1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 1 1 79895246 79895246 79895246 79.9m 0.56
IPv4 6 111 219650 96984992 61143673 6.8b 47.16
IPv4 17 43 2019672 116373974 68761631 3.0b 20.55
IPv6 6 26 99504544 109941704 104495597 2.7b 18.88
IPv6 17 13 3179518 114408232 99608176 1.3b 9.00
IPv6 58 5 98853212 114704996 111049192 555.2m 3.86
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 1 1 262292 262292 262292 262.3k 0.20
TMM_FLOWWORKER IPv4 6 111 117510 14050762 614998 68.3m 52.10
TMM_FLOWWORKER IPv4 17 43 291562 16117892 1063288 45.7m 34.90
TMM_RECEIVEPCAPFILE IPv4 1 1 6416 6416 6416 6.4k 0.00
TMM_RECEIVEPCAPFILE IPv4 6 106 5148 53336 6051 641.5k 0.49
TMM_RECEIVEPCAPFILE IPv4 17 43 5164 15540 6022 259.0k 0.20
TMM_DECODEPCAPFILE IPv4 1 1 16402 16402 16402 16.4k 0.01
TMM_DECODEPCAPFILE IPv4 6 106 5296 20810 5827 617.7k 0.47
TMM_DECODEPCAPFILE IPv4 17 43 5326 32822 6160 264.9k 0.20
TMM_FLOWWORKER IPv6 6 26 152852 908332 328653 8.5m 6.52
TMM_FLOWWORKER IPv6 17 13 339002 515362 391102 5.1m 3.88
TMM_FLOWWORKER IPv6 58 5 156294 175452 165888 829.4k 0.63
TMM_RECEIVEPCAPFILE IPv6 6 26 5180 6428 5479 142.5k 0.11
TMM_RECEIVEPCAPFILE IPv6 17 13 5236 6356 5631 73.2k 0.06
TMM_RECEIVEPCAPFILE IPv6 58 5 5428 5476 5458 27.3k 0.02
TMM_DECODEPCAPFILE IPv6 6 26 5324 5738 5426 141.1k 0.11
TMM_DECODEPCAPFILE IPv6 17 13 5404 28854 7386 96.0k 0.07
TMM_DECODEPCAPFILE IPv6 58 5 5408 6892 5816 29.1k 0.02
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 1 1 6670 6670 6670 6.7k 0.01
flow IPv4 6 106 4876 436144 10156 1.1m 1.03
flow IPv4 17 43 5330 46800 8015 344.7k 0.33
stream IPv4 6 111 5076 589796 48701 5.4m 5.20
app-layer IPv4 17 43 5150 76758 17239 741.3k 0.71
detect IPv4 1 1 238216 238216 238216 238.2k 0.23
detect IPv4 6 111 78886 13869778 500992 55.6m 53.45
detect IPv4 17 43 259540 5457578 622842 26.8m 25.74
tcp-prune IPv4 6 111 4566 432908 9749 1.1m 1.04
flow IPv6 6 26 5688 15702 6447 167.6k 0.16
flow IPv6 17 13 5488 19808 7360 95.7k 0.09
flow IPv6 58 5 6384 7062 6852 34.3k 0.03
stream IPv6 6 26 6192 168796 29228 760.0k 0.73
app-layer IPv6 17 13 5150 23332 10237 133.1k 0.13
detect IPv6 6 26 109006 627558 234796 6.1m 5.87
detect IPv6 17 13 305910 457234 351767 4.6m 4.40
detect IPv6 58 5 133340 152320 142802 714.0k 0.69
tcp-prune IPv6 6 26 5200 26562 6327 164.5k 0.16
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 6 6496 51160 18107 108.6k 28.42
http IPv4 17 7 6506 17716 8121 56.9k 14.87
tls IPv4 6 4 5666 13284 7653 30.6k 8.01
dns IPv4 17 18 5776 22982 8530 153.5k 40.16
http IPv6 6 2 6506 6588 6547 13.1k 3.43
http IPv6 17 3 6506 6520 6515 19.5k 5.11
Proto detect IPv4 6 2 6592 15520 11056 22.1k
Proto detect IPv4 17 24 5486 50674 11739 281.7k
Proto detect IPv6 17 4 5498 6572 5801 23.2k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 10 49338 15288802 1635820 16.4m 87.26
LOGGER_JSON_HTTP IPv4 6 7 51970 150270 79244 554.7k 2.96
LOGGER_JSON_TLS IPv4 6 2 4902 5706 5304 10.6k 0.06
LOGGER_JSON_FILE IPv4 6 9 65376 264476 138305 1.2m 6.64
LOGGER_JSON_HTTP IPv6 6 2 61230 64472 62851 125.7k 0.67
LOGGER_JSON_FILE IPv6 6 4 96824 146096 113123 452.5k 2.41
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 1 1 26874 26874 26874 26.9k 0.15
payload IPv4 6 54 5120 558538 44811 2.4m 13.45
payload IPv4 17 43 7806 88566 29370 1.3m 7.02
stream IPv4 6 54 4572 509948 57080 3.1m 17.14
http_uri IPv4 6 7 11602 26808 16787 117.5k 0.65
http_request_line IPv4 6 7 7076 24642 11231 78.6k 0.44
http_client_body IPv4 6 7 5972 60684 22510 157.6k 0.88
http_header (request) IPv4 6 7 22666 44966 29798 208.6k 1.16
http_header (request trailer) IPv4 6 7 5232 6486 5460 38.2k 0.21
http_header_names (request) IPv4 6 7 14740 28806 18889 132.2k 0.74
http_accept (request) IPv4 6 7 5950 12114 7320 51.2k 0.28
http_referer (request) IPv4 6 7 5640 6256 5854 41.0k 0.23
http_content_len (request) IPv4 6 7 5910 7816 6500 45.5k 0.25
http_content_type (request) IPv4 6 7 5584 4497356 648472 4.5m 25.24
http_start (request) IPv4 6 7 9198 15396 11251 78.8k 0.44
http_raw_header (request) IPv4 6 7 13752 16160 14691 102.8k 0.57
http_method IPv4 6 7 6578 9626 7700 53.9k 0.30
http_cookie (request) IPv4 6 7 5426 7028 6120 42.8k 0.24
http_raw_uri IPv4 6 7 6342 8300 7354 51.5k 0.29
http_user_agent IPv4 6 7 5738 10140 7125 49.9k 0.28
http_host IPv4 6 7 6226 25338 13131 91.9k 0.51
dns_query IPv4 17 5 11718 437430 99305 496.5k 2.76
tls_sni IPv4 6 6 5690 11714 7990 47.9k 0.27
http_response_line IPv4 6 6 7376 18798 11067 66.4k 0.37
http_header (response) IPv4 6 6 20088 100202 51886 311.3k 1.73
http_header (response trailer) IPv4 6 6 5260 8370 5908 35.5k 0.20
http_content_type (response) IPv4 6 6 5770 30096 12083 72.5k 0.40
http_raw_header (response) IPv4 6 11 7354 33866 16340 179.7k 1.00
http_cookie (response) IPv4 6 6 5724 18700 8077 48.5k 0.27
http_stat_code IPv4 6 6 5844 17218 8574 51.4k 0.29
tls_cert_issuer IPv4 6 2 4978 5364 5171 10.3k 0.06
tls_cert_subject IPv4 6 2 4704 5412 5058 10.1k 0.06
tls_cert_serial IPv4 6 2 4706 5428 5067 10.1k 0.06
file_data (http response) IPv4 6 11 5408 1421530 183068 2.0m 11.20
Total IPv4 346 46322 16.0m
payload IPv6 6 14 5224 48772 22370 313.2k 1.74
payload IPv6 17 13 13852 50964 25132 326.7k 1.82
payload IPv6 58 5 5512 24156 10954 54.8k 0.30
stream IPv6 6 14 5162 171938 33939 475.2k 2.64
http_uri IPv6 6 2 9486 10936 10211 20.4k 0.11
http_request_line IPv6 6 2 6808 6912 6860 13.7k 0.08
http_client_body IPv6 6 2 25152 28184 26668 53.3k 0.30
http_header (request) IPv6 6 2 20610 23688 22149 44.3k 0.25
http_header (request trailer) IPv6 6 2 5288 5320 5304 10.6k 0.06
http_header_names (request) IPv6 6 2 13408 14034 13721 27.4k 0.15
http_accept (request) IPv6 6 2 6062 28410 17236 34.5k 0.19
http_referer (request) IPv6 6 2 5666 5738 5702 11.4k 0.06
http_content_len (request) IPv6 6 2 6344 6420 6382 12.8k 0.07
http_content_type (request) IPv6 6 2 6824 6842 6833 13.7k 0.08
http_start (request) IPv6 6 2 9578 9738 9658 19.3k 0.11
http_raw_header (request) IPv6 6 2 13908 14032 13970 27.9k 0.16
http_method IPv6 6 2 6970 6982 6976 14.0k 0.08
http_cookie (request) IPv6 6 2 5946 6026 5986 12.0k 0.07
http_raw_uri IPv6 6 2 6404 6626 6515 13.0k 0.07
http_user_agent IPv6 6 2 7074 7078 7076 14.2k 0.08
http_host IPv6 6 2 6558 7156 6857 13.7k 0.08
http_response_line IPv6 6 2 7376 7418 7397 14.8k 0.08
http_header (response) IPv6 6 2 17516 17850 17683 35.4k 0.20
http_header (response trailer) IPv6 6 2 5266 5322 5294 10.6k 0.06
http_content_type (response) IPv6 6 2 5634 35394 20514 41.0k 0.23
http_raw_header (response) IPv6 6 4 7414 12932 10134 40.5k 0.23
http_cookie (response) IPv6 6 2 5644 5652 5648
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/d64de92300cacbdf37d346ba827f5fe8d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/10232019.1809-0b491-1.pcap -vvv -k none
elapsedtime:9.534016
stderr:
stdout:
12/1/2021 -- 12:22:50 - <Info> - Configuration node 'rule-files' redefined.
12/1/2021 -- 12:22:50 - <Notice> - This is Suricata version 4.0.0 RELEASE
12/1/2021 -- 12:22:50 - <Info> - CPUs/cores online: 1
12/1/2021 -- 12:22:50 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31172 and 'request-body-inspect-window' set to 16110 after randomization.
12/1/2021 -- 12:22:50 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31864 and 'response-body-inspect-window' set to 16884 after randomization.
12/1/2021 -- 12:22:50 - <Config> - DNS request flood protection level: 500
12/1/2021 -- 12:22:50 - <Config> - DNS per flow memcap (state-memcap): 524288
12/1/2021 -- 12:22:50 - <Config> - DNS global memcap: 16777216
12/1/2021 -- 12:22:50 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
12/1/2021 -- 12:22:50 - <Config> - preallocated 1000 hosts of size 136
12/1/2021 -- 12:22:50 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
12/1/2021 -- 12:22:50 - <Config> - using magic-file /usr/share/file/magic
12/1/2021 -- 12:22:50 - <Config> - Core dump size is unlimited.
12/1/2021 -- 12:22:50 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
12/1/2021 -- 12:22:50 - <Config> - preallocated 1000 defrag trackers of size 168
12/1/2021 -- 12:22:50 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
12/1/2021 -- 12:22:50 - <Config> - stream "prealloc-sessions": 2048 (per thread)
12/1/2021 -- 12:22:50 - <Config> - stream "memcap": 33554432
12/1/2021 -- 12:22:50 - <Config> - stream "midstream" session pickups: disabled
12/1/2021 -- 12:22:50 - <Config> - stream "async-oneside": disabled
12/1/2021 -- 12:22:50 - <Config> - stream "checksum-validation": disabled
12/1/2021 -- 12:22:50 - <Config> - stream."inline": disabled
12/1/2021 -- 12:22:50 - <Config> - stream "bypass": disabled
12/1/2021 -- 12:22:50 - <Config> - stream "max-synack-queued": 5
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly "memcap": 134217728
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly "depth": 0
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly "toserver-chunk-size": 2598
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly "toclient-chunk-size": 2450
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly.raw: enabled
12/1/2021 -- 12:22:50 - <Config> - stream.reassembly "segment-prealloc": 2048
12/1/2021 -- 12:22:50 - <Config> - Delayed detect disabled
12/1/2021 -- 12:22:50 - <Config> - pattern matchers: MPM: ac, SPM: bm
12/1/2021 -- 12:22:50 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
12/1/2021 -- 12:22:50 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
12/1/2021 -- 12:22:50 - <Config> - prefilter engines: MPM
12/1/2021 -- 12:22:50 - <Config> - IP reputation disabled
12/1/2021 -- 12:22:50 - <Perf> - Registered 148 keyword profiling counters.
12/1/2021 -- 12:22:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
12/1/2021 -- 12:22:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
12/1/2021 -- 12:22:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
12/1/2021 -- 12:22:52 - <Config> - No rules loaded from ET-emerging-icmp.rules.
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
12/1/2021 -- 12:22:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
12/1/2021 -- 12:22:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
12/1/2021 -- 12:22:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
12/1/2021 -- 12:22:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
12/1/2021 -- 12:22:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
12/1/2021 -- 12:22:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
12/1/2021 -- 12:22:56 - <Config> - No rules loaded from local.rules.
12/1/2021 -- 12:22:56 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
12/1/2021 -- 12:22:56 - <Info> - Threshold config parsed: 0 rule(s) found
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tcp-packet
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tcp-stream
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for udp-packet
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for other-ip
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_uri
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_request_line
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_client_body
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_response_line
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_header
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_header
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_header_names
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_header_names
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_accept
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_accept_enc
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_accept_lang
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_referer
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_connection
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_content_len
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_content_len
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_content_type
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_content_type
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_protocol
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_protocol
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_start
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_start
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_raw_header
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_raw_header
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_method
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_cookie
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_cookie
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_raw_uri
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_user_agent
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_host
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_raw_host
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_stat_msg
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_stat_code
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for dns_query
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tls_sni
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tls_cert_issuer
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tls_cert_subject
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for tls_cert_serial
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for dce_stub_data
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for dce_stub_data
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for ssh_protocol
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for ssh_protocol
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for ssh_software
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for ssh_software
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for file_data
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for file_data
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_request_line
12/1/2021 -- 12:22:56 - <Perf> - using shared mpm ctx' for http_response_line
12/1/2021 -- 12:22:56 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
12/1/2021 -- 12:22:56 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
12/1/2021 -- 12:22:56 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
12/1/2021 -- 12:22:56 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
12/1/2021 -- 12:22:56 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
12/1/2021 -- 12:22:56 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
12/1/2021 -- 12:22:56 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
12/1/2021 -- 12:22:56 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
12/1/2021 -- 12:22:57 - <Perf> - Unique rule groups: 111
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toserver TCP packet": 31
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toclient TCP packet": 20
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toserver TCP stream": 31
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toclient TCP stream": 21
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toserver UDP packet": 33
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "toclient UDP packet": 15
12/1/2021 -- 12:22:57 - <Perf> - Builtin MPM "other IP packet": 2
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_uri": 8
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_request_line": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_client_body": 6
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_response_line": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_header": 6
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_header": 3
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_header_names": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_accept": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_referer": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_content_len": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_content_type": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_content_type": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_start": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_method": 3
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_cookie": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_cookie": 2
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver http_host": 2
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver dns_query": 4
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver tls_sni": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toserver file_data": 1
12/1/2021 -- 12:22:57 - <Perf> - AppLayer MPM "toclient file_data": 5
12/1/2021 -- 12:22:58 - <Perf> - Registered 18241 rule profiling counters.
12/1/2021 -- 12:22:58 - <Info> - fast output device (regular) initialized: alert
12/1/2021 -- 12:22:58 - <Info> - eve-log output device (regular) initialized: eve.json
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'alert'
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'http'
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'dns'
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'tls'
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'files'
12/1/2021 -- 12:22:58 - <Config> - enabling 'eve-log' module 'ssh'
12/1/2021 -- 12:22:58 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
12/1/2021 -- 12:22:58 - <Info> - stats
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | ------------------------------------------------------------------------------------
Date: 1/12/2021 -- 12:23:00 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 216
decoder.bytes | Total | 95478
decoder.ipv4 | Total | 150
decoder.ipv6 | Total | 44
decoder.ethernet | Total | 216
decoder.tcp | Total | 132
decoder.udp | Total | 56
decoder.icmpv4 | Total | 1
decoder.icmpv6 | Total | 5
decoder.avg_pkt_size | Total | 442
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 11
flow.udp | Total | 20
flow.icmpv6 | Total | 5
tcp.sessions | Total | 11
tcp.syn | Total | 11
tcp.synack | Total | 11
tcp.rst | Total | 4
tcp.overlap | Total | 1
detect.mpm_list | Total | 5
detect.nonmpm_list | Total | 2
detect.match_list | Total | 6
app_layer.flow.http | Total | 8
app_layer.tx.http | Total | 9
app_layer.flow.tls | Total | 2
app_layer.flow.dns_udp | Total | 5
app_layer.tx.dns_udp | Total | 5
app_layer.flow.failed_udp | Total | 15
flow_mgr.closed_pruned | Total | 3
flow_mgr.new_pruned | Total | 12
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 30
flow_mgr.flows_notimeout | Total | 13
flow_mgr.flows_timeout | Total | 17
flow_mgr.flows_timeout_inuse | Total | 4
flow_mgr.flows_removed | Total | 13
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65505
flow_mgr.rows_empty | Total | 2
flow_mgr.rows_maxlen | Total | 2
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7084096
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | {"timestamp":"2019-10-22T18:51:14.828015+0000","flow_id":1256676554613359,"pcap_cnt":9,"event_type":"dns","src_ip":"192.168.240.18","src_port":58085,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40178,"rrname":"www.n01goalkeeper.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:14.846100+0000","flow_id":1256676554613359,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NOERROR","rrname":"www.n01goalkeeper.com","rrtype":"CNAME","ttl":10799,"rdata":"n01goalkeeper.com"}}
{"timestamp":"2019-10-22T18:51:14.846100+0000","flow_id":1256676554613359,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NOERROR","rrname":"n01goalkeeper.com","rrtype":"A","ttl":10799,"rdata":"107.180.0.110"}}
{"timestamp":"2019-10-22T18:51:15.130595+0000","flow_id":955174145490467,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.240.18","src_port":53569,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15183,"rrname":"www.combinedenergytech.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:15.145277+0000","flow_id":955174145490467,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NOERROR","rrname":"www.combinedenergytech.com","rrtype":"CNAME","ttl":3599,"rdata":"combinedenergytech.com"}}
{"timestamp":"2019-10-22T18:51:15.145277+0000","flow_id":955174145490467,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NOERROR","rrname":"combinedenergytech.com","rrtype":"A","ttl":599,"rdata":"165.227.183.180"}}
{"timestamp":"2019-10-22T18:51:15.258519+0000","flow_id":2044712859109082,"pcap_cnt":23,"event_type":"http","src_ip":"192.168.240.18","src_port":49300,"dest_ip":"107.180.0.110","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.n01goalkeeper.com","url":"\/wp-content\/t69\/","http_content_type":"text\/html"}}
{"timestamp":"2019-10-22T18:51:15.318614+0000","flow_id":2044712859109082,"pcap_cnt":25,"event_type":"fileinfo","src_ip":"107.180.0.110","src_port":80,"dest_ip":"192.168.240.18","dest_port":49300,"proto":"TCP","http":{"hostname":"www.n01goalkeeper.com","url":"\/wp-content\/t69\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":332},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/t69\/","gaps":false,"state":"CLOSED","stored":false,"size":332,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:16.072476+0000","flow_id":534866498372729,"pcap_cnt":41,"event_type":"http","src_ip":"192.168.240.18","src_port":49301,"dest_ip":"165.227.183.180","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.combinedenergytech.com","url":"\/wp-content\/n6\/","http_content_type":"text\/html"}}
{"timestamp":"2019-10-22T18:51:16.095571+0000","flow_id":2072731078391123,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.240.18","src_port":49772,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23804,"rrname":"www.stewardtechnicalcollege.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.009676+0000","flow_id":534866498372729,"pcap_cnt":48,"event_type":"fileinfo","src_ip":"165.227.183.180","src_port":80,"dest_ip":"192.168.240.18","dest_port":49301,"proto":"TCP","http":{"hostname":"www.combinedenergytech.com","url":"\/wp-content\/n6\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":15751},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/n6\/","gaps":false,"state":"CLOSED","stored":false,"size":15751,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.098227+0000","flow_id":2072731078391123,"pcap_cnt":50,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49772,"proto":"UDP","dns":{"type":"answer","id":23804,"rcode":"SERVFAIL","rrname":"www.stewardtechnicalcollege.com"}}
{"timestamp":"2019-10-22T18:51:21.139783+0000","flow_id":249996350398983,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.240.18","src_port":62287,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30094,"rrname":"superecruiters.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.350648+0000","flow_id":249996350398983,"pcap_cnt":52,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":62287,"proto":"UDP","dns":{"type":"answer","id":30094,"rcode":"NOERROR","rrname":"superecruiters.com","rrtype":"A","ttl":14399,"rdata":"185.60.170.103"}}
{"timestamp":"2019-10-22T18:51:22.232240+0000","flow_id":1204587191765808,"pcap_cnt":73,"event_type":"dns","src_ip":"192.168.240.18","src_port":56304,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62972,"rrname":"www.newuvolume2.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:22.247682+0000","flow_id":1204587191765808,"pcap_cnt":74,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NOERROR","rrname":"www.newuvolume2.com","rrtype":"CNAME","ttl":3599,"rdata":"newuvolume2.com"}}
{"timestamp":"2019-10-22T18:51:22.247682+0000","flow_id":1204587191765808,"pcap_cnt":74,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NOERROR","rrname":"newuvolume2.com","rrtype":"A","ttl":599,"rdata":"184.168.221.95"}}
{"timestamp":"2019-10-22T18:51:22.433107+0000","flow_id":1571263582187294,"pcap_cnt":87,"event_type":"http","src_ip":"192.168.240.18","src_port":49305,"dest_ip":"184.168.221.95","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/"}}
{"timestamp":"2019-10-22T18:51:41.327094+0000","flow_id":163338944114414,"pcap_cnt":111,"event_type":"fileinfo","src_ip":"192.168.240.28","src_port":49343,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:41.327453+0000","flow_id":163338944114414,"pcap_cnt":113,"event_type":"http","src_ip":"192.168.240.28","src_port":49343,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:51:41.329284+0000","flow_id":163338944114414,"pcap_cnt":115,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.28","dest_port":49343,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:32.626971+0000","flow_id":755494678463019,"pcap_cnt":129,"event_type":"fileinfo","src_ip":"192.168.240.90","src_port":49204,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:32.627486+0000","flow_id":755494678463019,"pcap_cnt":131,"event_type":"http","src_ip":"192.168.240.90","src_port":49204,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:52:32.630206+0000","flow_id":755494678463019,"pcap_cnt":133,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.90","dest_port":49204,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:36.126993+0000","flow_id":492677039972050,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"192.168.240.90","src_port":49206,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:36.127609+0000","flow_id":492677039972050,"pcap_cnt":145,"event_type":"http","src_ip":"192.168.240.90","src_port":49206,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:52:36.129215+0000","flow_id":492677039972050,"pcap_cnt":147,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.90","dest_port":49206,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:00.173968+0000","flow_id":1105347683851601,"pcap_cnt":164,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49306,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2718},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:00.174407+0000","flow_id":1105347683851601,"pcap_cnt":166,"event_type":"http","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49306,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:53:00.176081+0000","flow_id":1105347683851601,"pcap_cnt":168,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","src_port":5357,"dest_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","dest_port":49306,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:06.628305+0000","flow_id":1140980880411282,"pcap_cnt":183,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49307,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2718},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:06.628717+0000","flow_id":1140980880411282,"pcap_cnt":185,"event_type":"http","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49307,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:53:06.630068+0000","flow_id":1140980880411282,"pcap_cnt":187,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","src_port":5357,"dest_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","dest_port":49307,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:54:30.024528+0000","flow_id":1571263582187294,"event_type":"fileinfo","src_ip":"184.168.221.95","src_port":80,"dest_ip":"192.168.240.18","dest_port":49305,"proto":"TCP","http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":403,"length":102},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/upgrade\/g1z8jf7\/","gaps":false,"state":"CLOSED","stored":false,"size":93,"tx_id":0}}
{"timestamp":"2019-10-22T18:54:30.024528+0000","flow_id":46112105486052,"event_type":"http","src_ip":"192.168.240.18","src_port":49304,"dest_ip":"184.168.221.95","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/"}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | --------------------------------------------------------------------------
Date: 1/12/2021 -- 12:23:00. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2020965 1 2 10288776 40.35 1 0 10288776 10288776.00 0.00 10288776.00
2 2017072 1 3 498960 1.96 1 0 498960 498960.00 0.00 498960.00
3 2025162 1 2 646328 2.53 4 0 471072 161582.00 0.00 161582.00
4 2022552 1 2 610060 2.39 6 0 460084 101676.67 0.00 101676.67
5 2014701 1 12 844770 3.31 16 0 455574 52798.12 0.00 52798.12
6 2022531 1 1 531718 2.09 4 0 448094 132929.50 0.00 132929.50
7 2017552 1 6 1095882 4.30 26 0 441192 42149.31 0.00 42149.31
8 2102190 1 5 441250 1.73 4 0 423864 110312.50 0.00 110312.50
9 2025185 1 3 164338 0.64 1 0 164338 164338.00 0.00 164338.00
10 2016537 1 2 960114 3.77 21 4 157570 45719.71 137476.00 24130.00
11 2017166 1 4 152120 0.60 1 0 152120 152120.00 0.00 152120.00
12 2022197 1 3 246486 0.97 3 0 126522 82162.00 0.00 82162.00
13 2016333 1 4 112766 0.44 1 0 112766 112766.00 0.00 112766.00
14 2024848 1 2 247138 0.97 5 0 99132 49427.60 0.00 49427.60
15 2024513 1 5 150564 0.59 3 0 92446 50188.00 0.00 50188.00
16 2025142 1 2 241612 0.95 5 0 80612 48322.40 0.00 48322.40
17 2023083 1 2 250266 0.98 4 0 70084 62566.50 0.00 62566.50
18 2024771 1 1 151650 0.59 7 0 69912 21664.29 0.00 21664.29
19 2021067 1 2 171656 0.67 3 0 58746 57218.67 0.00 57218.67
20 2019155 1 2 165290 0.65 5 0 53242 33058.00 0.00 33058.00
21 2014704 1 7 161772 0.63 9 0 41618 17974.67 0.00 17974.67
22 2023316 1 2 41104 0.16 1 0 41104 41104.00 0.00 41104.00
23 2014133 1 4 131498 0.52 5 0 40938 26299.60 0.00 26299.60
24 2012707 1 5 130788 0.51 5 0 40484 26157.60 0.00 26157.60
25 2020936 1 3 129646 0.51 5 0 40166 25929.20 0.00 25929.20
26 2014472 1 7 38548 0.15 1 0 38548 38548.00 0.00 38548.00
27 2019230 1 2 272314 1.07 16 0 33226 17019.62 0.00 17019.62
28 2018233 1 2 32992 0.13 1 0 32992 32992.00 0.00 32992.00
29 2022543 1 1 221622 0.87 8 0 30722 27702.75 0.00 27702.75
30 2016540 1 3 30640 0.12 1 0 30640 30640.00 0.00 30640.00
31 2014702 1 9 262026 1.03 16 0 29166 16376.62 0.00 16376.62
32 2014703 1 9 261860 1.03 16 0 28164 16366.25 0.00 16366.25
33 2020030 1 2 28070 0.11 1 0 28070 28070.00 0.00 28070.00
34 2022545 1 1 108932 0.43 4 0 27776 27233.00 0.00 27233.00
35 2018234 1 2 27768 0.11 1 0 27768 27768.00 0.00 27768.00
36 2102523 1 8 106578 0.42 16 0 26882 6661.12 0.00 6661.12
37 2016323 1 1 36518 0.14 3 0 26020 12172.67 0.00 12172.67
38 2023627 1 3 214946 0.84 37 0 25286 5809.35 0.00 5809.35
39 2023622 1 3 286084 1.12 50 0 25078 5721.68 0.00 5721.68
40 2010142 1 4 88582 0.35 13 0 24784 6814.00 0.00 6814.00
41 2023614 1 3 233106 0.91 41 0 24606 5685.51 0.00 5685.51
42 2100540 1 12 166430 0.65 26 0 24504 6401.15 0.00 6401.15
43 2023612 1 4 238080 0.93 42 0 23612 5668.57 0.00 5668.57
44 2023626 1 3 307408 1.21 55 0 23538 5589.24 0.00 5589.24
45 2102523 1 8 104410 0.41 16 0 23298 6525.62 0.00 6525.62
46 2023619 1 3 187486 0.74 33 0 20844 5681.39 0.00 5681.39
47 2010143 1 3 122914 0.48 13 0 20064 9454.92 0.00 9454.92
48 2008420 1 4 51368 0.20 8 0 13152 6421.00 0.00 6421.00
49 2100540 1 12 148424 0.58 26 0 12606 5708.62 0.00 5708.62
50 2101201 1 10 12314 0.05 1 0 12314 12314.00 0.00 12314.00
51 2025200 1 1 95764 0.38 16 0 7118 5985.25 0.00 5985.25
52 2017134 1 5 6922 0.03 1 0 6922 6922.00 0.00 6922.00
53 2023623 1 3 203918 0.80 39 0 6864 5228.67 0.00 5228.67
54 2010513 1 5 6726 0.03 1 0 6726 6726.00 0.00 6726.00
55 2023621 1 4 203936 0.80 39 0 6690 5229.13 0.00 5229.13
56 2008117 1 3 84414 0.33 15 0 6548 5627.60 0.00 5627.60
57 2023625 1 3 256646 1.01 49 0 6522 5237.67 0.00 5237.67
58 2023624 1 3 294390 1.15 56 0 6520 5256.96 0.00 5256.96
59 2009702 1 5 89308 0.35 16 0 6390 5581.75 0.00 5581.75
60 2023620 1 3 193172 0.76 37 0 6382 5220.86 0.00 5220.86
61 2013075 1 8 43508 0.17 8 0 6380 5438.50 0.00 5438.50
62 2009387 1 4 23318 0.09 4 0 6206 5829.50 0.00 5829.50
63 2008116 1 4 23458 0.09 4 0 6178 5864.50 0.00 5864.50
64 2008118 1 3 23014 0.09 4 0 6134 5753.50 0.00 5753.50
65 2023613 1 3 213688 0.84 41 0 6132 5211.90 0.00 5211.90
66 2010515 1 6 6080 0.02 1 0 6080 6080.00 0.00 6080.00
67 2010140 1 7 73494 0.29 13 0 6078 5653.38 0.00 5653.38
68 2001330 1 8 22242 0.09 4 0 6024 5560.50 0.00 5560.50
69 2019011 1 3 6016 0.02 1 0 6016 6016.00 0.00 6016.00
70 2021702 1 1 33480 0.13 6 0 6006 5580.00 0.00 5580.00
71 2009243 1 2 22504 0.09 4 0 5996 5626.00 0.00 5626.00
72 2017935 1 3 11358 0.04 2 0 5980 5679.00 0.00 5679.00
73 2018558 1 5 11220 0.04 2 0 5976 5610.00 0.00 5610.00
74 2024650 1 1 16960 0.07 3 0 5972 5653.33 0.00 5653.33
75 2103159 1 4 11400 0.04 2 0 5972 5700.00 0.00 5700.00
76 2014380 1 4 54964 0.22 10 0 5968 5496.40 0.00 5496.40
77 2100566 1 5 16368 0.06 3 0 5968 5456.00 0.00 5456.00
78 2021701 1 1 33780 0.13 6 0 5934 5630.00 0.00 5630.00
79 2008120 1 4 92724 0.36 17 0 5924 5454.35 0.00 5454.35
80 2019017 1 3 16138 0.06 3 0 5914 5379.33 0.00 5379.33
81 2008119 1 3 16922 0.07 3 0 5900 5640.67 0.00 5640.67
82 2016363 1 2 16458 0.06 3 0 5888 5486.00 0.00 5486.00
83 2018292 1 1 54402 0.21 10 0 5874 5440.20 0.00 5440.20
84 2023618 1 3 186890 0.73 36 0 5778 5191.39 0.00 5191.39
85 2013926 1 8 27408 0.11 5 0 5766 5481.60 0.00 5481.60
86 2023615 1 3 203508 0.80 39 0 5740 5218.15 0.00 5218.15
87 2019010 1 3 16210 0.06 3 0 5734 5403.33 0.00 5403.33
88 2022330 1 2 5712 0.02 1 0 5712 5712.00 0.00 5712.00
89 2100518 1 8 22370 0.09 4 0 5700 5592.50 0.00 5592.50
90 2018768 1 2 11156 0.04 2 0 5672 5578.00 0.00 5578.00
91 2019016 1 3 5654 0.02 1 0 5654 5654.00 0.00 5654.00
92 2103158 1 6 21756 0.09 4 0 5648 5439.00 0.00 5439.00
93 2013739 1 15 126804 0.50 24 0 5634 5283.50 0.00 5283.50
94 2023616 1 3 186726 0.73 36 0 5516 5186.83 0.00 5186.83
95 2023617 1 3 208590 0.82 40 0 5500 5214.75 0.00 5214.75
96 2103238 1 4 10598 0.04 2 0 5328 5299.00 0.00 5299.00
97 2103441 1 2 26236 0.10 5 0 5294 5247.20 0.00 5247.20
98 2022331 1 3 5154 0.02 1 0 5154 5154.00 0.00 5154.00
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | --------------------------------------------------------------------------------------------------------------------------------
Date: 1/12/2021 -- 12:23:00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 599960 92 92 25770 6521.00 6521.00 0.00
content 2349078 148 102 425704 15872.00 15422.00 16869.00
pcre 204536 13 0 69402 15733.00 0.00 15733.00
byte_test 283932 48 16 18878 5915.00 6954.00 5395.00
isdataat 85830 16 0 5972 5364.00 0.00 5364.00
flowbits 121234 16 6 18776 7577.00 8227.00 7187.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 599960 92 92 25770 6521.00 6521.00 0.00
flowbits 83438 12 2 18776 6953.00 5783.00 7187.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 718574 48 44 425704 14970.00 15712.00 6809.00
pcre 52320 4 0 17718 13080.00 0.00 13080.00
byte_test 283932 48 16 18878 5915.00 6954.00 5395.00
isdataat 85830 16 0 5972 5364.00 0.00 5364.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 37796 4 4 16662 9449.00 9449.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 111922 17 3 7788 6583.00 6801.00 6537.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_client_body
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 114934 12 3 20772 9577.00 19418.00 6297.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 16694 3 0 5770 5564.00 0.00 5564.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: file_data
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 602822 11 6 425420 54802.00 14243.00 103472.00
pcre 124142 6 0 69402 20690.00 0.00 20690.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 257116 39 32 8692 6592.00 6642.00 6366.00
pcre 28074 3 0 9912 9358.00 0.00 9358.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 463300 7 7 423624 66185.00 66185.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_connection
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 16182 3 0 5480 5394.00 0.00 5394.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 41768 7 7 6372 5966.00 5966.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_stat_code
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 5766 1 0 5766 5766.00 0.00 5766.00
|
1 2 3 4 5 6 7 8 | 2021-01-12 12:22:49,858 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2021-01-12 12:22:50,716 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2021-01-12 12:22:50,716 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2021-01-12 12:22:50,717 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2021-01-12 12:22:50,717 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2021-01-12 12:22:50,717 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/d64de92300cacbdf37d346ba827f5fe8d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/10232019.1809-0b491-1.pcap -vvv -k none
2021-01-12 12:23:00,255 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2021-01-12 12:23:00,257 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.4169180393
|