1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cb842d44bff835e6901ee6a0a53dcbbb56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0903-network.pcap -vvv -k none
elapsedtime:21.491969
stderr:
stdout:
5/7/2019 -- 09:03:30 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 09:03:30 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 09:03:30 - <Info> - CPUs/cores online: 1
5/7/2019 -- 09:03:30 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33303 and 'request-body-inspect-window' set to 16858 after randomization.
5/7/2019 -- 09:03:30 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31367 and 'response-body-inspect-window' set to 16384 after randomization.
5/7/2019 -- 09:03:30 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 09:03:30 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 09:03:30 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 09:03:30 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 09:03:30 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 09:03:30 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 09:03:30 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 09:03:30 - <Config> - Core dump size is unlimited.
5/7/2019 -- 09:03:30 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 09:03:30 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 09:03:30 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 09:03:30 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 09:03:30 - <Config> - stream "memcap": 33554432
5/7/2019 -- 09:03:30 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 09:03:30 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 09:03:30 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 09:03:30 - <Config> - stream."inline": disabled
5/7/2019 -- 09:03:30 - <Config> - stream "bypass": disabled
5/7/2019 -- 09:03:30 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly "toserver-chunk-size": 2501
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly "toclient-chunk-size": 2551
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 09:03:30 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 09:03:30 - <Config> - Delayed detect disabled
5/7/2019 -- 09:03:30 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 09:03:30 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 09:03:30 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 09:03:30 - <Config> - prefilter engines: MPM
5/7/2019 -- 09:03:30 - <Config> - IP reputation disabled
5/7/2019 -- 09:03:30 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 09:03:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 09:03:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 09:03:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 09:03:35 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 09:03:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 09:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 09:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 09:03:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 09:03:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 09:03:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 09:03:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 09:03:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 09:03:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 09:03:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 09:03:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 09:03:42 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 09:03:42 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 09:03:42 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 09:03:43 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 09:03:43 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 09:03:43 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 09:03:43 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 09:03:43 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 09:03:43 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 09:03:43 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 09:03:43 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 09:03:43 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 09:03:47 - <Perf> - Unique rule groups: 104
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 09:03:47 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 09:03:47 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 09:03:49 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 09:03:49 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 09:03:49 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 09:03:49 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 09:03:49 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 09:03:49 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 09:03:49 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 09:03:49 - <Info> - reading pcap file /var/pcap/07052019.0903-network.pcap
5/7/2019 -- 09:03:49 - <Config> - using 1 flow manager threads
5/7/2019 -- 09:03:49 - <Config> - using 1 flow recycler threads
5/7/2019 -- 09:03:49 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
5/7/2019 -- 09:03:49 - <Info> - No packets with
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 6 5254 11890457 667991264 439124097 2307.2b 98.77
IPv4 17 25 10838999 668376647 526209769 13.2b 0.56
IPv6 17 13 11498415 668580167 521739936 6.8b 0.29
IPv6 58 16 12774535 664710828 548529899 8.8b 0.38
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 6 5254 65693 30592723 159181 836.3m 94.69
TMM_FLOWWORKER IPv4 17 25 164059 1006610 288273 7.2m 0.82
TMM_RECEIVEPCAPFILE IPv4 6 5254 2549 4564023 3776 19.8m 2.25
TMM_RECEIVEPCAPFILE IPv4 17 25 2545 10861 3059 76.5k 0.01
TMM_DECODEPCAPFILE IPv4 6 5254 2643 106616 2845 14.9m 1.69
TMM_DECODEPCAPFILE IPv4 17 25 2760 30625 4143 103.6k 0.01
TMM_FLOWWORKER IPv6 17 13 185941 298777 235200 3.1m 0.35
TMM_FLOWWORKER IPv6 58 16 77552 152582 91380 1.5m 0.17
TMM_RECEIVEPCAPFILE IPv6 17 13 2569 3081 2768 36.0k 0.00
TMM_RECEIVEPCAPFILE IPv6 58 16 2551 2786 2639 42.2k 0.00
TMM_DECODEPCAPFILE IPv6 17 13 2838 16431 4580 59.5k 0.01
TMM_DECODEPCAPFILE IPv6 58 16 2789 8592 3540 56.6k 0.01
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 6 5254 2717 31367 3214 16.9m 2.20
flow IPv4 17 25 2833 31388 6407 160.2k 0.02
stream IPv4 6 5254 2660 3087455 4547 23.9m 3.12
app-layer IPv4 17 25 2522 83371 10723 268.1k 0.03
detect IPv4 6 5254 43698 30550360 131778 692.4m 90.28
detect IPv4 17 25 141704 459802 239838 6.0m 0.78
tcp-prune IPv4 6 5254 2539 7929359 4403 23.1m 3.02
flow IPv6 17 13 2820 25715 7131 92.7k 0.01
flow IPv6 58 16 3432 9096 4535 72.6k 0.01
app-layer IPv6 17 13 2721 15691 8922 116.0k 0.02
detect IPv6 17 13 163306 258533 207187 2.7m 0.35
detect IPv6 58 16 65960 140218 74766 1.2m 0.16
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 4 3686 37814 12644 50.6k 15.34
http IPv4 17 7 3686 37814 18809 131.7k 39.95
dns IPv4 17 2 6842 51514 29178 58.4k 17.70
http IPv6 17 5 3686 37814 17801 89.0k 27.00
Proto detect IPv4 17 15 2707 28875 7689 115.3k
Proto detect IPv6 17 10 2980 9145 4839 48.4k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 2 44683 422384 233533 467.1k 36.74
LOGGER_JSON_HTTP IPv4 6 4 39840 129308 64102 256.4k 20.17
LOGGER_JSON_FILE IPv4 6 6 53144 137758 91310 547.9k 43.09
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 4262 2565 16340368 25593 109.1m 37.68
payload IPv4 17 25 4483 145962 31476 786.9k 0.27
stream IPv4 6 4262 2512 30376397 41757 178.0m 61.48
http_uri IPv4 6 4 6572 16179 10726 42.9k 0.01
http_request_line IPv4 6 4 4012 9979 6075 24.3k 0.01
http_client_body IPv4 6 4 3896 114860 56598 226.4k 0.08
http_header (request) IPv4 6 4 37407 121500 74296 297.2k 0.10
http_header (request trailer) IPv4 6 4 2614 2794 2677 10.7k 0.00
http_header_names (request) IPv4 6 4 10416 24648 18715 74.9k 0.03
http_accept (request) IPv4 6 4 3395 8598 4771 19.1k 0.01
http_referer (request) IPv4 6 4 2961 3290 3166 12.7k 0.00
http_content_len (request) IPv4 6 4 3721 4876 4260 17.0k 0.01
http_content_type (request) IPv4 6 4 3887 13589 6837 27.4k 0.01
http_protocol (request) IPv4 6 4 3690 8139 5185 20.7k 0.01
http_start (request) IPv4 6 4 7826 13943 10856 43.4k 0.02
http_raw_header (request) IPv4 6 4 9299 31971 16159 64.6k 0.02
http_method IPv4 6 4 4420 6769 5873 23.5k 0.01
http_cookie (request) IPv4 6 4 3129 4153 3437 13.8k 0.00
http_raw_uri IPv4 6 4 3687 4962 4389 17.6k 0.01
http_user_agent IPv4 6 4 4284 29202 11483 45.9k 0.02
http_host IPv4 6 4 3550 7456 4748 19.0k 0.01
dns_query IPv4 17 1 10005 10005 10005 10.0k 0.00
http_response_line IPv4 6 4 5014 9055 6570 26.3k 0.01
http_header (response) IPv4 6 4 14726 45718 27047 108.2k 0.04
http_header (response trailer) IPv4 6 4 2674 2698 2688 10.8k 0.00
http_content_type (response) IPv4 6 4 5045 9671 6960 27.8k 0.01
http_raw_header (response) IPv4 6 7 4218 9089 6530 45.7k 0.02
http_cookie (response) IPv4 6 4 2953 3100 3042 12.2k 0.00
http_stat_code IPv4 6 4 3334 4509 3768 15.1k 0.01
file_data (http response) IPv4 6 3 3122 25341 10584 31.8k 0.01
Total IPv4 8656 33402 289.1m
payload IPv6 17 13 5570 35854 21538 280.0k 0.10
payload IPv6 58 16 2792 8519 4464 71.4k 0.02
Total IPv6 29 12118 351.4k
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 10 15868 51936 37051 370.5k 0.04
PROF_DETECT_IPONLY IPv4 17 15 15374 75311 49673 745.1k 0.08
PROF_DETECT_RULES IPv4 6 5254 2527 3464408 15084 79.3m 8.61
PROF_DETECT_RULES IPv4 17 25 74694 247762 107865 2.7m 0.29
PROF_DETECT_STATEFUL_START IPv4 6 15 5147 1846422 227562 3.4m 0.37
PROF_DETECT_STATEFUL_CONT IPv4 6 5254 2501 54708 2955 15.5m 1.69
PROF_DETECT_STATEFUL_CONT IPv4 17 25 2507 50718 4857 121.4k 0.01
PROF_DETECT_STATEFUL_UPDATE IPv4 6 29 2564 29120 3609 104.7k 0.01
PROF_DETECT_STATEFUL_UPDATE IPv4 17 2 2801 3765 3283 6.6k 0.00
PROF_DETECT_PREFILTER IPv4 6 5254 7671 30422691 75988 399.2m 43.38
PROF_DETECT_PREFILTER IPv4 17 25 25407 168852 55724 1.4m 0.15
PROF_DETECT_PF_PAYLOAD IPv4 6 4262 13783 30402460 75870 323.4m 35.14
PROF_DETECT_PF_PAYLOAD IPv4 17 25 9535 151029 36685 917.1k 0.10
PROF_DETECT_PF_TX IPv4 6 29 2702 412288 59159 1.7m 0.19
PROF_DETECT_PF_TX IPv4 17 1 16585 16585 16585 16.6k 0.00
PROF_DETECT_PF_SORT1 IPv4 6 1931 2516 48662 2890 5.6m 0.61
PROF_DETECT_PF_SORT1 IPv4 17 25 2908 16008 4102 102.6k 0.01
PROF_DETECT_PF_SORT2 IPv4 6 5254 2511 43021 2801 14.7m 1.60
PROF_DETECT_PF_SORT2 IPv4 17 25 2588 3750 2872 71.8k 0.01
PROF_DETECT_NONMPMLIST IPv4 6 5254 2516 6660464 4154 21.8m 2.37
PROF_DETECT_NONMPMLIST IPv4 17 25 2600 3544 2923 73.1k 0.01
PROF_DETECT_ALERT IPv4 6 5254 2516 34146 2702 14.2m 1.54
PROF_DETECT_ALERT IPv4 17 25 2531 16894 3236 80.9k 0.01
PROF_DETECT_CLEANUP IPv4 6 5254 2544 391574 2871 15.1m 1.64
PROF_DETECT_CLEANUP IPv4 17 25 2522 5631 3006 75.2k 0.01
PROF_DETECT_GETSGH IPv4 6 5254 2510 51141 2967 15.6m 1.69
PROF_DETECT_GETSGH IPv4 17 25 2711 18518 5540 138.5k 0.02
PROF_DETECT_IPONLY IPv6 17 10 2939 11926 5292 52.9k 0.01
PROF_DETECT_IPONLY IPv6 58 16 2923 11383 3978 63.7k 0.01
PROF_DETECT_RULES IPv6 17 13 87593 147281 104397 1.4m 0.15
PROF_DETECT_RULES IPv6 58 16 2529 2780 2571 41.1k 0.00
PROF_DETECT_STATEFUL_CONT IPv6 17 13 2508 2792 2712 35.3k 0.00
PROF_DETECT_STATEFUL_CONT IPv6 58 16 2512 13814 3439 55.0k 0.01
PROF_DETECT_PREFILTER IPv6 17 13 26965 66265 49110 638.4k 0.07
PROF_DETECT_PREFILTER IPv6 58 16 18454 24236 20275 324.4k 0.04
PROF_DETECT_PF_PAYLOAD IPv6 17 13 10656 44094 28753 373.8k 0.04
PROF_DETECT_PF_PAYLOAD IPv6 58 16 7837 13645 9641 154.3k 0.02
PROF_DETECT_PF_SORT1 IPv6 17 13 2971 4439 3638 47.3k 0.01
PROF_DETECT_PF_SORT2 IPv6 17 13 2601 16602 4157 54.1k 0.01
PROF_DETECT_PF_SORT2 IPv6 58 16 2516 2645 2546 40.7k 0.00
PROF_DETECT_NONMPMLIST IPv6 17 13 2741 3530 3072 39.9k 0.00
PROF_DETECT_NONMPMLIST IPv6 58 16 2520 2930 2758 44.1k 0.00
PROF_DETECT_ALERT IPv6 17 13 2546 3525 2810 36.5k 0.00
PROF_DETECT_ALERT IPv6 58 16 2521 2887 2573 41.2k 0.00
PROF_DETECT_CLEANUP IPv6 17 13 2532 5124 3288 42.8k 0.00
PROF_DETECT_CLEANUP IPv6 58 16 2699 70489 7461 119.4k 0.01
P
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | ------------------------------------------------------------------------------------
Date: 7/5/2019 -- 09:03:52 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 5324
decoder.bytes | Total | 6494915
decoder.ipv4 | Total | 5279
decoder.ipv6 | Total | 29
decoder.ethernet | Total | 5324
decoder.tcp | Total | 5254
decoder.udp | Total | 38
decoder.icmpv6 | Total | 16
decoder.avg_pkt_size | Total | 1219
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 5
flow.udp | Total | 24
flow.icmpv6 | Total | 16
tcp.sessions | Total | 5
tcp.syn | Total | 5
tcp.synack | Total | 5
tcp.overlap | Total | 1
detect.mpm_list | Total | 1
detect.nonmpm_list | Total | 1
detect.match_list | Total | 1
app_layer.flow.http | Total | 4
app_layer.tx.http | Total | 4
app_layer.flow.failed_tcp | Total | 1
app_layer.flow.dns_udp | Total | 1
app_layer.tx.dns_udp | Total | 1
app_layer.flow.failed_udp | Total | 23
flow_mgr.closed_pruned | Total | 2
flow_mgr.new_pruned | Total | 28
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 45
flow_mgr.flows_notimeout | Total | 15
flow_mgr.flows_timeout | Total | 30
flow_mgr.flows_removed | Total | 30
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65495
flow_mgr.rows_maxlen | Total | 2
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7087264
|
1 2 3 4 5 6 7 8 9 10 11 12 | {"timestamp":"2019-07-04T23:17:21.299344+0000","flow_id":378423277097296,"pcap_cnt":5239,"event_type":"dns","src_ip":"192.168.240.206","src_port":62015,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38546,"rrname":"base6401.1gb.ua","rrtype":"A","tx_id":0}}
{"timestamp":"2019-07-04T23:17:17.495309+0000","flow_id":378423277097296,"pcap_cnt":5240,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.206","dest_port":62015,"proto":"UDP","dns":{"type":"answer","id":38546,"rcode":"NOERROR","rrname":"base6401.1gb.ua","rrtype":"A","ttl":3599,"rdata":"195.234.4.57"}}
{"timestamp":"2019-07-04T23:17:18.096122+0000","flow_id":1883534436196148,"pcap_cnt":5248,"event_type":"http","src_ip":"192.168.240.206","src_port":49365,"dest_ip":"195.234.4.57","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"base6401.1gb.ua","url":"\/b1\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.0)","http_content_type":"text\/html"}}
{"timestamp":"2019-07-04T23:18:14.314952+0000","flow_id":518525113778687,"pcap_cnt":5270,"event_type":"fileinfo","src_ip":"192.168.240.212","src_port":49247,"dest_ip":"192.168.240.206","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.206","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-07-04T23:18:14.315361+0000","flow_id":518525113778687,"pcap_cnt":5272,"event_type":"http","src_ip":"192.168.240.212","src_port":49247,"dest_ip":"192.168.240.206","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.206","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-07-04T23:18:14.317049+0000","flow_id":518525113778687,"pcap_cnt":5274,"event_type":"fileinfo","src_ip":"192.168.240.206","src_port":5357,"dest_ip":"192.168.240.212","dest_port":49247,"proto":"TCP","http":{"hostname":"192.168.240.206","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-07-04T23:19:16.943809+0000","flow_id":1618921508855789,"pcap_cnt":5294,"event_type":"fileinfo","src_ip":"192.168.240.206","src_port":49366,"dest_ip":"192.168.240.66","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-07-04T23:19:16.943967+0000","flow_id":1618921508855789,"pcap_cnt":5296,"event_type":"http","src_ip":"192.168.240.206","src_port":49366,"dest_ip":"192.168.240.66","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-07-04T23:19:16.945059+0000","flow_id":1618921508855789,"pcap_cnt":5298,"event_type":"fileinfo","src_ip":"192.168.240.66","src_port":5357,"dest_ip":"192.168.240.206","dest_port":49366,"proto":"TCP","http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-07-04T23:19:21.541919+0000","flow_id":1889036297766649,"pcap_cnt":5317,"event_type":"fileinfo","src_ip":"192.168.240.206","src_port":49367,"dest_ip":"192.168.240.66","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-07-04T23:19:21.542065+0000","flow_id":1889036297766649,"pcap_cnt":5319,"event_type":"http","src_ip":"192.168.240.206","src_port":49367,"dest_ip":"192.168.240.66","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-07-04T23:19:21.543304+0000","flow_id":1889036297766649,"pcap_cnt":5321,"event_type":"fileinfo","src_ip":"192.168.240.66","src_port":5357,"dest_ip":"192.168.240.206","dest_port":49367,"proto":"TCP","http":{"hostname":"192.168.240.66","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 7/5/2019 -- 09:03:52. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2001330 1 8 12065288 29.33 4206 0 432184 2868.59 0.00 2868.59
2 2024778 1 1 706668 1.72 120 0 381206 5888.90 0.00 5888.90
3 2018358 1 7 85819 0.21 1 0 85819 85819.00 0.00 85819.00
4 2803027 1 6 320041 0.78 80 0 75529 4000.51 0.00 4000.51
5 2811447 1 2 6511977 15.83 206 0 71364 31611.54 0.00 31611.54
6 2816909 1 2 69563 0.17 1 0 69563 69563.00 0.00 69563.00
7 2024133 1 2 67831 0.16 1 0 67831 67831.00 0.00 67831.00
8 2830613 1 2 67262 0.16 1 0 67262 67262.00 0.00 67262.00
9 2018981 1 4 65547 0.16 1 0 65547 65547.00 0.00 65547.00
10 2816940 1 2 64445 0.16 1 0 64445 64445.00 0.00 64445.00
11 2017259 1 12 60639 0.15 1 0 60639 60639.00 0.00 60639.00
12 2816910 1 2 60611 0.15 1 0 60611 60611.00 0.00 60611.00
13 2018452 1 15 59329 0.14 1 0 59329 59329.00 0.00 59329.00
14 2816525 1 10 55854 0.14 1 0 55854 55854.00 0.00 55854.00
15 2816929 1 4 55787 0.14 1 0 55787 55787.00 0.00 55787.00
16 2022220 1 2 55335 0.13 1 0 55335 55335.00 0.00 55335.00
17 2815481 1 6 52010 0.13 1 0 52010 52010.00 0.00 52010.00
18 2024848 1 2 135587 0.33 3 0 50190 45195.67 0.00 45195.67
19 2025142 1 2 132431 0.32 3 0 49478 44143.67 0.00 44143.67
20 2810991 1 4 48618 0.12 1 0 48618 48618.00 0.00 48618.00
21 2816669 1 4 125392 0.30 3 0 48473 41797.33 0.00 41797.33
22 2814883 1 3 48253 0.12 1 0 48253 48253.00 0.00 48253.00
23 2025064 1 5 48198 0.12 1 0 48198 48198.00 0.00 48198.00
24 2022339 1 2 48154 0.12 1 0 48154 48154.00 0.00 48154.00
25 2023670 1 3 47250 0.11 1 1 47250 47250.00 47250.00 0.00
26 2024139 1 2 45818 0.11 1 0 45818 45818.00 0.00 45818.00
27 2816327 1 4 43973 0.11 1 0 43973 43973.00 0.00 43973.00
28 2021067 1 2 95840 0.23 3 0 42347 31946.67 0.00 31946.67
29 2804556 1 2 41407 0.10 1 0 41407 41407.00 0.00 41407.00
30 2018958 1 18 41031 0.10 1 0 41031 41031.00 0.00 41031.00
31 2019693 1 5 40330 0.10 1 0 40330 40330.00 0.00 40330.00
32 2018375 1 3 2525217 6.14 198 0 40317 12753.62 0.00 12753.62
33 2023315 1 2 40186 0.10 1 0 40186 40186.00 0.00 40186.00
34 2815817 1 5 37832 0.09 1 0 37832 37832.00 0.00 37832.00
35 2017552 1 6 189902 0.46 11 0 37491 17263.82 0.00 17263.82
36 2821148 1 4 89344 0.22 3 0 37490 29781.33 0.00 29781.33
37 2820851 1 5 37270 0.09 1 0 37270 37270.00 0.00 37270.00
38 2828060 1 4 36408 0.09 1 0 36408 36408.00 0.00 36408.00
39 2023875 1 2 36333 0.09 1 0 36333 36333.00 0.00 36333.00
40 2815480 1 6 68655 0.17 2 0 35814 34327.50 0.00 34327.50
41 2024134 1 2 35197 0.09 1 0 35197 35197.00 0.00 35197.00
42 2020705 1 4 34884 0.08 1 0 34884 34884.00 0.00 34884.00
43 2821561 1 2 99673 0.24 3 0 34857 33224.33 0.00 33224.33
44 2003492 1 30 34757 0.08 1 0 34757 34757.00 0.00 34757.00
45 2024135 1 2 34554 0.08 1 0 34554 34554.00 0.00 34554.00
46 2017613 1 9 34370 0.08 1 0 34370 34370.00 0.00 34370.00
47 2022547 1 1 513245 1.25 177 0 34363 2899.69 0.00 2899.69
48 2820263 1 5 34274 0.08 1 0 34274 34274.00 0.00 34274.00
49 2024140 1 2 34175 0.08 1 0 34175 34175.00 0.00 34175.00
50 2827580 1 7 43381 0.11 4 0 34064 10845.25 0.00 10845.25
51 2024138 1 2 34039 0.08 1 0 34039 34039.00 0.00 34039.00
52 2022503 1 2 33959 0.08 1 0 33959 33959.00 0.00 33959.00
53 2024136 1 2 33852 0.08 1 0 33852 33852.00 0.00 33852.00
54 2815754 1 2 33795 0.08 1 0 33795 33795.00 0.00 33795.00
55 2024142 1 2 33645 0.08 1 0 33645 33645.00 0.00 33645.00
56 2018983 1 7 33394 0.08 1 0 33394 33394.00 0.00 33394.00
57 2816165 1 5 119085 0.29 4 0 33336 29771.25 0.00 29771.25
58 2014133 1 4 77915 0.19 3 0 33289 25971.67 0.00 25971.67
59 2024141 1 2 33259 0.08 1 0 33259 33259.00 0.00 33259.00
60 2815753 1 2 64257 0.16 2 0 33031 32128.50 0.00 32128.50
61 2024137 1 2 33029 0.08 1 0 33029 33029.00 0.00 33029.00
62 2803760 1 3 32900 0.08 1 0 32900 32900.00 0.00 32900.00
63 2011894 1 19 31607 0.08 1 0 31607 31607.00 0.00 31607.00
64 2014380 1 4 70041 0.17 8 0 31399 8755.12 0.00 8755.12
65 2021038 1 4 30758 0.07 1 0 30758 30758.00 0.00 30758.00
66 2804906 1 3 297507 0.72 92 0 30678 3233.77 0.00 3233.77
67 2022207 1 4 30393 0.07 1 0 30393 30393.00 0.00 30393.00
68 2019344 1 5 30260 0.07 1 0 30260 30260.00 0.00 30260.00
69 2019881 1 3 30074 0.07 1 0 30074 30074.00 0.00 30074.00
70 2811280 1 7 29706 0.07 1 0 29706 29706.00 0.00 29706.00
71 2020295 1 6 29643 0.07 1 0 29643 29643.00 0.00 29643.00
72 2816526 1 13 29251 0.07 1 0 29251 29251.00 0.00 29251.00
73 2811279 1 7 56886 0.14 2 0 29155 28443.00 0.00 28443.00
74 2828986 1 2 29061 0.07 1 0 29061 29061.00 0.00 29061.00
75 2016858 1 10 29019 0.07 1 0 29019 29019.00 0.00 29019.00
76 2021017 1 2 28739 0.07 1 0 28739 28739.00 0.00 28739.00
77 2806132 1 3 28721 0.07 1 0 28721 28721.00 0.00 28721.00
78 2828122 1 2 28662 0.07 1 0 28662 28662.00 0.00 28662.00
79 2016869 1 3 28623 0.07 1 0 28623 28623.00 0.00 28623.00
80 2018496 1 9 28598 0.07 1 0 28598 28598.00 0.00 28598.00
81 2820031 1 2 28568 0.07 1 0 28568 28568.00 0.00 28568.00
82 2022262 1 3 28516 0.07 1 0 28516 28516.00 0.00 28516.00
83 2024767 1 2 28486 0.07 1 0 28486 28486.00 0.00 28486.00
84 2819673 1 4 28457 0.07 1 0 28457 28457.00 0.00 28457.00
85 2019155 1 2 79720 0.19 3 0 28454 26573.33 0.00 26573.33
86 2816328 1 5 28350 0.07 1 0 28350 28350.00 0.00 28350.00
87 2018242 1 5 28292 0.07 1 0 28292 28292.00 0.00 28292.00
88 2819993 1 2 28288 0.07 1 0 28288 28288.00 0.00 28288.00
89 2829848 1 2 28078 0.07 1 0 28078 28078.00 0.00 28078.00
90 2014803 1 7 28022 0.07 1 0 28022 28022.00 0.00 28022.00
91 2022197 1 3 80641 0.20 3 0 28012 26880.33 0.00 26880.33
92 2815324 1 2 27989 0.07 1 0 27989 27989.00 0.00 27989.00
93 2021506 1 4 27945 0.07 1 0 27945 27945.00 0.00 27945.00
94 2809816 1 2 80891 0.20 3 0 27938 26963.67 0.00 26963.67
95 2024771 1 1 36358 0.09 4 0 27794 9089.50 0.00 9089.50
96 2816922 1 5 27741 0.07 1 0 27741 27741.00 0.00 27741.00
97 2816055 1 2 27707 0.07 1 0 27707 27707.00 0.00 27707.00
98 2816931 1 3 27582 0.07 1 0 27582 27582.00 0.00 27582.00
99 2816925 1 3 27291 0.07 1 0 27291 27291.00 0.00 27291.00
100 2816927 1 3 27228 0.07 1 0 27228 27228.00 0.00 27228.00
101 2816924 1 4 26988 0.07 1 0 26988 26988.00 0.00 26988.00
102 2816930 1 4 26740 0.07 1 0 26740 26740.00 0.00 26740.00
103 2816928 1 3 26532 0.06 1 0 26532 26532.00 0.00 26532.00
104 2014701 1 12 46217 0.11 2 0 26417 23108.50 0.00 23108.50
105 2820309 1 2 72529 0.18 3 0 25658 24176.33 0.00 24176.33
106 2010143 1 3 139163 0.34 18 0 25440 7731.28 0.00 7731.28
107 2014643 1 7 24140 0.06 1 0 24140 24140.00 0.00 24140.00
108 2003657 1 18 23959 0.06 1 0 23959 23959.00 0.00 23959.00
109 2018377 1 3 573562 1.39 198 0 23819 2896.78 0.00 2896.78
110 2826256 1 2 84789 0.21 4 0 23639 21197.25 0.00 21197.25
111 2023917 1 3 23013 0.06 1 0 23013 23013.00 0.00 23013.00
112 2810578 1 3 22856 0.06 1 0 22856 22856.00 0.00 22856.00
113 2801929 1 7 233607 0.57 73 0 22643 3200.10 0.00 3200.10
114 2815201 1 2 22615 0.05 1 0 22615 22615.00 0.00 22615.00
115 2012707 1 5 84958 0.21 4 0 22519 21239.50 0.00 21239.50
116 2819785 1 2 22405 0.05 1 0 22405 22405.00 0.00 22405.00
117 2816394 1 2 64168 0.16 3 0 22304 21389.33 0.00 21389.33
118 2021701 1 1 507705 1.23 177 0 22250 2868.39 0.00 2868.39
119 2024178 1 2 22250 0.05 1 0 22250 22250.00 0.00 22250.00
120 2828008 1 2 31184 0.08 4 0 22193 7796.00 0.00 7796.00
121 2803902 1 3 22099 0.05 1 0 22099 22099.00 0.00 22099.00
122 2828212 1 2 62694 0.15 3 0 21883 20898.00 0.00 20898.00
123 2827279 1 5 31458 0.08 4 0 21850 7864.50 0.00 7864.50
124 2830036 1 1 61336 0.15 3 0 21841 20445.33 0.00 20445.33
125 2014704 1 7 63
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | --------------------------------------------------------------------------------------------------------------------------------
Date: 7/5/2019 -- 09:03:52
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 655046 198 198 15969 3308.00 3308.00 0.00
content 5386782 1628 828 33251 3308.00 3416.00 3197.00
pcre 279164 27 6 32686 10339.00 12796.00 9637.00
byte_test 16399 4 1 6823 4099.00 6823.00 3192.00
isdataat 3019 1 0 3019 3019.00 0.00 3019.00
flowbits 22366 6 1 7580 3727.00 7580.00 2957.00
urilen 112585 36 12 4017 3127.00 3138.00 3121.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 655046 198 198 15969 3308.00 3308.00 0.00
flowbits 14786 5 0 3354 2957.00 0.00 2957.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 4092671 1327 657 21001 3084.00 3108.00 3060.00
byte_test 16399 4 1 6823 4099.00 6823.00 3192.00
isdataat 3019 1 0 3019 3019.00 0.00 3019.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 7580 1 1 7580 7580.00 7580.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 147799 41 14 4485 3604.00 3570.00 3622.00
pcre 92632 10 1 32686 9263.00 10221.00 9156.00
urilen 112585 36 12 4017 3127.00 3138.00 3121.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_client_body
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 169243 30 6 16548 5641.00 8403.00 4950.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 11990 4 0 3284 2997.00 0.00 2997.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 722906 174 120 17298 4154.00 4300.00 3829.00
pcre 148938 15 3 18196 9929.00 9653.00 9998.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 37606 10 4 4332 3760.00 3829.00 3715.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_connection
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 8919 3 0 3047 2973.00 0.00 2973.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_content_type
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 40973 3 3 33251 13657.00 13657.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_protocol
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 3529 1 1 3529 3529.00 3529.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 17537 5 4 4078 3507.00 3364.00 4078.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_user_agent
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 127126 28 19 21377 4540.00 5115.00 3325.00
pcre 37594 2 2 25207 18797.00 18797.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_stat_code
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 6483 2 0 3258 3241.00 0.00 3241.00
|
1 2 3 4 5 6 7 8 | 2019-07-05 09:03:30,043 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 09:03:30,777 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 09:03:30,778 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 09:03:30,778 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 09:03:30,778 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 09:03:30,779 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cb842d44bff835e6901ee6a0a53dcbbb56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.0903-network.pcap -vvv -k none
2019-07-05 09:03:52,326 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-05 09:03:52,327 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.2935011387
|