -- 03:09:45 - <Info> - stream "async-oneside": disabled
22/8/2019 -- 03:09:45 - <Info> - stream "checksum-validation": disabled
22/8/2019 -- 03:09:45 - <Info> - stream."inline": disabled
22/8/2019 -- 03:09:45 - <Info> - stream "max-synack-queued": 5
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "memcap": 134217728
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "depth": 0
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "toserver-chunk-size": 2681
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "toclient-chunk-size": 2457
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly.raw: enabled
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 4, prealloc 256
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 16, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 112, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 248, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 512, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 768, prealloc 1024
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 1448, prealloc 1024
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 65535, prealloc 128
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "chunk-prealloc": 250
22/8/2019 -- 03:09:45 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
22/8/2019 -- 03:09:45 - <Info> - pcap file end of file reached (pcap err code 0)
22/8/2019 -- 03:09:45 - <Notice> - Signal Received.  Stopping engine.
22/8/2019 -- 03:09:45 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
22/8/2019 -- 03:09:45 - <Info> - time elapsed 0.030s
22/8/2019 -- 03:09:45 - <Notice> - Pcap-file module read 31 packets, 4654 bytes
22/8/2019 -- 03:09:45 - <Info> - Stream TCP processed 29 TCP packets
22/8/2019 -- 03:09:45 - <Info> - Fast log output wrote 3 alerts
22/8/2019 -- 03:09:45 - <Info> - Alert unified2 module wrote 3 alerts
22/8/2019 -- 03:09:45 - <Info> - HTTP logger logged 1 requests
22/8/2019 -- 03:09:45 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
22/8/2019 -- 03:09:45 - <Info> - Dumping profiling data for 18228 rules.
22/8/2019 -- 03:09:45 - <Info> - Done dumping profiling data.
22/8/2019 -- 03:09:45 - <Info> - file /var/www/html/c1cc63c329b0666dd275df5ea24fa0ce760f1e847443cd58852aac2412abb46c/keyword_perf.log mode a
22/8/2019 -- 03:09:45 - <Info> - Done dumping keyword profiling data.
22/8/2019 -- 03:09:45 - <Info> - cleaning up signature grouping structure... complete
22/8/2019 -- 03:09:45 - <Info> - Done dumping profiling data.
returncode:
0errors:
- 22/8/2019 -- 03:09:40 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata203/etc/etopen/luajit.rules: No such file or directory.
warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 22/8/2019 -- 03:09:36 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/ET-emerging-icmp.rules
- 22/8/2019 -- 03:09:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/local.rules


stats.log - (3657 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
-------------------------------------------------------------------
Date: 8/22/2019 -- 03:09:45 (uptime: 0d, 00h 00m 10s)
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
dns.memuse                | PcapFile                  | 0
dns.memcap_state          | PcapFile                  | 0
dns.memcap_global         | PcapFile                  | 0
decoder.pkts              | PcapFile                  | 31
decoder.bytes             | PcapFile                  | 4654
decoder.invalid           | PcapFile                  | 0
decoder.ipv4              | PcapFile                  | 31
decoder.ipv6              | PcapFile                  | 0
decoder.ethernet          | PcapFile                  | 31
decoder.raw               | PcapFile                  | 0
decoder.sll               | PcapFile                  | 0
decoder.tcp               | PcapFile                  | 29
decoder.udp               | PcapFile                  | 0
decoder.sctp              | PcapFile                  | 0
decoder.icmpv4            | PcapFile                  | 2
decoder.icmpv6            | PcapFile                  | 0
decoder.ppp               | PcapFile                  | 0
decoder.pppoe             | PcapFile                  | 0
decoder.gre               | PcapFile                  | 0
decoder.vlan              | PcapFile                  | 0
decoder.vlan_qinq         | PcapFile                  | 0
decoder.teredo            | PcapFile                  | 0
decoder.ipv4_in_ipv6      | PcapFile                  | 0
decoder.ipv6_in_ipv6      | PcapFile                  | 0
decoder.avg_pkt_size      | PcapFile                  | 150
decoder.max_pkt_size      | PcapFile                  | 896
defrag.ipv4.fragments     | PcapFile                  | 0
defrag.ipv4.reassembled   | PcapFile                  | 0
defrag.ipv4.timeouts      | PcapFile                  | 0
defrag.ipv6.fragments     | PcapFile                  | 0
defrag.ipv6.reassembled   | PcapFile                  | 0
defrag.ipv6.timeouts      | PcapFile                  | 0
defrag.max_frag_hits      | PcapFile                  | 0
tcp.sessions              | PcapFile                  | 1
tcp.ssn_memcap_drop       | PcapFile                  | 0
tcp.pseudo                | PcapFile                  | 0
tcp.invalid_checksum      | PcapFile                  | 0
tcp.no_flow               | PcapFile                  | 0
tcp.reused_ssn            | PcapFile                  | 0
tcp.memuse                | PcapFile                  | 192
tcp.syn                   | PcapFile                  | 1
tcp.synack                | PcapFile                  | 1
tcp.rst                   | PcapFile                  | 0
tcp.segment_memcap_drop   | PcapFile                  | 0
tcp.stream_depth_reached  | PcapFile                  | 0
tcp.reassembly_memuse     | PcapFile                  | 12316544
tcp.reassembly_gap        | PcapFile                  | 0
http.memuse               | PcapFile                  | 72
http.memcap               | PcapFile                  | 0
detect.alert              | PcapFile                  | 3
flow_mgr.closed_pruned    | FlowManagerThread         | 0
flow_mgr.new_pruned       | FlowManagerThread         | 0
flow_mgr.est_pruned       | FlowManagerThread         | 0
flow.memuse               | FlowManagerThread         | 7075168
flow.spare                | FlowManagerThread         | 10000
flow.emerg_mode_entered   | FlowManagerThread         | 0
flow.emerg_mode_over      | FlowManagerThread         | 0


eve.json - (2125 bytes) - download
1
2
3
4
5
6
{"timestamp":"2014-09-25T17:30:07.588581","pcap_cnt":13,"event_type":"alert","src_ip":"10.246.50.6","dest_ip":"10.246.50.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100366,"rev":8,"signature":"GPL ICMP_INFO PING *NIX","category":"Misc activity","severity":3}}
{"timestamp":"2014-09-25T17:30:07.677308","pcap_cnt":16,"event_type":"alert","src_ip":"10.246.50.2","src_port":43616,"dest_ip":"10.246.50.6","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":4,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-25T17:30:07.677308","pcap_cnt":16,"event_type":"alert","src_ip":"10.246.50.2","src_port":43616,"dest_ip":"10.246.50.6","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":4,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-25T17:30:07.677308","pcap_cnt":16,"event_type":"alert","src_ip":"10.246.50.2","src_port":43616,"dest_ip":"10.246.50.6","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2022028,"rev":1,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-25T17:30:07.677308","pcap_cnt":16,"event_type":"http","src_ip":"10.246.50.2","src_port":43616,"dest_ip":"10.246.50.6","dest_port":80,"proto":"TCP","http":{"hostname":"10.246.50.6","url":"\/exploitable.cgi","http_user_agent":"() { :;}; \/bin\/ping -c1 10.246.50.2","http_content_type":"text\/html"}}
{"timestamp":"2014-09-25T17:30:07.677325","pcap_cnt":17,"event_type":"fileinfo","src_ip":"10.246.50.6","src_port":80,"dest_ip":"10.246.50.2","dest_port":43616,"proto":"TCP","http":{"url":"\/exploitable.cgi","hostname":"10.246.50.6","http_user_agent":"() { :;}; \/bin\/ping -c1 10.246.50.2"},"fileinfo":{"filename":"\/exploitable.cgi","state":"CLOSED","stored":false,"size":615}}


keyword_perf.log - (7056 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/22/2019 -- 03:09:45
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          197776          33              14              12776           5993.00         6258.00         5797.00        
  pcre             85722           4               3               29824           21430.00        23771.00        14408.00       
  flow             64276           11              11              13306           5843.00         5843.00         0.00           
  flowbits         22928           2               1               16036           11464.00        16036.00        6892.00        
  itype            16016           2               1               10900           8008.00         10900.00        5116.00        
  urilen           5062            1               0               5062            5062.00         0.00            5062.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             64276           11              11              13306           5843.00         5843.00         0.00           
  flowbits         6892            1               0               6892            6892.00         0.00            6892.00        
  itype            16016           2               1               10900           8008.00         10900.00        5116.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          148180          24              11              12776           6174.00         6433.00         5954.00        
  pcre             35340           2               1               20932           17670.00        20932.00        14408.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15896           3               1               5486            5298.00         5200.00         5348.00        
  pcre             20558           1               1               20558           20558.00        20558.00        0.00           
  urilen           5062            1               0               5062            5062.00         0.00            5062.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http server body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5800            1               0               5800            5800.00         0.00            5800.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http headers
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22628           4               2               6096            5657.00         5825.00         5489.00        
  pcre             29824           1               1               29824           29824.00        29824.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http user-agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5272            1               0               5272            5272.00         0.00            5272.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         16036           1               1               16036           16036.00        16036.00        0.00           


unified2.alert.1566443385 - (722 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
4T$Qû% Ž
ö2
ö2~T$QT$Qû%b€Ánøš„)%cÒETô@@@Á
ö2
ö2#ˆ$‡P$TYÛ !"#$%&'()*+,-./012345674T$Q
U¼Ï 
ö2
ö2ª`PÄT$QT$Q
U¼¨Eš@k
ö2
ö2ª`PPRGET /exploitable.cgi HTTP/1.1
User-Agent: () { :;}; /bin/ping -c1 10.246.50.2
Host: 10.246.50.6
Accept: */*

4T$Q
U¼ڌ
ö2
ö2ª`PÄT$QT$Q
U¼¨Eš@k
ö2
ö2ª`PPRGET /exploitable.cgi HTTP/1.1
User-Agent: () { :;}; /bin/ping -c1 10.246.50.2
Host: 10.246.50.6
Accept: */*


IDSDeathBlossom.py.log - (10380 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
2019-08-22 03:09:34,132 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-22 03:09:35,033 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-22 03:09:35,033 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-2.0.3-etopen-all
2019-08-22 03:09:35,034 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-22 03:09:35,034 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-22 03:09:35,034 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata203/bin/suricata -c /opt/suricata203/etc/etopen/suricata203-etopen-all.yaml -l /var/www/html/c1cc63c329b0666dd275df5ea24fa0ce760f1e847443cd58852aac2412abb46c -r /var/pcap/08222019.0309-exploit.pcap -vvv --runmode=single -k none
2019-08-22 03:09:45,574 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +479 - parse_ids_out: Error found in stderr
22/8/2019 -- 03:09:40 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata203/etc/etopen/luajit.rules: No such file or directory.
2019-08-22 03:09:45,575 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
2019-08-22 03:09:45,576 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
22/8/2019 -- 03:09:36 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/ET-emerging-icmp.rules
2019-08-22 03:09:45,576 - INFO - parse_ids_out - /opt/IDSDeathBlossom/IDSDeathBlossom.py +516 - parse_ids_out: Warning found in stdout
22/8/2019 -- 03:09:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/local.rules
2019-08-22 03:09:45,577 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-22 03:09:45,578 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +437 - mode:suricata; lastcmd:ulimit -c unlimited; /opt/suricata203/bin/suricata -c /opt/suricata203/etc/etopen/suricata203-etopen-all.yaml -l /var/www/html/c1cc63c329b0666dd275df5ea24fa0ce760f1e847443cd58852aac2412abb46c -r /var/pcap/08222019.0309-exploit.pcap -vvv --runmode=single -k none; returncode:0; elapsed:10.515990; Errors:
- 22/8/2019 -- 03:09:40 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata203/etc/etopen/luajit.rules: No such file or directory.

 Warnings:
- Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
- 22/8/2019 -- 03:09:36 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/ET-emerging-icmp.rules
- 22/8/2019 -- 03:09:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/local.rules

 stderr:
22/8/2019 -- 03:09:40 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /opt/suricata203/etc/etopen/luajit.rules: No such file or directory.

 stdout:
22/8/2019 -- 03:09:35 - <Info> - Configuration node 'rule-files' redefined.
Warning: Invalid/No global_log_level assigned by user.  Falling back on the default_log_level "Info"
22/8/2019 -- 03:09:35 - <Notice> - This is Suricata version 2.0.3 RELEASE
22/8/2019 -- 03:09:35 - <Info> - CPUs/cores online: 1
22/8/2019 -- 03:09:35 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
22/8/2019 -- 03:09:35 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
22/8/2019 -- 03:09:35 - <Info> - DNS request flood protection level: 500
22/8/2019 -- 03:09:35 - <Info> - DNS per flow memcap (state-memcap): 524288
22/8/2019 -- 03:09:35 - <Info> - DNS global memcap: 16777216
22/8/2019 -- 03:09:35 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/8/2019 -- 03:09:35 - <Info> - preallocated 1000 defrag trackers of size 168
22/8/2019 -- 03:09:35 - <Info> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/8/2019 -- 03:09:35 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
22/8/2019 -- 03:09:35 - <Info> - preallocated 1024 packets. Total memory 3573760
22/8/2019 -- 03:09:35 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/8/2019 -- 03:09:35 - <Info> - preallocated 1000 hosts of size 112
22/8/2019 -- 03:09:35 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
22/8/2019 -- 03:09:35 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
22/8/2019 -- 03:09:35 - <Info> - preallocated 10000 flows of size 280
22/8/2019 -- 03:09:35 - <Info> - flow memory usage: 7074304 bytes, maximum: 67108864
22/8/2019 -- 03:09:35 - <Info> - IP reputation disabled
22/8/2019 -- 03:09:35 - <Info> - Registered 106 keyword profiling counters.
22/8/2019 -- 03:09:35 - <Info> - using magic-file /usr/share/file/magic
22/8/2019 -- 03:09:35 - <Info> - Delayed detect disabled
22/8/2019 -- 03:09:36 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/ET-emerging-icmp.rules
22/8/2019 -- 03:09:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /opt/suricata203/etc/etopen/local.rules
22/8/2019 -- 03:09:40 - <Info> - 45 rule files processed. 18223 rules successfully loaded, 0 rules failed
22/8/2019 -- 03:09:40 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
22/8/2019 -- 03:09:40 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
22/8/2019 -- 03:09:41 - <Info> - building signature grouping structure, stage 2: building source address list... complete
22/8/2019 -- 03:09:44 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
22/8/2019 -- 03:09:45 - <Info> - Registered 18228 rule profiling counters.
22/8/2019 -- 03:09:45 - <Info> - Threshold config parsed: 0 rule(s) found
22/8/2019 -- 03:09:45 - <Info> - Core dump size is unlimited.
22/8/2019 -- 03:09:45 - <Info> - fast output device (regular) initialized: alert
22/8/2019 -- 03:09:45 - <Info> - eve-log output device (regular) initialized: eve.json
22/8/2019 -- 03:09:45 - <Info> - returning output_ctx 0x6be74c0
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'alert'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'http'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'dns'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'tls'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'files'
22/8/2019 -- 03:09:45 - <Info> - enabling 'eve-log' module 'ssh'
22/8/2019 -- 03:09:45 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/8/2019 -- 03:09:45 - <Info> - http-log output device (regular) initialized: http.log
22/8/2019 -- 03:09:45 - <Info> - reading pcap file /var/pcap/08222019.0309-exploit.pcap
22/8/2019 -- 03:09:45 - <Info> - stream "prealloc-sessions": 2048 (per thread)
22/8/2019 -- 03:09:45 - <Info> - stream "memcap": 33554432
22/8/2019 -- 03:09:45 - <Info> - stream "midstream" session pickups: disabled
22/8/2019 -- 03:09:45 - <Info> - stream "async-oneside": disabled
22/8/2019 -- 03:09:45 - <Info> - stream "checksum-validation": disabled
22/8/2019 -- 03:09:45 - <Info> - stream."inline": disabled
22/8/2019 -- 03:09:45 - <Info> - stream "max-synack-queued": 5
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "memcap": 134217728
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "depth": 0
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "toserver-chunk-size": 2681
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "toclient-chunk-size": 2457
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly.raw: enabled
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 4, prealloc 256
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 16, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 112, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 248, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 512, prealloc 512
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 768, prealloc 1024
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 1448, prealloc 1024
22/8/2019 -- 03:09:45 - <Info> - segment pool: pktsize 65535, prealloc 128
22/8/2019 -- 03:09:45 - <Info> - stream.reassembly "chunk-prealloc": 250
22/8/2019 -- 03:09:45 - <Notice> - all 1 packet processing threads, 3 management threads initialized, engine started.
22/8/2019 -- 03:09:45 - <Info> - pcap file end of file reached (pcap err code 0)
22/8/2019 -- 03:09:45 - <Notice> - Signal Received.  Stopping engine.
22/8/2019 -- 03:09:45 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
22/8/2019 -- 03:09:45 - <Info> - time elapsed 0.030s
22/8/2019 -- 03:09:45 - <Notice> - Pcap-file module read 31 packets, 4654 bytes
22/8/2019 -- 03:09:45 - <Info> - Stream TCP processed 29 TCP packets
22/8/2019 -- 03:09:45 - <Info> - Fast log output wrote 3 alerts
22/8/2019 -- 03:09:45 - <Info> - Alert unified2 module wrote 3 alerts
22/8/2019 -- 03:09:45 - <Info> - HTTP logger logged 1 requests
22/8/2019 -- 03:09:45 - <Info> - host memory usage: 390144 bytes, maximum: 16777216
22/8/2019 -- 03:09:45 - <Info> - Dumping profiling data for 18228 rules.
22/8/2019 -- 03:09:45 - <Info> - Done dumping profiling data.
22/8/2019 -- 03:09:45 - <Info> - file /var/www/html/c1cc63c329b0666dd275df5ea24fa0ce760f1e847443cd58852aac2412abb46c/keyword_perf.log mode a
22/8/2019 -- 03:09:45 - <Info> - Done dumping keyword profiling data.
22/8/2019 -- 03:09:45 - <Info> - cleaning up signature grouping structure... complete
22/8/2019 -- 03:09:45 - <Info> - Done dumping profiling data.

 
2019-08-22 03:09:45,578 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 11.4663329124