Filename: 21283f726aa8719245b75649fb08a0c4.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.2365119457 seconds
Hash: dfdd78014db3af944fba8160c9c77388
Uploaded: 1557425899

Logfiles


suricata-4.0.0-etpro-all-alert-2019-05-09-T-18-18-47-05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap.txt - (635 bytes) - download
1
2
3
05/08/2019-15:46:01.054803  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 110.49.2.22:80 -> 192.168.92.10:49159
05/08/2019-15:46:01.054803  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 110.49.2.22:80 -> 192.168.92.10:49159
05/08/2019-15:46:01.054803  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 110.49.2.22:80 -> 192.168.92.10:49159


packet_stats.log - (13504 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6         10640           446086     2154996715    1549987671      16491.9b   97.22
 IPv4      17           301          7047924     2135688044    1541237171        463.9b    2.73
 IPv4     256            12           446086     1856190205     595234780          7.1b    0.04
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6         10632            65586       19717913        213142          2.3b   90.44
TMM_FLOWWORKER              IPv4      17           301           120349        8409508        567738        170.9m    6.82
TMM_RECEIVEPCAPFILE         IPv4       6         10333             2532        1504762          3083         31.9m    1.27
TMM_RECEIVEPCAPFILE         IPv4      17           301             2537          24626          2770        833.8k    0.03
TMM_DECODEPCAPFILE          IPv4       6         10333             2639        4554377          3374         34.9m    1.39
TMM_DECODEPCAPFILE          IPv4      17           301             2659          36200          3168        953.8k    0.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6         10333             2777         115742          3734         38.6m  1.75  
flow                    IPv4      17           301             2892          82749          5509          1.7m  0.08  
stream                  IPv4       6         10632             2647         990901          9677        102.9m  4.66  
app-layer               IPv4      17           301             2575         170695         18521          5.6m  0.25  
detect                  IPv4       6         10640            44376       13728228        178272          1.9b  85.91 
detect                  IPv4      17           301           103985        6171992        420097        126.4m  5.73  
tcp-prune               IPv4       6         10632             2530         105960          3378         35.9m  1.63  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             9             6330          75313         28584        257.3k  7.51  
http                    IPv4      17             2            12829          12829         12829         25.7k  0.75  
smtp                    IPv4       6           254             2623          24965          3592        912.4k  26.63 
tls                     IPv4       6            41             2674          26978          3933        161.3k  4.71  
dns                     IPv4      17           290             3627          82625          7138          2.1m  60.41 
Proto detect            IPv4      17           185             2588          53678          6565          1.2m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1         15729982       15729982      15729982         15.7m  28.74 
LOGGER_UNIFIED2             IPv4       6             1           199859         199859        199859        199.9k  0.37  
LOGGER_JSON_ALERT           IPv4       6             1           188047         188047        188047        188.0k  0.34  
LOGGER_JSON_DNS             IPv4      17           288            28724        7874495        110047         31.7m  57.90 
LOGGER_JSON_HTTP            IPv4       6             9            84965         203345        146696          1.3m  2.41  
LOGGER_JSON_TLS             IPv4       6            39             3216         215659         81213          3.2m  5.79  
LOGGER_JSON_FILE            IPv4       6            15            70049         237005        162440          2.4m  4.45  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          4511             2547         241739         19514        88.0m  14.26 
payload                           IPv4      17           301             7465         167556         28999         8.7m  1.41  
stream                            IPv4       6          4511             2525        1484925         41543       187.4m  30.37 
http_uri                          IPv4       6             9             9178          34991         19660       176.9k  0.03  
http_request_line                 IPv4       6             9             4447           9418          7094        63.8k  0.01  
http_client_body                  IPv4       6             9             3853         201311         97010       873.1k  0.14  
http_header (request)             IPv4       6             9            34681         237671        118891         1.1m  0.17  
http_header (request trailer)     IPv4       6             9             2599           3611          2783        25.0k  0.00  
http_header_names (request)       IPv4       6             9            12147          30625         19536       175.8k  0.03  
http_accept (request)             IPv4       6             9             3373           5319          4216        37.9k  0.01  
http_referer (request)            IPv4       6             9             3199           7749          5682        51.1k  0.01  
http_content_len (request)        IPv4       6             9             3209           6454          4838        43.5k  0.01  
http_content_type (request)       IPv4       6             9             3104          22148          9997        90.0k  0.01  
http_protocol (request)           IPv4       6             9             3467           6699          5046        45.4k  0.01  
http_start (request)              IPv4       6             9            11403          76298         22717       204.5k  0.03  
http_raw_header (request)         IPv4       6             9            11362          85885         26857       241.7k  0.04  
http_method                       IPv4       6             9             5253          35510         10271        92.4k  0.01  
http_cookie (request)             IPv4       6             9             3133           5513          3996        36.0k  0.01  
http_raw_uri                      IPv4       6             9             3802           8611          5674        51.1k  0.01  
http_user_agent                   IPv4       6             9             3054          76466         40108       361.0k  0.06  
http_host                         IPv4       6             9             3793          10841          5417        48.8k  0.01  
dns_query                         IPv4      17           144             4416          54089         13313         1.9m  0.31  
tls_sni                           IPv4       6            69             2562          36504          3977       274.4k  0.04  
file_data (smtp)                  IPv4       6           769             2527          61591          3143         2.4m  0.39  
http_response_line                IPv4       6             9             3953          10812          8466        76.2k  0.01  
http_header (response)            IPv4       6             9            11222          71537         41931       377.4k  0.06  
http_header (response trailer)    IPv4       6             9             2617         114499         15693       141.2k  0.02  
http_content_type (response)      IPv4       6             9             4861          16270          9424        84.8k  0.01  
http_raw_header (response)        IPv4       6          2563             3448          64810          4117        10.6m  1.71  
http_cookie (response)            IPv4       6             9             2938           9076          4113        37.0k  0.01  
http_stat_code                    IPv4       6             9             3027           5564          4268        38.4k  0.01  
tls_cert_issuer                   IPv4       6            38             3271          71693          9824       373.3k  0.06  
tls_cert_subject                  IPv4       6            38             3441          27313         10199       387.6k  0.06  
tls_cert_serial                   IPv4       6            38             3472           7648          5330       202.5k  0.03  
file_data (http response)         IPv4       6          2554             2562        7098040        122327       312.4m  50.62 
Total                             IPv4                 15752                                         39179       617.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6           369             4170         152204         41159         15.2m  0.57  
PROF_DETECT_IPONLY          IPv4      17           291            12328         162004         55424         16.1m  0.60  
PROF_DETECT_RULES           IPv4       6         10640             2518        9246947         44532        473.8m  17.64 
PROF_DETECT_RULES           IPv4      17           301            32758        5695546        216000         65.0m  2.42  
PROF_DETECT_STATEFUL_START    IPv4       6          1388             5105        8849675        141708        196.7m  7.32  
PROF_DETECT_STATEFUL_START    IPv4      17             1            13023          13023         13023         13.0k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         10640             2509         197624          7057         75.1m  2.80  
PROF_DETECT_STATEFUL_CONT    IPv4      17           301             2516        5910598         26715          8.0m  0.30  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          9677             2540         116652          3019         29.2m  1.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17           289             2577          39667          3528          1.0m  0.04  
PROF_DETECT_PREFILTER       IPv4       6         10640             7797       12148091         81762        870.0m  32.38 
PROF_DETECT_PREFILTER       IPv4      17           301            28929         195806         67311         20.3m  0.75  
PROF_DETECT_PF_PAYLOAD      IPv4       6          4511            12753        1513830         69828        315.0m  11.72 
PROF_DETECT_PF_PAYLOAD      IPv4      17           301            12812         174296         35053         10.6m  0.39  
PROF_DETECT_PF_TX           IPv4       6          9677             2571       11419364         40867        395.5m  14.72 
PROF_DETECT_PF_TX           IPv4      17           145             3071          66623         20081          2.9m  0.11  
PROF_DETECT_PF_SORT1        IPv4       6          2421             2516         110994          3476          8.4m  0.31  
PROF_DETECT_PF_SORT1        IPv4      17           301             2777          28765          4339          1.3m  0.05  
PROF_DETECT_PF_SORT2        IPv4       6         10640             2507         122657          3087         32.9m  1.22  
PROF_DETECT_PF_SORT2        IPv4      17           301             2619          37759          3881          1.2m  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6         10640             2525        4601920          3675         39.1m  1.46  
PROF_DETECT_NONMPMLIST      IPv4      17           301             2554          32566          3397          1.0m  0.04  
PROF_DETECT_ALERT           IPv4       6         10640             2512          91932          3052         32.5m  1.21  
PROF_DETECT_ALERT           IPv4      17           301             2525          59880          3927          1.2m  0.04  
PROF_DETECT_CLEANUP         IPv4       6         10640             2547         157891          3213         34.2m  1.27  
PROF_DETECT_CLEANUP         IPv4      17           301             2540          28713          3983          1.2m  0.04  
PROF_DETECT_GETSGH          IPv4       6         10640             2511         112387          3493         37.2m  1.38  
PROF_DETECT_GETSGH          IPv4      17           301             2549         108699          7199          2.2m  0.08  


suricata-4.0.0-etpro-all-perf.txt-2019-05-09-T-18-18-47-05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap.txt - (66645 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/9/2019 -- 18:18:47. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820158      1        2        39443874     9.55   166      0        8688663     237613.70   0.00        237613.70  
  2        2020698      1        2        6313064      1.53   1        0        6313064     6313064.00  0.00        6313064.00 
  3        2020865      1        3        33324853     8.07   140      0        6068766     238034.66   0.00        238034.66  
  4        2016537      1        2        17123623     4.15   722      1        5991719     23716.93    61898.00    23663.97   
  5        2819664      1        2        34296325     8.30   171      0        4964188     200563.30   0.00        200563.30  
  6        2012707      1        5        1700715      0.41   9        0        1500909     188968.33   0.00        188968.33  
  7        2820157      1        2        31327431     7.58   166      0        696031      188719.46   0.00        188719.46  
  8        2801930      1        7        3168314      0.77   51       0        517342      62123.80    0.00        62123.80   
  9        2819930      1        2        29431877     7.13   171      0        459343      172116.24   0.00        172116.24  
  10       2803027      1        6        4035050      0.98   40       0        403851      100876.25   0.00        100876.25  
  11       2801929      1        7        2999697      0.73   51       0        396093      58817.59    0.00        58817.59   
  12       2802987      1        5        3088982      0.75   49       0        365165      63040.45    0.00        63040.45   
  13       2802991      1        5        3967534      0.96   48       0        361196      82656.96    0.00        82656.96   
  14       2804906      1        3        3212065      0.78   44       0        359194      73001.48    0.00        73001.48   
  15       2804927      1        2        2367954      0.57   46       0        353806      51477.26    0.00        51477.26   
  16       2804911      1        3        4134270      1.00   67       0        341186      61705.52    0.00        61705.52   
  17       2803657      1        5        4895796      1.19   56       0        340186      87424.93    0.00        87424.93   
  18       2804907      1        3        3460830      0.84   48       0        308621      72100.62    0.00        72100.62   
  19       2023476      1        5        302330       0.07   1        0        302330      302330.00   0.00        302330.00  
  20       2809850      1        2        556554       0.13   11       0        267109      50595.82    0.00        50595.82   
  21       2815154      1        2        243260       0.06   1        0        243260      243260.00   0.00        243260.00  
  22       2016855      1        2        207242       0.05   1        0        207242      207242.00   0.00        207242.00  
  23       2021621      1        6        202462       0.05   1        0        202462      202462.00   0.00        202462.00  
  24       2016854      1        3        197629       0.05   1        0        197629      197629.00   0.00        197629.00  
  25       2022535      1        11       183135       0.04   1        0        183135      183135.00   0.00        183135.00  
  26       2022627      1        12       178089       0.04   1        0        178089      178089.00   0.00        178089.00  
  27       2820003      1        2        1101077      0.27   169      0        157337      6515.25     0.00        6515.25    
  28       2019230      1        2        2057690      0.50   157      0        146325      13106.31    0.00        13106.31   
  29       2023547      1        3        217954       0.05   2        0        141173      108977.00   0.00        108977.00  
  30       2018005      1        6        3742427      0.91   47       0        129241      79626.11    0.00        79626.11   
  31       2022543      1        1        2839157      0.69   144      0        127109      19716.37    0.00        19716.37   
  32       2014701      1        12       3998633      0.97   291      0        124934      13741.01    0.00        13741.01   
  33       2805985      1        2        119979       0.03   1        0        119979      119979.00   0.00        119979.00  
  34       2009702      1        5        4183089      1.01   291      0        118997      14374.88    0.00        14374.88   
  35       2811447      1        2        4917246      1.19   134      0        115135      36695.87    0.00        36695.87   
  36       2807130      1        4        1211981      0.29   158      0        112602      7670.77     0.00        7670.77    
  37       2828060      1        4        348556       0.08   8        0        110793      43569.50    0.00        43569.50   
  38       2803006      1        2        107917       0.03   1        0        107917      107917.00   0.00        107917.00  
  39       2014967      1        3        126926       0.03   2        0        106676      63463.00    0.00        63463.00   
  40       2024720      1        3        198324       0.05   2        0        106123      99162.00    0.00        99162.00   
  41       2015588      1        5        105062       0.03   1        0        105062      105062.00   0.00        105062.00  
  42       2820851      1        5        403977       0.10   8        0        103280      50497.12    0.00        50497.12   
  43       2815886      1        2        276385       0.07   8        0        101685      34548.12    0.00        34548.12   
  44       2025330      1        1        194768       0.05   2        0        100715      97384.00    0.00        97384.00   
  45       2827202      1        3        176761       0.04   2        0        100312      88380.50    0.00        88380.50   
  46       2014702      1        9        2837583      0.69   291      0        99539       9751.14     0.00        9751.14    
  47       2828986      1        2        308296       0.07   8        0        98819       38537.00    0.00        38537.00   
  48       2018377      1        3        541180       0.13   129      0        94104       4195.19     0.00        4195.19    
  49       2020613      1        3        92166        0.02   1        0        92166       92166.00    0.00        92166.00   
  50       2803760      1        3        2645265      0.64   145      0        91348       18243.21    0.00        18243.21   
  51       2024775      1        1        514214       0.12   127      0        90786       4048.93     0.00        4048.93    
  52       2810481      1        4        3504209      0.85   162      0        90005       21630.92    0.00        21630.92   
  53       2018789      1        3        515769       0.12   47       0        89744       10973.81    0.00        10973.81   
  54       2014473      1        5        1226861      0.30   162      0        89612       7573.22     0.00        7573.22    
  55       2020661      1        3        646619       0.16   101      0        88939       6402.17     0.00        6402.17    
  56       2018358      1        7        443360       0.11   8        0        88539       55420.00    0.00        55420.00   
  57       2025189      1        1        351264       0.09   20       0        87914       17563.20    0.00        17563.20   
  58       2020369      1        3        121433       0.03   2        0        87740       60716.50    0.00        60716.50   
  59       2023711      1        2        86935        0.02   1        0        86935       86935.00    0.00        86935.00   
  60       2008575      1        5        335115       0.08   29       0        85678       11555.69    0.00        11555.69   
  61       2014703      1        9        2905232      0.70   291      0        84955       9983.62     0.00        9983.62    
  62       2816909      1        2        513585       0.12   8        0        84559       64198.12    0.00        64198.12   
  63       2018959      1        3        82710        0.02   1        1        82710       82710.00    82710.00    0.00       
  64       2806802      1        2        9144247      2.21   442      0        82695       20688.34    0.00        20688.34   
  65       2024228      1        3        401928       0.10   6        0        80747       66988.00    0.00        66988.00   
  66       2816927      1        3        290481       0.07   8        0        80284       36310.12    0.00        36310.12   
  67       2816922      1        5        329630       0.08   8        0        80116       41203.75    0.00        41203.75   
  68       2001330      1        8        8592134      2.08   2815     0        79986       3052.27     0.00        3052.27    
  69       2810991      1        4        220107       0.05   6        0        79638       36684.50    0.00        36684.50   
  70       2816940      1        2        478377       0.12   8        0        79557       59797.12    0.00        59797.12   
  71       2022552      1        2        4503225      1.09   202      0        79284       22293.19    0.00        22293.19   
  72       2019344      1        5        305289       0.07   8        2        76890       38161.12    67802.00    28280.83   
  73       2024829      1        2        3209614      0.78   145      0        76801       22135.27    0.00        22135.27   
  74       2816328      1        5        267900       0.06   8        0        76061       33487.50    0.00        33487.50   
  75       2012115      1        6        78997        0.02   2        0        75709       39498.50    0.00        39498.50   
  76       2816525      1        10       312725       0.08   8        0        73499       39090.62    0.00        39090.62   
  77       2024227      1        3        408201       0.10   20       0        73108       20410.05    0.00        20410.05   
  78       2016112      1        3        1041879      0.25   159      0        73062       6552.70     0.00        6552.70    
  79       2017552      1        6        10985535     2.66   730      0        70645       15048.68    0.00        15048.68   
  80       2022480      1        2        379410       0.09   8        0        70599       47426.25    0.00        47426.25   
  81       2102523      1        8        1406069      0.34   388      0        70264       3623.89     0.00        3623.89    
  82       2001582      1        15       795378       0.19   216      0        69739       3682.31     0.00        3682.31    
  83       2821615      1        2        275107       0.07   7        0        69037       39301.00    0.00        39301.00   
  84       2828008      1        2        255705       0.06   8        0        68878       31963.12    0.00        31963.12   
  85       2828823      1        2        192215       0.05   6        0        68661       32035.83    0.00        32035.83   
  86       2816929      1        4        334295       0.08   8        0        68406       41786.88    0.00        41786.88   
  87       2802880      1        3        67154        0.02   1        0        67154       67154.00    0.00        67154.00   
  88       2008116      1        4        242129       0.06   52       0        67152       4656.33     0.00        4656.33    
  89       2804508      1        2        66699        0.02   1        0        66699       66699.00    0.00        66699.00   
  90       2828877      1        1        1822108      0.44   587      0        65503       3104.10     0.00        3104.10    
  91       2827279      1        5        255312       0.06   8        0        64816       31914.00    0.00        31914.00   
  92       2816910      1        2        467904       0.11   8        0        64588       58488.00    0.00        58488.00   
  93       2018241      1        2        64470        0.02   1        0        64470       64470.00    0.00        64470.00   
  94       2022339      1        2        301731       0.07   8        0        64457       37716.38    0.00        37716.38   
  95       2825063      1        2        230922       0.06   8        0        64207       28865.25    0.00        28865.25   
  96       2016948      1        2        1079296      0.26   166      0        63766       6501.78     0.00        6501.78    
  97       2016858      1        10       314802       0.08   8        0        63326       39350.25    0.00        39350.25   
  98       2809363      1        3        95777        0.02   2        0        62918       47888.50    0.00        47888.50   
  99       2018375      1        3        2023118      0.49   129      0        62822       15683.09    0.00        15683.09   
  100      2025064      1        5        384139       0.09   8        0        62372       48017.38    0.00        48017.38   
  101      2012612      1        16       228729       0.06   8        0        61946       28591.12    0.00        28591.12   
  102      2002910      1        6        758221       0.18   216      0        61228       3510.28     0.00        3510.28    
  103      2025190      1        1        318469       0.08   20       0        61138       15923.45    0.00        15923.45   
  104      2017948      1        2        87685        0.02   2        0        60860       43842.50    0.00        43842.50   
  105      2018242      1        5        252510       0.06   8        0        60609       31563.75    0.00        31563.75   
  106      2816165      1        5        337182       0.08   9        0        60191       37464.67    0.00        37464.67   
  107      2024650      1        1        2240135      0.54   266      0        59459       8421.56     0.00        8421.56    
  108      2010143      1        3        602502       0.15   158      0        58027       3813.30     0.00        3813.30    
  109      2020388      1        8        266397       0.06   8        0        57891       33299.62    0.00        33299.62   
  110      2822847      1        6        111636       0.03   2        0        57704       55818.00    0.00        55818.00   
  111      2009909      1        10       57568        0.01   1        0        57568       57568.00    0.00        57568.00   
  112      2822691      1        1        4763578      1.15   254      0        57445       18754.24    0.00        18754.24   
  113      2009897      1        14       57403        0.01   1        0        57403       57403.00    0.00        57403.00   
  114      2809306      1        4        961085       0.23   153      0        56693       6281.60     0.00        6281.60    
  115      2824975      1        2        56651        0.01   1        0        56651       56651.00    0.00        56651.00   
  116      2013441      1        9        56163        0.01   1        0        56163       56163.00    0.00        56163.00   
  117      2011894      1        19       278485       0.07   8        0        55227       34810.62    0.00        34810.62   
  118      2828122      1        2        307977       0.07   8        0        54783       38497.12    0.00        38497.12   
  119      2815659      1        3        54776        0.01   1        1        54776       54776.00    54776.00    0.00       
  120      2008438      1        20       54675        0.01   1        0        54675       54675.00    0.00        54675.00   
  121      2811544      1        1        1088200      0.26   103      0        54610       10565.05    0.00        10565.05   
  122      2022220      1        2        223052       0.05   8        0        53986       27881.50    0.00        27881.50   
  123      2025427      1        1        546180       0.13   127      0        53363       4300.63     0.00        4300.63    
  124      2002995      1        10       732366       0.18   216      0        52481       3390.58     0.00        3390.58    
  125      2002993      1        7        69

This file has been truncated. Go here to download in full.


suricata-report-2019-05-09-T-18-18-47-05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap.txt - (17597 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dfdd78014db3af944fba8160c9c7738856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap -vvv -k none
elapsedtime:27.066330
stderr:
stdout:
9/5/2019 -- 18:18:20 - <Info> - Configuration node 'rule-files' redefined.
9/5/2019 -- 18:18:20 - <Notice> - This is Suricata version 4.0.0 RELEASE
9/5/2019 -- 18:18:20 - <Info> - CPUs/cores online: 1
9/5/2019 -- 18:18:20 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33388 and 'request-body-inspect-window' set to 16536 after randomization.
9/5/2019 -- 18:18:20 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33396 and 'response-body-inspect-window' set to 17078 after randomization.
9/5/2019 -- 18:18:20 - <Config> - DNS request flood protection level: 500
9/5/2019 -- 18:18:20 - <Config> - DNS per flow memcap (state-memcap): 524288
9/5/2019 -- 18:18:20 - <Config> - DNS global memcap: 16777216
9/5/2019 -- 18:18:20 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
9/5/2019 -- 18:18:20 - <Config> - preallocated 1000 hosts of size 136
9/5/2019 -- 18:18:20 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
9/5/2019 -- 18:18:20 - <Config> - using magic-file /usr/share/file/magic
9/5/2019 -- 18:18:20 - <Config> - Core dump size is unlimited.
9/5/2019 -- 18:18:20 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
9/5/2019 -- 18:18:20 - <Config> - preallocated 1000 defrag trackers of size 168
9/5/2019 -- 18:18:20 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
9/5/2019 -- 18:18:20 - <Config> - stream "prealloc-sessions": 2048 (per thread)
9/5/2019 -- 18:18:20 - <Config> - stream "memcap": 33554432
9/5/2019 -- 18:18:20 - <Config> - stream "midstream" session pickups: disabled
9/5/2019 -- 18:18:20 - <Config> - stream "async-oneside": disabled
9/5/2019 -- 18:18:20 - <Config> - stream "checksum-validation": disabled
9/5/2019 -- 18:18:20 - <Config> - stream."inline": disabled
9/5/2019 -- 18:18:20 - <Config> - stream "bypass": disabled
9/5/2019 -- 18:18:20 - <Config> - stream "max-synack-queued": 5
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly "memcap": 134217728
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly "depth": 0
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly "toserver-chunk-size": 2526
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly "toclient-chunk-size": 2546
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly.raw: enabled
9/5/2019 -- 18:18:20 - <Config> - stream.reassembly "segment-prealloc": 2048
9/5/2019 -- 18:18:20 - <Config> - Delayed detect disabled
9/5/2019 -- 18:18:20 - <Config> - pattern matchers: MPM: ac, SPM: bm
9/5/2019 -- 18:18:20 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
9/5/2019 -- 18:18:20 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
9/5/2019 -- 18:18:20 - <Config> - prefilter engines: MPM
9/5/2019 -- 18:18:20 - <Config> - IP reputation disabled
9/5/2019 -- 18:18:20 - <Perf> - Registered 148 keyword profiling counters.
9/5/2019 -- 18:18:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
9/5/2019 -- 18:18:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
9/5/2019 -- 18:18:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
9/5/2019 -- 18:18:27 - <Config> - No rules loaded from ET-icmp.rules.
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
9/5/2019 -- 18:18:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
9/5/2019 -- 18:18:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
9/5/2019 -- 18:18:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
9/5/2019 -- 18:18:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
9/5/2019 -- 18:18:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
9/5/2019 -- 18:18:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
9/5/2019 -- 18:18:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
9/5/2019 -- 18:18:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
9/5/2019 -- 18:18:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
9/5/2019 -- 18:18:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
9/5/2019 -- 18:18:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
9/5/2019 -- 18:18:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
9/5/2019 -- 18:18:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
9/5/2019 -- 18:18:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
9/5/2019 -- 18:18:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
9/5/2019 -- 18:18:36 - <Config> - No rules loaded from local.rules.
9/5/2019 -- 18:18:36 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
9/5/2019 -- 18:18:36 - <Info> - Threshold config parsed: 0 rule(s) found
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tcp-packet
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tcp-stream
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for udp-packet
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for other-ip
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_uri
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_request_line
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_client_body
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_response_line
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_header
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_header
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_header_names
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_header_names
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_accept
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_accept_enc
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_accept_lang
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_referer
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_connection
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_content_len
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_content_len
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_content_type
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_content_type
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_protocol
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_protocol
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_start
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_start
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_raw_header
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_raw_header
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_method
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_cookie
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_cookie
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_raw_uri
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_user_agent
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_host
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_raw_host
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_stat_msg
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_stat_code
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for dns_query
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tls_sni
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tls_cert_issuer
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tls_cert_subject
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for tls_cert_serial
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for dce_stub_data
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for dce_stub_data
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for ssh_protocol
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for ssh_protocol
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for ssh_software
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for ssh_software
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for file_data
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for file_data
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_request_line
9/5/2019 -- 18:18:36 - <Perf> - using shared mpm ctx' for http_response_line
9/5/2019 -- 18:18:36 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
9/5/2019 -- 18:18:36 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
9/5/2019 -- 18:18:36 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
9/5/2019 -- 18:18:36 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
9/5/2019 -- 18:18:37 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
9/5/2019 -- 18:18:37 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
9/5/2019 -- 18:18:37 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
9/5/2019 -- 18:18:37 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
9/5/2019 -- 18:18:43 - <Perf> - Unique rule groups: 104
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toserver TCP packet": 35
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toclient TCP packet": 17
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toserver TCP stream": 33
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toclient TCP stream": 19
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toserver UDP packet": 27
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "toclient UDP packet": 17
9/5/2019 -- 18:18:43 - <Perf> - Builtin MPM "other IP packet": 3
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_uri": 14
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_request_line": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_client_body": 6
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_response_line": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_header": 10
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_header": 6
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_header_names": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_accept": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_referer": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_content_len": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_content_type": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_content_type": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_protocol": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_start": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_method": 5
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_cookie": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_cookie": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver http_host": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver dns_query": 4
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver tls_sni": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toserver file_data": 1
9/5/2019 -- 18:18:43 - <Perf> - AppLayer MPM "toclient file_data": 7
9/5/2019 -- 18:18:46 - <Perf> - Registered 39590 rule profiling counters.
9/5/2019 -- 18:18:46 - <Info> - fast output device (regular) initialized: alert
9/5/2019 -- 18:18:46 - <Info> - eve-log output device (regular) initialized: eve.json
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'alert'
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'http'
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'dns'
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'tls'
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'files'
9/5/2019 -- 18:18:46 - <Config> - enabling 'eve-log' module 'ssh'
9/5/2019 -- 18:18:46 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
9/5/2019 -- 18:18:46 - <Info> - stats output device (regular) initialized: stats.log
9/5/2019 -- 18:18:46 - <Config> - AutoFP mode using "Hash" flow load balancer
9/5/2019 -- 18:18:46 - <Info> - reading pcap file /var/pcap/05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap
9/5/2019 -- 18:18:46 - <Config> - using 1 flow manager threads
9/5/2019 -- 18:18:46 - <Config> - using 1 flow recycler threads
9/5/2019 -- 18:18:46 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine starte

This file has been truncated. Go here to download in full.


stats.log - (3089 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 5/9/2019 -- 18:18:47 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 10634
decoder.bytes                              | Total                     | 8072270
decoder.ipv4                               | Total                     | 10634
decoder.ethernet                           | Total                     | 10634
decoder.tcp                                | Total                     | 10333
decoder.udp                                | Total                     | 301
decoder.avg_pkt_size                       | Total                     | 759
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 191
flow.udp                                   | Total                     | 148
tcp.sessions                               | Total                     | 191
tcp.pseudo                                 | Total                     | 8
tcp.syn                                    | Total                     | 222
tcp.synack                                 | Total                     | 172
tcp.rst                                    | Total                     | 417
tcp.overlap                                | Total                     | 5
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 9
app_layer.flow.smtp                        | Total                     | 131
app_layer.tx.smtp                          | Total                     | 131
app_layer.flow.tls                         | Total                     | 34
app_layer.flow.dns_udp                     | Total                     | 142
app_layer.tx.dns_udp                       | Total                     | 144
app_layer.flow.failed_udp                  | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 5
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077472


eve.json - (168830 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{"timestamp":"2019-05-08T15:45:43.900622+0000","flow_id":2051787375230478,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.92.10","src_port":59594,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":13314,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:45:43.902217+0000","flow_id":2051787375230478,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.30.10","src_port":53,"dest_ip":"192.168.92.10","dest_port":59594,"proto":"UDP","dns":{"type":"answer","id":13314,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":934,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2019-05-08T15:45:43.902217+0000","flow_id":2051787375230478,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.30.10","src_port":53,"dest_ip":"192.168.92.10","dest_port":59594,"proto":"UDP","dns":{"type":"answer","id":13314,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":23,"rdata":"51.140.127.197"}}
{"timestamp":"2019-05-08T15:46:00.266172+0000","flow_id":978548063473596,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.92.10","src_port":49662,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6370,"rrname":"psufoundation.capsuledna.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:46:00.267358+0000","flow_id":978548063473596,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.30.10","src_port":53,"dest_ip":"192.168.92.10","dest_port":49662,"proto":"UDP","dns":{"type":"answer","id":6370,"rcode":"NOERROR","rrname":"psufoundation.capsuledna.com","rrtype":"A","ttl":569,"rdata":"110.49.2.22"}}
{"timestamp":"2019-05-08T15:46:01.054803+0000","flow_id":2152873726584579,"pcap_cnt":52,"event_type":"alert","src_ip":"110.49.2.22","src_port":80,"dest_ip":"192.168.92.10","dest_port":49159,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-05-08T15:46:01.054803+0000","flow_id":2152873726584579,"pcap_cnt":52,"event_type":"alert","src_ip":"110.49.2.22","src_port":80,"dest_ip":"192.168.92.10","dest_port":49159,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-05-08T15:46:01.054803+0000","flow_id":2152873726584579,"pcap_cnt":52,"event_type":"alert","src_ip":"110.49.2.22","src_port":80,"dest_ip":"192.168.92.10","dest_port":49159,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2019-05-08T15:46:01.313875+0000","flow_id":2152873726584579,"pcap_cnt":84,"event_type":"http","src_ip":"192.168.92.10","src_port":49159,"dest_ip":"110.49.2.22","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"psufoundation.capsuledna.com","url":"\/wp-content\/8q5opa6\/","http_content_type":"0"}}
{"timestamp":"2019-05-08T15:46:26.069235+0000","flow_id":2151512223571108,"pcap_cnt":98,"event_type":"fileinfo","src_ip":"192.168.92.10","src_port":49160,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","http":{"hostname":"218.161.88.253","url":"\/between\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/218.161.88.253\/between\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":6767},"app_proto":"http","fileinfo":{"filename":"\/between\/","gaps":false,"state":"CLOSED","stored":false,"size":525,"tx_id":0}}
{"timestamp":"2019-05-08T15:46:26.657711+0000","flow_id":2151512223571108,"pcap_cnt":165,"event_type":"http","src_ip":"192.168.92.10","src_port":49160,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"218.161.88.253","url":"\/between\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:46:54.077322+0000","flow_id":441909083119237,"pcap_cnt":175,"event_type":"fileinfo","src_ip":"192.168.92.10","src_port":49161,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","http":{"hostname":"218.161.88.253","url":"\/attrib\/dma\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/218.161.88.253\/attrib\/dma\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3941},"app_proto":"http","fileinfo":{"filename":"\/attrib\/dma\/","gaps":false,"state":"CLOSED","stored":false,"size":532,"tx_id":0}}
{"timestamp":"2019-05-08T15:46:57.323713+0000","flow_id":441909083119237,"pcap_cnt":1689,"event_type":"http","src_ip":"192.168.92.10","src_port":49161,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"218.161.88.253","url":"\/attrib\/dma\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:46:57.599564+0000","flow_id":441909083119237,"pcap_cnt":1693,"event_type":"fileinfo","src_ip":"218.161.88.253","src_port":8080,"dest_ip":"192.168.92.10","dest_port":49161,"proto":"TCP","http":{"hostname":"218.161.88.253","url":"\/attrib\/dma\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/218.161.88.253\/attrib\/dma\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1445028},"app_proto":"http","fileinfo":{"filename":"\/attrib\/dma\/","gaps":false,"state":"CLOSED","stored":false,"size":1445028,"tx_id":0}}
{"timestamp":"2019-05-08T15:46:58.371597+0000","flow_id":1177903269221350,"pcap_cnt":1704,"event_type":"http","src_ip":"192.168.92.10","src_port":49163,"dest_ip":"61.92.159.208","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"61.92.159.208","url":"\/whoami.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:46:58.452694+0000","flow_id":1559167516086778,"pcap_cnt":1706,"event_type":"http","src_ip":"192.168.92.10","src_port":49162,"dest_ip":"61.92.159.208","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"61.92.159.208","url":"\/whoami.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:46:58.463272+0000","flow_id":441909083119237,"pcap_cnt":1707,"event_type":"http","src_ip":"192.168.92.10","src_port":49161,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","tx_id":1,"http":{"hostname":"218.161.88.253","url":"\/cone\/odbc\/sess\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:46:58.463272+0000","flow_id":441909083119237,"pcap_cnt":1707,"event_type":"fileinfo","src_ip":"192.168.92.10","src_port":49161,"dest_ip":"218.161.88.253","dest_port":8080,"proto":"TCP","http":{"hostname":"218.161.88.253","url":"\/cone\/odbc\/sess\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/218.161.88.253\/cone\/odbc\/sess\/merge\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":148},"app_proto":"http","fileinfo":{"filename":"\/cone\/odbc\/sess\/merge\/","gaps":false,"state":"CLOSED","stored":false,"size":518,"tx_id":1}}
{"timestamp":"2019-05-08T15:46:58.581765+0000","flow_id":1177903269221350,"pcap_cnt":1708,"event_type":"fileinfo","src_ip":"61.92.159.208","src_port":8080,"dest_ip":"192.168.92.10","dest_port":49163,"proto":"TCP","http":{"hostname":"61.92.159.208","url":"\/whoami.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/whoami.php","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2019-05-08T15:46:58.702336+0000","flow_id":1559167516086778,"pcap_cnt":1709,"event_type":"fileinfo","src_ip":"61.92.159.208","src_port":8080,"dest_ip":"192.168.92.10","dest_port":49162,"proto":"TCP","http":{"hostname":"61.92.159.208","url":"\/whoami.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":12},"app_proto":"http","fileinfo":{"filename":"\/whoami.php","gaps":false,"state":"CLOSED","stored":false,"size":12,"tx_id":0}}
{"timestamp":"2019-05-08T15:46:59.271267+0000","flow_id":1559167516086778,"pcap_cnt":1715,"event_type":"fileinfo","src_ip":"192.168.92.10","src_port":49162,"dest_ip":"61.92.159.208","dest_port":8080,"proto":"TCP","http":{"hostname":"61.92.159.208","url":"\/xian\/cab\/sess\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/61.92.159.208\/xian\/cab\/sess\/merge\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":7142},"app_proto":"http","fileinfo":{"filename":"\/xian\/cab\/sess\/merge\/","gaps":false,"state":"CLOSED","stored":false,"size":256,"tx_id":1}}
{"timestamp":"2019-05-08T15:46:59.360263+0000","flow_id":1177903269221350,"pcap_cnt":1724,"event_type":"fileinfo","src_ip":"192.168.92.10","src_port":49163,"dest_ip":"61.92.159.208","dest_port":8080,"proto":"TCP","http":{"hostname":"61.92.159.208","url":"\/vermont\/cab\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html","http_refer":"http:\/\/61.92.159.208\/vermont\/cab\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3941},"app_proto":"http","fileinfo":{"filename":"\/vermont\/cab\/","gaps":false,"state":"CLOSED","stored":false,"size":262,"tx_id":1}}
{"timestamp":"2019-05-08T15:47:00.027621+0000","flow_id":1559167516086778,"pcap_cnt":1871,"event_type":"http","src_ip":"192.168.92.10","src_port":49162,"dest_ip":"61.92.159.208","dest_port":8080,"proto":"TCP","tx_id":1,"http":{"hostname":"61.92.159.208","url":"\/xian\/cab\/sess\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-08T15:47:00.034020+0000","flow_id":1321651529876708,"pcap_cnt":1872,"event_type":"dns","src_ip":"192.168.92.10","src_port":64312,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37175,"rrname":"mail.jankorealty.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.034275+0000","flow_id":1795244688704995,"pcap_cnt":1873,"event_type":"dns","src_ip":"192.168.92.10","src_port":51136,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32874,"rrname":"mail.ntplx.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.034754+0000","flow_id":1322016602097602,"pcap_cnt":1874,"event_type":"dns","src_ip":"192.168.92.10","src_port":64293,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15616,"rrname":"pop.abm-ingenieria.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.035310+0000","flow_id":2193577135606254,"pcap_cnt":1875,"event_type":"dns","src_ip":"192.168.92.10","src_port":56639,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4709,"rrname":"mail.cetrogar.com.ar","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.035496+0000","flow_id":1712854331067048,"pcap_cnt":1876,"event_type":"dns","src_ip":"192.168.92.10","src_port":57065,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":53279,"rrname":"mail.worldshoes.mx","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.035902+0000","flow_id":1083203535539262,"pcap_cnt":1877,"event_type":"dns","src_ip":"192.168.92.10","src_port":56498,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57591,"rrname":"mail.grupocentra.mx","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.036022+0000","flow_id":230639642381494,"pcap_cnt":1878,"event_type":"dns","src_ip":"192.168.92.10","src_port":61773,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46070,"rrname":"mail.mapsac-peru.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.036418+0000","flow_id":1283361896435266,"pcap_cnt":1879,"event_type":"dns","src_ip":"192.168.92.10","src_port":58622,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64834,"rrname":"pop.secureserver.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.036533+0000","flow_id":1539238868061877,"pcap_cnt":1880,"event_type":"dns","src_ip":"192.168.92.10","src_port":55541,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22500,"rrname":"fypa.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.036768+0000","flow_id":1994909128363936,"pcap_cnt":1881,"event_type":"dns","src_ip":"192.168.92.10","src_port":63240,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32666,"rrname":"smtp.sintra.com.mx","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.036973+0000","flow_id":2193577135606254,"pcap_cnt":1882,"event_type":"dns","src_ip":"10.55.30.10","src_port":53,"dest_ip":"192.168.92.10","dest_port":56639,"proto":"UDP","dns":{"type":"answer","id":4709,"rcode":"NOERROR","rrname":"mail.cetrogar.com.ar","rrtype":"A","ttl":16,"rdata":"190.139.102.19"}}
{"timestamp":"2019-05-08T15:47:00.037146+0000","flow_id":352487864570138,"pcap_cnt":1883,"event_type":"dns","src_ip":"192.168.92.10","src_port":54472,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65500,"rrname":"mail.prodigy.net.mx","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.037218+0000","flow_id":2159243167043938,"pcap_cnt":1884,"event_type":"dns","src_ip":"192.168.92.10","src_port":49213,"dest_ip":"10.55.30.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30611,"rrname":"smtp.expogroup.com.ar","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-08T15:47:00.037644+0000","flo

This file has been truncated. Go here to download in full.


keyword_perf.log - (15757 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/9/2019 -- 18:18:47
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             22209397        4860            4860            5972920         4569.00         4569.00         0.00           
  content          156606136       7018            3404            8656264         22314.00        23953.00        20771.00       
  pcre             5271653         1034            104             65035           5098.00         7555.00         4823.00        
  byte_test        6157229         1721            758             115556          3577.00         3967.00         3270.00        
  byte_jump        128325          25              17              40720           5133.00         3272.00         9086.00        
  isdataat         527106          151             1               62173           3490.00         2619.00         3496.00        
  flowbits         1836388         586             73              16126           3133.00         3248.00         3117.00        
  urilen           761144          212             52              35895           3590.00         3961.00         3469.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             22209397        4860            4860            5972920         4569.00         4569.00         0.00           
  flowbits         1795481         579             66              16126           3101.00         2973.00         3117.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          28568903        3302            2043            428565          8651.00         10866.00        5058.00        
  pcre             1969175         387             29              65035           5088.00         8303.00         4827.00        
  byte_test        6157229         1721            758             115556          3577.00         3967.00         3270.00        
  byte_jump        107272          18              10              40720           5959.00         3457.00         9086.00        
  isdataat         524487          150             0               62173           3496.00         0.00            3496.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         40907           7               7               13964           5843.00         5843.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          562184          138             60              36071           4073.00         3735.00         4334.00        
  pcre             518120          87              20              24230           5955.00         7007.00         5641.00        
  urilen           761144          212             52              35895           3590.00         3961.00         3469.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          47294           7               1               16306           6756.00         11173.00        6020.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30526           9               0               3684            3391.00         0.00            3391.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          122283386       2340            638             8656264         52257.00        88168.00        38796.00       
  pcre             2079499         465             0               21169           4472.00         0.00            4472.00        
  byte_jump        21053           7               7               4082            3007.00         3007.00         0.00           
  isdataat         2619            1               1               2619            2619.00         2619.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3000187         701             457             30108           4279.00         4446.00         3968.00        
  pcre             578365          78              39              39050           7414.00         7634.00         7195.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          69850           19              13              4642            3676.00         3599.00         3842.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          81142           22              22              4457            3688.00         3688.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4342            1               0               4342            4342.00         0.00            4342.00        
  pcre             19416           1               0               19416           19416.00        0.00            19416.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          168295          51              9               4717            3299.00         3864.00         3178.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          845247          224             144             25291           3773.00         4063.00         3250.00        
  pcre             107078          16              16              42328           6692.00         6692.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3036            1               0               3036            3036.00         0.00            3036.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          136218          20              1               71052           6810.00         4037.00         6956.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5867            1               0               5867            5867.00         0.00            5867.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          65586           16              16              5063            4099.00         4099.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          734073          166             0               29008           4422.00         0.00            4422.00        


unified2.alert.1557425926 - (18780 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
4\Òù¹ÖΏ!n1À¨\
PÀ\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP¼AŠ§ëï‚Î~Y
“œ’ì2u8ŽýG“ …Å·DÀÜ s)Šw~ß"»ùR™AG~Ü|¦4Uƒëà°Bâϸ‰ÀÖDòRôDЯŸkT¯GQß­?{ŠÝmò;ö¡ZadÖè|y–RNDIõè؜£™
 ‰%¶ri+øçÌþz€+¿ïÌnˆzg˜¯e"<~˜þ_2¿Ë
a9ñG2V¦¬\V&¥l
Ë­˜–0~³>`ëkˆ+¹Î!0<„2ý×…5>#O‘}__¨ÇÜylÞO:÷Êj{bèQ<äÈ)|qk†€È€”«Xòç–ífÕ×!7¹´Äÿ„7¾Ä6GDâMìÆb$ïPQ|^q nƒRë*øãKœEj9*g¨=hùoÚ¸”Êÿ‰†£Ë¯¤š¡wڒX«„>:홼“ÒýFa„ôñSÅϳñ‹*8͈òM•î´ÿk=\&¥-0GaÕquà]3Æf;‘ä¤dxõÌz¡Ág_ðÕ	ýpz¶Ùå݄áøз m{éàõ'7t`~éË/Hò"+
f•º¹U¸¨%k†¾YÇ+–%¥áTI»‘Ä>¯¾*)¼¤A^ý-¹ƒ<ÑƒÝ4±ÿ¤(©ÚoëØlø¿Šìmëâ‘<~g$_Eĝõðöܘé)?KÚÕd”‰´Â˜v²`ŒÂ!ÊcßSÎ[*Âã5#qB/˜$pqOÊ	N3„
¢±K7áã
¢TBÔ·Êp•´mòÕ_ ÌWõì…-	 ©I@É[Oò‚y·`=ˆUÔç9¥ORõ¥‚ñSÚÌTwôM˜<<6?ò{¯$ãF`·]Pq;WPəèX•=w­Ã
¸ˆÚ¶m+P3YC¦<”z}’
PqBÅä¯ÈHÌB™EÑuØН8K86ã'J6¯Fð|Y“*=ÌVÕnS™½Qýpc¼„CVýd„¸žYPÞÑ6©£D¡œ‚Ø®­Mϟ‚~ÒÀطr¶©‚`ÝüNàß´å	»³ñ9N
[ô³»þÆò.¨O¶òL|zí×I;xÅfìý[Wæ“þe§SrÝu]äï4räRuçVîƒ.z	Ø¤ÖtӀ)5Bë¿ÐV™s1ªCæ¥ÝRå¤ÁƒqóƬEuÆwÜì*K`T&å4]×uôûéë2Ͷ¤ÿ{×#°7<X‚GÃn†‚çŽ{™ÏYFrׂËÄ­EÜۜH~"O^âpW.^åUA[8=#­—£gî âòI‘[fû%ìò^6ýŗ›´p¥Ú!^؏À£ÚXQD(bÖ#Ԓñà† °ÿnF°eáaˆÏÓª@k5 ‡Ê?µÅ*U,B„۝pWœûx¤“쑨úä`_vʜZov•)´eŸB˜;j0c‘€€@²]vNáëÝÞ<ߜK—€<L²„m“•])¥ƒ¹xçì1źŽt‡É".hoû®­“Owïê0nàÁpøVó1ì¼&ry7)ìF&ýšpXÑxãÐw¶ÌKšš¸ÀY¶X¦¢†‹ZÌ©f™îdÛqH¹i@ÜËÁn¬7Êå—züØÖ#¨1Š›!åÂa~ýë­^d`vîÙú+>“?ó.ÄÄÙ5ñ]KÆûÈ;0oïE3£óq"0ÇÝg>“[À¢ì¾òãâ°9k‹óÖā”šv?Kê´¯rû¦ú5ŸŽ"y
)gÙQÎ߬gT™ ‡
@Ë¥Ñjg—xЕÞn5¤ŸûsÛ>²¡mv #È·µ–úíËFx¹èD ³» 5&ra;¢ В3ԅh¥R*ä˜S&’ûÞºÉWKö%uI4Ú-´²ñø”9G˜—<éWMÈé±¢(óÚz\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP£G¯K›aXê÷FèPE„W|TÍ.:Œ—˜ÂηѤînwF9Yúø¾ô6|ú퟾-å-Ñ}3àKȞÝ@Y”“¹á-t!6„Ák3wsºþ.ÓAØûÑ徕„Æ<nTÉïgé‚Ôãßy×HK¬—ßîža°q¸ÉüފˆiÎÝíüp‡¥ç.ʋúqXƒàÀ‚² 2%(èâXŸéΞA•o*ù«þ&\ѹ_½ïŸ¼Ðæë¡lQÙ£À¾êâU¦Ë,9c¬ˆàî»Yucm%¿ÆçTþڟ/{YÅd÷#F;Åtz„ÞJDÆ$ÉÄäӕҨߊ£(à1íXÆ©Kß;!‘]I`Åù{!PgQÔ!èÀ-ïÐՍÝ,ƒ€‚AHC?ÆÕg¦ƒÞä‡xæG˜àsò±¢3o;e`FV$õ;k¤Ð³­Iyyä7šR4J™,9;„ð˚‰„o—ßFÆ6wñôɑÛ+²~I~Ù«<z@‡<ïnü){Pn
Ü,/˜OýŠan¼$_“‰’Ò虐Á³±­)%ƒxê”_*JFmùۆ[´N0Õ}ÊÃ$?Àö_h”aÚôÉM-¬ÚÁ¦€%6‹.5$Ú$ñ›±³ùß©4ÿx~M3“Œ¢:ƒ¬7áf»±wщð7uo;%•—z\ŠGD¡be^fS$×DËRÁdTr¾Zçh+ۻ˚.ÿ|7!ÇwÅãÒ¢UqÙgìeKØ'ÍíêP‹zØšÛÑaµ•ö  é3`µLŽì‚b`¨‚q+¶R։E#À¿b‚s¬Rýt5y´ûŒYOJƒ@s3œº° ˜í%ºzŸÓÈÀÖæšyNjW¸Ï–â|­W÷ÈÀ³¶-T%œÆ%%dðN¾Ãñ…S†d·[<…Žð]C…$§ö·eW‹$¹ãYÑX–ÛYÍAö8ZôľôböÿaîÒ@÷I«	iì™HÇm©	RŸƒNÇ:±vžƒ7@¸vÕÓ~Bv¡ß“EJ`bßÓ
F€)LÓòÁFe1ëˆÑª†éÂ0ªñqŽF½2ñ¶{³d„:	a·{œ‹È	.¿ðŠ±^D¯ðËïª,XJ˜²Ê÷ªó_S.´ÊŒ;ÛQ¡7^oû…lÊÉÄù°䜦ͥ	î˜7Ž¯ífùmH›Å¡„€°Ïøú5ôåÇîC×çWxëG5[4¤¥Mê$
fA|Š+Á´-à«Só¢|´ý'’EÀµ%fBû‡˜ž'‹÷Kz¡fôòøò¶EPa!w¿­‚*ýÈ֫ω*DâÈ¿®Ø¢*	êʓ¬Ø‹Ï&ÀÊZ‘›ÚÎD©à››¡=Q讘c©4Vè—^©ø›Ü_Z—Êý²4^X€º6ç²û£QHBR{®lIB;J#–B¯Â·–
ð{ʬŠÂJ¸ƒ¦ŠÂ3.`ƒn ·Âû’iÆ  åQ’áp—É][âúÿ;!Ä[©0	·$	˜olÕf±Gؗ§¿rèXÀÈcéïDG­['Úy6¢©ªܶ~D†’D;KëœÓT žÓ$2Sq¦Ú!D†âãó8 yÑÌʵ;æµ žÔá²ÐîK&ƒÜù>ìøo™Þ¹²@ìø'êû$ŠÊ?ˆ.'ž‘;Ý*×uQ~9O2ëœ}ú¥C;ÿÙ!9™÷žZoÇ՘Þku”9俞˜%È;ö%
¯Áå_ýÕv:>X­Ð©]¬À°æ ²ãHþ˜H9máûòl¯•xéO#Ìõ²ŸR§˜×¥R=äoõõ½o8XDðYòkIgÎü´ã³÷v´.ǎ–ᐴ8dò±»ÛX(?È~1¸9µkð7ìAòúü¤ÁÂÇãã•OÑFµŒ7XªTyš0þºa8\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP@?Yˆ V9ªžÈœ˜ßf?hòéø)à3l=<J=Ոh²€,Y;™ä[f#´ÌÙMowîêˆÂxœF±¿Gdñ[šJ-ž&¢Ý+üþox¨âîë˜;¤¹©m!ÊØ5±EV:Tk$Â÷œG]QŸK¤R„Ué
y¦ìÔÛ+HÁäß8çšJnÍ¡uÃéÁß\ÞîñÓ8huŒ:`Üî‚0cIfÀÖ{'UPoÍ»!dx*^ÍÞ1è×l|y`6̑€Èz+a3ÓÑæt÷n·CûK®@¶%KS‚¬á…—&S<ìR
À¿-L*Uv-±cªžØ9! }œa'ÿ‘UŒU(Š^,·û$µWn–s”Ï”ãÉÝƍ`Ñëp°½óçúÿòe6–¸4w"výN4æɇ*CîpHürhBÅZÎ×p×Ru¢êà؊H¿êËAzÎGÆùOݪyÑH»ùPÜübÐIV‹Qß4ÐÐJAPÞÊ_ÑKùóPÙ.ÐLìQØ({ÓMSîRÛ~ÒNiíSڐqÕOcõTÅ
fÔP·ŠUÄþïÔQIbTÇöÕRoeWÆDžÖS>ÕWÁ.ÙT#²XÀ¨&ØU‚ºYÃì ÛVPJZÂ߯ÛW÷ ]ÍbE5%bÞ+r“
t9+À²ü¡T§/òòr}S†1¯)	ëõ¶®#aCiqÀö,£¡†íð,Ə¸ä(äƒvà}¼1ù}ö¨ë(
ðáà4©\î6Y}PP
ڙf½2G†LúžçÈÑ4‚³°,È7é›,®‹Á£¨ôƒØÛÞHÒ%‡òÚ¦éOb[¹èt
oPÔ\:Ùú‡2UØ	§ÿn&/EÕ0µAðëHc		¸"-ìÐ+ònPé ÈWÜÙ¢T¡ç/´È†½?aËw®ÙѶš„À‘–ƒÇ.U<žó´—È?ìy·²­\!úóÕÈÊvý~3Àµº)¥ÄĎvu^<ŽC}ŸUÃÌ:—ƒwݬ…âÃ_¤Õ¹ÙȦ×WΓ ìXv¤-3Ð$_	bî!¦ïÅÌ]4äߝˆÅäD+bìE¯ÔŽÜez±ò‘œÂ±«ÝOØ¿¶ïƒd„UdÚ8•mo0TTNò©¼ø´_=x.·nI‹Q°ü×ã҃Hìd?àÓDäüLõëjþž¹,Ba`…O…Ý«}Ä֟¶3=2òÁÝ
ÞúzüÌҙ*;­'b²Hµ»Ù'Ɂîúw>
–h§4ã•uàVÚ¿ Uø5½¯EâKz…n.÷É:®­Øï¬k¦û­ô½c8fû7ѼPɁÏŒ3×ßå‹,{TÓp.xUäÁ¢HqsÄÞiÖ`+ÿ}RjÀP`-U„mþö¼ïkܳEWñ†øÀ¾mÌ\8mÿVMɗ”bAµ$wÇã‘\è Þ,Š¶£¥Ó û™ô¾y؟²X5C£?š$ÛÚ¹€šO9³ÆzH:¥	¯‹íL­ƒÇ
Vúâ
Ã0
Rۋ¼x~Á¹½Ðp“¡êÊ¡n¦n–|m{¬::ƒ:ƒ-°‚¡ÃP˜DEçMxðuêN–Õ6DÓ¾
“mxÊ[uд;‰gÚ
&xÈèô×ÁÚ`zó›|ˆÊâé+‡§á±¾Þ®‚•—&ñÔr5Tï„Æ:¸‡×»Š§ m-)i[ ƹ’ßÓùžáupYï×+öH!}vܤFöIÎ~ÛûªMªgM…äòM½C%Î(ןŠÂ+R8žF«2ßÓNçÆm*Õ?J×¾êíårN™ü,;ÎñÁš£døBpqèüf‡góÚ ônÒT©PŒ—u7C>k+ÎþŽü¶-Î÷?
è;‘ÄCÀ.y‰K	\\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP9i(yHɋ6à
EV´F`CL2R‰™ôäI_֗öîV¤OÜäÚ4S䕤꾫S©¬A­Dò¹9öD?«Þ7º¬O/э	%‚t«uFÒ\’t“}*ù+Ҩ,íêæ¹GÈÝQ;åÒ	—£*T4µ¬­Mùh¶Šx, ’ù£Ô =ýcÄæhÕèKûÁÛÚo)£%4„iûŽ¶(Ù¾>Dòî½gH”8ñò¦ý aÿ¥P÷¾0·E…ºI°·ûB 2¶×:-µœ2l’G°O™¿ñ5VWâ8Ñ¥§¢ã䛈¨3ƒæƒ!u¾TÛZ¾<áêÞD‡’Á^´ÓЕ‹¬öåĶ|\=…DÊÝ·_y\$¯\=ãSçz§ƒÜ<rDòwܫȉÓõÞbÆž'p(Ÿ»$ߤ[¶ž6ãèââV
£mA#¥øóë¬beÙVöÏÝ;nÃìÊø{“¬Þ/H맪:2]]çÏ~sïQÆæIU«~-gºèõ•€¼`¦·9m”÷ÚD«yN?˜Îñë3Y¥õáüêôŽ¶Èxšäer~Ößìx×58PZï/fEÎs‡M¨Á¯‡ËeG†pÃaÐäñ EÊËâ¨ìp­üJ²êâøhwÈb0¥lPq0b ´½T¤ÿØÀ¿FöŠ‡“H*‹îÙÏS™v™IwHÙÊ>[^)L0g¥¿qevsOŸ5‡npÛ9œ¸µ ·®ó:…{¬¡~=+TOô¦z”¹º¢ã™n“¢ˆ¥ª”ÝyŸ²®+2Ÿ!ÙÎ÷áVúìh…½yËéÅjÎՄÿçqµã	Åt«÷¶rQW?m\f~øÝÝ+ÅQ™W©cŸhÞ°»îW%ÍǕ®?9™M´ðu=A|‰T¨#þ¾¡n.ç4‰ù_'Èl¡IéPËýìÛmÏ%b©Ê­räúìç^…Œ*#öÎތî9îÍ{¾Ý¢0­ð5ŠŸ‚•¤’ü¡å	X(ñƒïEz5Ý¡¾f„(Ññ°iD|™—ö!?`sqV{üf:™[[ßxÒHâàÐAWšÀ¤gÛUŸ½Ñq5…ƒC‰jÄieUPðNrÕáÀʐJøe¸0nl«£^->ÿæq£«œã‘Œ5ü^.¯oT»éíbf#A.ñ•s@¾F8Ž’-]&â_Ð{uùâR¼óo[×®\BŸŸ‹‚Ñéƒ%
‰U/ȒmQǟŸåª9×°8869+Óx¾h„鯊8W;,
Ÿ”·T'R`fiâ­¦£Z£1hy¤'¿ú0A*ÁÀq+túFYv¡`iT?!üSgљ½ßT
í¾)«Ç:þ›†¯¸~“^Ú6¡É|‚	§äbÐIÙóªxK¾ãÅy#¿·ß«ÑªìêD®ª)dàÇ÷z0¸oM[>`kõՁ~7´¤é¡†Æ°»Ï£–LŽ6G𹯩Dg;vA³ eH¬ÃV	9’£Òü	^)­ÒX*4̓uXäk…Ã@„¨ñ–${º?^Š^ªLÑúUÆe>ÁpWAëôƒIä×°qZ
_¶”¢ª!FaÖÈÀiÉû(\ĬÆÞ.Hˆ2tá¿zzòL;gcA{$Ÿì'¢¦ßÖ(¹Úçi,W6äiî›wËÜq[V,xtY9Ⴚ¶~5& Ø/;¯¸·Uú…öÀwÔ™'wF;0ãÉD¶ý4q÷h_®‘þŒC4ÖDá'ß_žÊÛS³ëë6¿ÙNs,W†žX¼º—¢/¥Àn”šÐ™¡ÛEÿÁ‹‡qu!ãGpø«2yë68~â©>rZä®/‘!A¨
õ>üÀ)vîþ¼àϒþ»¢lò‰(gºiòšñþ±ÔE¦%†wK¨•ÁS»4ò.úø–t»©æ‰.
c•&4\Òù¹ÖÅn1À¨\
PÀ\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP¼AŠ§ëï‚Î~Y
“œ’ì2u8ŽýG“ …Å·DÀÜ s)Šw~ß"»ùR™AG~Ü|¦4Uƒëà°Bâϸ‰ÀÖDòRôDЯŸkT¯GQß­?{ŠÝmò;ö¡ZadÖè|y–RNDIõè؜£™
 ‰%¶ri+øçÌþz€+¿ïÌnˆzg˜¯e"<~˜þ_2¿Ë
a9ñG2V¦¬\V&¥l
Ë­˜–0~³>`ëkˆ+¹Î!0<„2ý×…5>#O‘}__¨ÇÜylÞO:÷Êj{bèQ<äÈ)|qk†€È€”«Xòç–ífÕ×!7¹´Äÿ„7¾Ä6GDâMìÆb$ïPQ|^q nƒRë*øãKœEj9*g¨=hùoÚ¸”Êÿ‰†£Ë¯¤š¡wڒX«„>:홼“ÒýFa„ôñSÅϳñ‹*8͈òM•î´ÿk=\&¥-0GaÕquà]3Æf;‘ä¤dxõÌz¡Ág_ðÕ	ýpz¶Ùå݄áøз m{éàõ'7t`~éË/Hò"+
f•º¹U¸¨%k†¾YÇ+–%¥áTI»‘Ä>¯¾*)¼¤A^ý-¹ƒ<ÑƒÝ4±ÿ¤(©ÚoëØlø¿Šìmëâ‘<~g$_Eĝõðöܘé)?KÚÕd”‰´Â˜v²`ŒÂ!ÊcßSÎ[*Âã5#qB/˜$pqOÊ	N3„
¢±K7áã
¢TBÔ·Êp•´mòÕ_ ÌWõì…-	 ©I@É[Oò‚y·`=ˆUÔç9¥ORõ¥‚ñSÚÌTwôM˜<<6?ò{¯$ãF`·]Pq;WPəèX•=w­Ã
¸ˆÚ¶m+P3YC¦<”z}’
PqBÅä¯ÈHÌB™EÑuØН8K86ã'J6¯Fð|Y“*=ÌVÕnS™½Qýpc¼„CVýd„¸žYPÞÑ6©£D¡œ‚Ø®­Mϟ‚~ÒÀطr¶©‚`ÝüNàß´å	»³ñ9N
[ô³»þÆò.¨O¶òL|zí×I;xÅfìý[Wæ“þe§SrÝu]äï4räRuçVîƒ.z	Ø¤ÖtӀ)5Bë¿ÐV™s1ªCæ¥ÝRå¤ÁƒqóƬEuÆwÜì*K`T&å4]×uôûéë2Ͷ¤ÿ{×#°7<X‚GÃn†‚çŽ{™ÏYFrׂËÄ­EÜۜH~"O^âpW.^åUA[8=#­—£gî âòI‘[fû%ìò^6ýŗ›´p¥Ú!^؏À£ÚXQD(bÖ#Ԓñà† °ÿnF°eáaˆÏÓª@k5 ‡Ê?µÅ*U,B„۝pWœûx¤“쑨úä`_vʜZov•)´eŸB˜;j0c‘€€@²]vNáëÝÞ<ߜK—€<L²„m“•])¥ƒ¹xçì1źŽt‡É".hoû®­“Owïê0nàÁpøVó1ì¼&ry7)ìF&ýšpXÑxãÐw¶ÌKšš¸ÀY¶X¦¢†‹ZÌ©f™îdÛqH¹i@ÜËÁn¬7Êå—züØÖ#¨1Š›!åÂa~ýë­^d`vîÙú+>“?ó.ÄÄÙ5ñ]KÆûÈ;0oïE3£óq"0ÇÝg>“[À¢ì¾òãâ°9k‹óÖā”šv?Kê´¯rû¦ú5ŸŽ"y
)gÙQÎ߬gT™ ‡
@Ë¥Ñjg—xЕÞn5¤ŸûsÛ>²¡mv #È·µ–úíËFx¹èD ³» 5&ra;¢ В3ԅh¥R*ä˜S&’ûÞºÉWKö%uI4Ú-´²ñø”9G˜—<éWMÈé±¢(óÚz\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP£G¯K›aXê÷FèPE„W|TÍ.:Œ—˜ÂηѤînwF9Yúø¾ô6|ú퟾-å-Ñ}3àKȞÝ@Y”“¹á-t!6„Ák3wsºþ.ÓAØûÑ徕„Æ<nTÉïgé‚Ôãßy×HK¬—ßîža°q¸ÉüފˆiÎÝíüp‡¥ç.ʋúqXƒàÀ‚² 2%(èâXŸéΞA•o*ù«þ&\ѹ_½ïŸ¼Ðæë¡lQÙ£À¾êâU¦Ë,9c¬ˆàî»Yucm%¿ÆçTþڟ/{YÅd÷#F;Åtz„ÞJDÆ$ÉÄäӕҨߊ£(à1íXÆ©Kß;!‘]I`Åù{!PgQÔ!èÀ-ïÐՍÝ,ƒ€‚AHC?ÆÕg¦ƒÞä‡xæG˜àsò±¢3o;e`FV$õ;k¤Ð³­Iyyä7šR4J™,9;„ð˚‰„o—ßFÆ6wñôɑÛ+²~I~Ù«<z@‡<ïnü){Pn
Ü,/˜OýŠan¼$_“‰’Ò虐Á³±­)%ƒxê”_*JFmùۆ[´N0Õ}ÊÃ$?Àö_h”aÚôÉM-¬ÚÁ¦€%6‹.5$Ú$ñ›±³ùß©4ÿx~M3“Œ¢:ƒ¬7áf»±wщð7uo;%•—z\ŠGD¡be^fS$×DËRÁdTr¾Zçh+ۻ˚.ÿ|7!ÇwÅãÒ¢UqÙgìeKØ'ÍíêP‹zØšÛÑaµ•ö  é3`µLŽì‚b`¨‚q+¶R։E#À¿b‚s¬Rýt5y´ûŒYOJƒ@s3œº° ˜í%ºzŸÓÈÀÖæšyNjW¸Ï–â|­W÷ÈÀ³¶-T%œÆ%%dðN¾Ãñ…S†d·[<…Žð]C…$§ö·eW‹$¹ãYÑX–ÛYÍAö8ZôľôböÿaîÒ@÷I«	iì™HÇm©	RŸƒNÇ:±vžƒ7@¸vÕÓ~Bv¡ß“EJ`bßÓ
F€)LÓòÁFe1ëˆÑª†éÂ0ªñqŽF½2ñ¶{³d„:	a·{œ‹È	.¿ðŠ±^D¯ðËïª,XJ˜²Ê÷ªó_S.´ÊŒ;ÛQ¡7^oû…lÊÉÄù°䜦ͥ	î˜7Ž¯ífùmH›Å¡„€°Ïøú5ôåÇîC×çWxëG5[4¤¥Mê$
fA|Š+Á´-à«Só¢|´ý'’EÀµ%fBû‡˜ž'‹÷Kz¡fôòøò¶EPa!w¿­‚*ýÈ֫ω*DâÈ¿®Ø¢*	êʓ¬Ø‹Ï&ÀÊZ‘›ÚÎD©à››¡=Q讘c©4Vè—^©ø›Ü_Z—Êý²4^X€º6ç²û£QHBR{®lIB;J#–B¯Â·–
ð{ʬŠÂJ¸ƒ¦ŠÂ3.`ƒn ·Âû’iÆ  åQ’áp—É][âúÿ;!Ä[©0	·$	˜olÕf±Gؗ§¿rèXÀÈcéïDG­['Úy6¢©ªܶ~D†’D;KëœÓT žÓ$2Sq¦Ú!D†âãó8 yÑÌʵ;æµ žÔá²ÐîK&ƒÜù>ìøo™Þ¹²@ìø'êû$ŠÊ?ˆ.'ž‘;Ý*×uQ~9O2ëœ}ú¥C;ÿÙ!9™÷žZoÇ՘Þku”9俞˜%È;ö%
¯Áå_ýÕv:>X­Ð©]¬À°æ ²ãHþ˜H9máûòl¯•xéO#Ìõ²ŸR§˜×¥R=äoõõ½o8XDðYòkIgÎü´ã³÷v´.ǎ–ᐴ8dò±»ÛX(?È~1¸9µkð7ìAòúü¤ÁÂÇãã•OÑFµŒ7XªTyš0þºa8\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP@?Yˆ V9ªžÈœ˜ßf?hòéø)à3l=<J=Ոh²€,Y;™ä[f#´ÌÙMowîêˆÂxœF±¿Gdñ[šJ-ž&¢Ý+üþox¨âîë˜;¤¹©m!ÊØ5±EV:Tk$Â÷œG]QŸK¤R„Ué
y¦ìÔÛ+HÁäß8çšJnÍ¡uÃéÁß\ÞîñÓ8huŒ:`Üî‚0cIfÀÖ{'UPoÍ»!dx*^ÍÞ1è×l|y`6̑€Èz+a3ÓÑæt÷n·CûK®@¶%KS‚¬á…—&S<ìR
À¿-L*Uv-±cªžØ9! }œa'ÿ‘UŒU(Š^,·û$µWn–s”Ï”ãÉÝƍ`Ñëp°½óçúÿòe6–¸4w"výN4æɇ*CîpHürhBÅZÎ×p×Ru¢êà؊H¿êËAzÎGÆùOݪyÑH»ùPÜübÐIV‹Qß4ÐÐJAPÞÊ_ÑKùóPÙ.ÐLìQØ({ÓMSîRÛ~ÒNiíSڐqÕOcõTÅ
fÔP·ŠUÄþïÔQIbTÇöÕRoeWÆDžÖS>ÕWÁ.ÙT#²XÀ¨&ØU‚ºYÃì ÛVPJZÂ߯ÛW÷ ]ÍbE5%bÞ+r“
t9+À²ü¡T§/òòr}S†1¯)	ëõ¶®#aCiqÀö,£¡†íð,Ə¸ä(äƒvà}¼1ù}ö¨ë(
ðáà4©\î6Y}PP
ڙf½2G†LúžçÈÑ4‚³°,È7é›,®‹Á£¨ôƒØÛÞHÒ%‡òÚ¦éOb[¹èt
oPÔ\:Ùú‡2UØ	§ÿn&/EÕ0µAðëHc		¸"-ìÐ+ònPé ÈWÜÙ¢T¡ç/´È†½?aËw®ÙѶš„À‘–ƒÇ.U<žó´—È?ìy·²­\!úóÕÈÊvý~3Àµº)¥ÄĎvu^<ŽC}ŸUÃÌ:—ƒwݬ…âÃ_¤Õ¹ÙȦ×WΓ ìXv¤-3Ð$_	bî!¦ïÅÌ]4äߝˆÅäD+bìE¯ÔŽÜez±ò‘œÂ±«ÝOØ¿¶ïƒd„UdÚ8•mo0TTNò©¼ø´_=x.·nI‹Q°ü×ã҃Hìd?àÓDäüLõëjþž¹,Ba`…O…Ý«}Ä֟¶3=2òÁÝ
ÞúzüÌҙ*;­'b²Hµ»Ù'Ɂîúw>
–h§4ã•uàVÚ¿ Uø5½¯EâKz…n.÷É:®­Øï¬k¦û­ô½c8fû7ѼPɁÏŒ3×ßå‹,{TÓp.xUäÁ¢HqsÄÞiÖ`+ÿ}RjÀP`-U„mþö¼ïkܳEWñ†øÀ¾mÌ\8mÿVMɗ”bAµ$wÇã‘\è Þ,Š¶£¥Ó û™ô¾y؟²X5C£?š$ÛÚ¹€šO9³ÆzH:¥	¯‹íL­ƒÇ
Vúâ
Ã0
Rۋ¼x~Á¹½Ðp“¡êÊ¡n¦n–|m{¬::ƒ:ƒ-°‚¡ÃP˜DEçMxðuêN–Õ6DÓ¾
“mxÊ[uд;‰gÚ
&xÈèô×ÁÚ`zó›|ˆÊâé+‡§á±¾Þ®‚•—&ñÔr5Tï„Æ:¸‡×»Š§ m-)i[ ƹ’ßÓùžáupYï×+öH!}vܤFöIÎ~ÛûªMªgM…äòM½C%Î(ןŠÂ+R8žF«2ßÓNçÆm*Õ?J×¾êíårN™ü,;ÎñÁš£døBpqèüf‡góÚ ônÒT©PŒ—u7C>k+ÎþŽü¶-Î÷?
è;‘ÄCÀ.y‰K	\\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP9i(yHɋ6à
EV´F`CL2R‰™ôäI_֗öîV¤OÜäÚ4S䕤꾫S©¬A­Dò¹9öD?«Þ7º¬O/э	%‚t«uFÒ\’t“}*ù+Ҩ,íêæ¹GÈÝQ;åÒ	—£*T4µ¬­Mùh¶Šx, ’ù£Ô =ýcÄæhÕèKûÁÛÚo)£%4„iûŽ¶(Ù¾>Dòî½gH”8ñò¦ý aÿ¥P÷¾0·E…ºI°·ûB 2¶×:-µœ2l’G°O™¿ñ5VWâ8Ñ¥§¢ã䛈¨3ƒæƒ!u¾TÛZ¾<áêÞD‡’Á^´ÓЕ‹¬öåĶ|\=…DÊÝ·_y\$¯\=ãSçz§ƒÜ<rDòwܫȉÓõÞbÆž'p(Ÿ»$ߤ[¶ž6ãèââV
£mA#¥øóë¬beÙVöÏÝ;nÃìÊø{“¬Þ/H맪:2]]çÏ~sïQÆæIU«~-gºèõ•€¼`¦·9m”÷ÚD«yN?˜Îñë3Y¥õáüêôŽ¶Èxšäer~Ößìx×58PZï/fEÎs‡M¨Á¯‡ËeG†pÃaÐäñ EÊËâ¨ìp­üJ²êâøhwÈb0¥lPq0b ´½T¤ÿØÀ¿FöŠ‡“H*‹îÙÏS™v™IwHÙÊ>[^)L0g¥¿qevsOŸ5‡npÛ9œ¸µ ·®ó:…{¬¡~=+TOô¦z”¹º¢ã™n“¢ˆ¥ª”ÝyŸ²®+2Ÿ!ÙÎ÷áVúìh…½yËéÅjÎՄÿçqµã	Åt«÷¶rQW?m\f~øÝÝ+ÅQ™W©cŸhÞ°»îW%ÍǕ®?9™M´ðu=A|‰T¨#þ¾¡n.ç4‰ù_'Èl¡IéPËýìÛmÏ%b©Ê­räúìç^…Œ*#öÎތî9îÍ{¾Ý¢0­ð5ŠŸ‚•¤’ü¡å	X(ñƒïEz5Ý¡¾f„(Ññ°iD|™—ö!?`sqV{üf:™[[ßxÒHâàÐAWšÀ¤gÛUŸ½Ñq5…ƒC‰jÄieUPðNrÕáÀʐJøe¸0nl«£^->ÿæq£«œã‘Œ5ü^.¯oT»éíbf#A.ñ•s@¾F8Ž’-]&â_Ð{uùâR¼óo[×®\BŸŸ‹‚Ñéƒ%
‰U/ȒmQǟŸåª9×°8869+Óx¾h„鯊8W;,
Ÿ”·T'R`fiâ­¦£Z£1hy¤'¿ú0A*ÁÀq+túFYv¡`iT?!üSgљ½ßT
í¾)«Ç:þ›†¯¸~“^Ú6¡É|‚	§äbÐIÙóªxK¾ãÅy#¿·ß«ÑªìêD®ª)dàÇ÷z0¸oM[>`kõՁ~7´¤é¡†Æ°»Ï£–LŽ6G𹯩Dg;vA³ eH¬ÃV	9’£Òü	^)­ÒX*4̓uXäk…Ã@„¨ñ–${º?^Š^ªLÑúUÆe>ÁpWAëôƒIä×°qZ
_¶”¢ª!FaÖÈÀiÉû(\ĬÆÞ.Hˆ2tá¿zzòL;gcA{$Ÿì'¢¦ßÖ(¹Úçi,W6äiî›wËÜq[V,xtY9Ⴚ¶~5& Ø/;¯¸·Uú…öÀwÔ™'wF;0ãÉD¶ý4q÷h_®‘þŒC4ÖDá'ß_žÊÛS³ëë6¿ÙNs,W†žX¼º—¢/¥Àn”šÐ™¡ÛEÿÁ‹‡qu!ãGpø«2yë68~â©>rZä®/‘!A¨
õ>üÀ)vîþ¼àϒþ»¢lò‰(gºiòšñþ±ÔE¦%†wK¨•ÁS»4ò.úø–t»©æ‰.
c•&4\Òù¹Ö½8n1À¨\
PÀ\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP¼AŠ§ëï‚Î~Y
“œ’ì2u8ŽýG“ …Å·DÀÜ s)Šw~ß"»ùR™AG~Ü|¦4Uƒëà°Bâϸ‰ÀÖDòRôDЯŸkT¯GQß­?{ŠÝmò;ö¡ZadÖè|y–RNDIõè؜£™
 ‰%¶ri+øçÌþz€+¿ïÌnˆzg˜¯e"<~˜þ_2¿Ë
a9ñG2V¦¬\V&¥l
Ë­˜–0~³>`ëkˆ+¹Î!0<„2ý×…5>#O‘}__¨ÇÜylÞO:÷Êj{bèQ<äÈ)|qk†€È€”«Xòç–ífÕ×!7¹´Äÿ„7¾Ä6GDâMìÆb$ïPQ|^q nƒRë*øãKœEj9*g¨=hùoÚ¸”Êÿ‰†£Ë¯¤š¡wڒX«„>:홼“ÒýFa„ôñSÅϳñ‹*8͈òM•î´ÿk=\&¥-0GaÕquà]3Æf;‘ä¤dxõÌz¡Ág_ðÕ	ýpz¶Ùå݄áøз m{éàõ'7t`~éË/Hò"+
f•º¹U¸¨%k†¾YÇ+–%¥áTI»‘Ä>¯¾*)¼¤A^ý-¹ƒ<ÑƒÝ4±ÿ¤(©ÚoëØlø¿Šìmëâ‘<~g$_Eĝõðöܘé)?KÚÕd”‰´Â˜v²`ŒÂ!ÊcßSÎ[*Âã5#qB/˜$pqOÊ	N3„
¢±K7áã
¢TBÔ·Êp•´mòÕ_ ÌWõì…-	 ©I@É[Oò‚y·`=ˆUÔç9¥ORõ¥‚ñSÚÌTwôM˜<<6?ò{¯$ãF`·]Pq;WPəèX•=w­Ã
¸ˆÚ¶m+P3YC¦<”z}’
PqBÅä¯ÈHÌB™EÑuØН8K86ã'J6¯Fð|Y“*=ÌVÕnS™½Qýpc¼„CVýd„¸žYPÞÑ6©£D¡œ‚Ø®­Mϟ‚~ÒÀطr¶©‚`ÝüNàß´å	»³ñ9N
[ô³»þÆò.¨O¶òL|zí×I;xÅfìý[Wæ“þe§SrÝu]äï4räRuçVîƒ.z	Ø¤ÖtӀ)5Bë¿ÐV™s1ªCæ¥ÝRå¤ÁƒqóƬEuÆwÜì*K`T&å4]×uôûéë2Ͷ¤ÿ{×#°7<X‚GÃn†‚çŽ{™ÏYFrׂËÄ­EÜۜH~"O^âpW.^åUA[8=#­—£gî âòI‘[fû%ìò^6ýŗ›´p¥Ú!^؏À£ÚXQD(bÖ#Ԓñà† °ÿnF°eáaˆÏÓª@k5 ‡Ê?µÅ*U,B„۝pWœûx¤“쑨úä`_vʜZov•)´eŸB˜;j0c‘€€@²]vNáëÝÞ<ߜK—€<L²„m“•])¥ƒ¹xçì1źŽt‡É".hoû®­“Owïê0nàÁpøVó1ì¼&ry7)ìF&ýšpXÑxãÐw¶ÌKšš¸ÀY¶X¦¢†‹ZÌ©f™îdÛqH¹i@ÜËÁn¬7Êå—züØÖ#¨1Š›!åÂa~ýë­^d`vîÙú+>“?ó.ÄÄÙ5ñ]KÆûÈ;0oïE3£óq"0ÇÝg>“[À¢ì¾òãâ°9k‹óÖā”šv?Kê´¯rû¦ú5ŸŽ"y
)gÙQÎ߬gT™ ‡
@Ë¥Ñjg—xЕÞn5¤ŸûsÛ>²¡mv #È·µ–úíËFx¹èD ³» 5&ra;¢ В3ԅh¥R*ä˜S&’ûÞºÉWKö%uI4Ú-´²ñø”9G˜—<éWMÈé±¢(óÚz\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP£G¯K›aXê÷FèPE„W|TÍ.:Œ—˜ÂηѤînwF9Yúø¾ô6|ú퟾-å-Ñ}3àKȞÝ@Y”“¹á-t!6„Ák3wsºþ.ÓAØûÑ徕„Æ<nTÉïgé‚Ôãßy×HK¬—ßîža°q¸ÉüފˆiÎÝíüp‡¥ç.ʋúqXƒàÀ‚² 2%(èâXŸéΞA•o*ù«þ&\ѹ_½ïŸ¼Ðæë¡lQÙ£À¾êâU¦Ë,9c¬ˆàî»Yucm%¿ÆçTþڟ/{YÅd÷#F;Åtz„ÞJDÆ$ÉÄäӕҨߊ£(à1íXÆ©Kß;!‘]I`Åù{!PgQÔ!èÀ-ïÐՍÝ,ƒ€‚AHC?ÆÕg¦ƒÞä‡xæG˜àsò±¢3o;e`FV$õ;k¤Ð³­Iyyä7šR4J™,9;„ð˚‰„o—ßFÆ6wñôɑÛ+²~I~Ù«<z@‡<ïnü){Pn
Ü,/˜OýŠan¼$_“‰’Ò虐Á³±­)%ƒxê”_*JFmùۆ[´N0Õ}ÊÃ$?Àö_h”aÚôÉM-¬ÚÁ¦€%6‹.5$Ú$ñ›±³ùß©4ÿx~M3“Œ¢:ƒ¬7áf»±wщð7uo;%•—z\ŠGD¡be^fS$×DËRÁdTr¾Zçh+ۻ˚.ÿ|7!ÇwÅãÒ¢UqÙgìeKØ'ÍíêP‹zØšÛÑaµ•ö  é3`µLŽì‚b`¨‚q+¶R։E#À¿b‚s¬Rýt5y´ûŒYOJƒ@s3œº° ˜í%ºzŸÓÈÀÖæšyNjW¸Ï–â|­W÷ÈÀ³¶-T%œÆ%%dðN¾Ãñ…S†d·[<…Žð]C…$§ö·eW‹$¹ãYÑX–ÛYÍAö8ZôľôböÿaîÒ@÷I«	iì™HÇm©	RŸƒNÇ:±vžƒ7@¸vÕÓ~Bv¡ß“EJ`bßÓ
F€)LÓòÁFe1ëˆÑª†éÂ0ªñqŽF½2ñ¶{³d„:	a·{œ‹È	.¿ðŠ±^D¯ðËïª,XJ˜²Ê÷ªó_S.´ÊŒ;ÛQ¡7^oû…lÊÉÄù°䜦ͥ	î˜7Ž¯ífùmH›Å¡„€°Ïøú5ôåÇîC×çWxëG5[4¤¥Mê$
fA|Š+Á´-à«Só¢|´ý'’EÀµ%fBû‡˜ž'‹÷Kz¡fôòøò¶EPa!w¿­‚*ýÈ֫ω*DâÈ¿®Ø¢*	êʓ¬Ø‹Ï&ÀÊZ‘›ÚÎD©à››¡=Q讘c©4Vè—^©ø›Ü_Z—Êý²4^X€º6ç²û£QHBR{®lIB;J#–B¯Â·–
ð{ʬŠÂJ¸ƒ¦ŠÂ3.`ƒn ·Âû’iÆ  åQ’áp—É][âúÿ;!Ä[©0	·$	˜olÕf±Gؗ§¿rèXÀÈcéïDG­['Úy6¢©ªܶ~D†’D;KëœÓT žÓ$2Sq¦Ú!D†âãó8 yÑÌʵ;æµ žÔá²ÐîK&ƒÜù>ìøo™Þ¹²@ìø'êû$ŠÊ?ˆ.'ž‘;Ý*×uQ~9O2ëœ}ú¥C;ÿÙ!9™÷žZoÇ՘Þku”9俞˜%È;ö%
¯Áå_ýÕv:>X­Ð©]¬À°æ ²ãHþ˜H9máûòl¯•xéO#Ìõ²ŸR§˜×¥R=äoõõ½o8XDðYòkIgÎü´ã³÷v´.ǎ–ᐴ8dò±»ÛX(?È~1¸9µkð7ìAòúü¤ÁÂÇãã•OÑFµŒ7XªTyš0þºa8\Òù¹\Òù¹ÖêEÜ(#n1À¨\
PÀP@?Yˆ V9ªžÈœ˜ßf?hòéø)à3l=<J=Ոh²€,Y;™ä[f#´ÌÙMowîêˆÂxœF±¿Gdñ[šJ-ž&¢Ý+üþox¨âîë˜;¤¹©m!ÊØ5±EV:Tk$Â÷œG]QŸK¤R„Ué
y¦ìÔÛ+HÁäß8çšJnÍ¡uÃéÁß\ÞîñÓ8huŒ:`Üî‚0cIfÀÖ{'UPoÍ»!dx*^ÍÞ1è×l|y`6̑€Èz+a3ÓÑæt÷n·CûK®@¶%KS‚¬á…—&S<ìR
À¿-L*Uv-±cªžØ9! }œa'ÿ‘UŒU(Š^,·û$µWn–s”Ï”ãÉÝƍ`Ñëp°½óçúÿòe6–¸4w"výN4æɇ*CîpHürhBÅZÎ×p×Ru¢êà؊H¿êËAzÎGÆùOݪyÑH»ùPÜübÐIV‹Qß4ÐÐJAPÞÊ_ÑKùóPÙ.ÐLìQØ({ÓMSîRÛ~ÒNiíSڐqÕOcõTÅ
fÔP·ŠUÄþïÔQIbTÇöÕRoeWÆDžÖS>ÕWÁ.ÙT#²XÀ¨&ØU‚ºYÃì ÛVPJZÂ߯ÛW÷ ]ÍbE5%bÞ+r“
t9+À²ü¡T§/òòr}S†1¯)	ëõ¶®#aCiqÀö,£¡†íð,Ə¸ä(äƒvà}¼1ù}ö¨ë(
ðáà4©\î6Y}PP
ڙf½2G†LúžçÈÑ4‚³°,È7

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1172 bytes) - download
1
2
3
4
5
6
7
8
2019-05-09 18:18:19,774 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-09 18:18:20,651 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-09 18:18:20,651 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-09 18:18:20,651 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-09 18:18:20,651 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-09 18:18:20,652 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dfdd78014db3af944fba8160c9c7738856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05092019.1818-21283f726aa8719245b75649fb08a0c4.pcap -vvv -k none
2019-05-09 18:18:47,720 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-09 18:18:47,721 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.9551568031