Filename: merged.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 15.1126968861 seconds
Hash: fbab2ae747e9739ee4a249a8c422457f
Uploaded: 1523461730

Logfiles


packet_stats.log - (10747 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           534           127701      107461779      76765258         41.0b   94.14
 IPv4      17            33         18436947       91148220      77283972          2.6b    5.86
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           534            69321       15455337        229856        122.7m   90.69
TMM_FLOWWORKER              IPv4      17            33           140631         684264        250551          8.3m    6.11
TMM_RECEIVEPCAPFILE         IPv4       6           529             2655         368037          4300          2.3m    1.68
TMM_RECEIVEPCAPFILE         IPv4      17            33             2844           5592          3469        114.5k    0.08
TMM_DECODEPCAPFILE          IPv4       6           529             2751          33855          3426          1.8m    1.34
TMM_DECODEPCAPFILE          IPv4      17            33             2781           9483          4031        133.1k    0.10

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           529             2997          45264          3673          1.9m  1.94  
flow                    IPv4      17            33             3069          14589          4063        134.1k  0.13  
stream                  IPv4       6           534             3411         731178         12073          6.4m  6.42  
app-layer               IPv4      17            33             2655          49965          8115        267.8k  0.27  
detect                  IPv4       6           534            46416       15409002        155890         83.2m  82.90 
detect                  IPv4      17            33           123372         460077        199206          6.6m  6.55  
tcp-prune               IPv4       6           534             2613          24189          3374          1.8m  1.79  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4            11367          27876         18512         74.0k  35.28 
http                    IPv4      17             2            27876          27876         27876         55.8k  26.56 
tls                     IPv4       6             5             2931           8325          4447         22.2k  10.59 
dns                     IPv4      17             6             5358          13116          9640         57.8k  27.56 
Proto detect            IPv4      17             8             5115          27438         12574        100.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             6            42420         263487        139408        836.4k  8.82  
LOGGER_JSON_HTTP            IPv4       6             2           177273         289743        233508        467.0k  4.92  
LOGGER_JSON_TLS             IPv4       6             3            78573        7426221       2557247          7.7m  80.89 
LOGGER_JSON_FILE            IPv4       6             2           235482         273927        254704        509.4k  5.37  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           104             2820         124998         31471         3.3m  22.01 
payload                           IPv4      17            33             4263          84003         13705       452.3k  3.04  
stream                            IPv4       6           104             2607         263049         46674         4.9m  32.64 
http_uri                          IPv4       6             2            30684          35079         32881        65.8k  0.44  
http_client_body                  IPv4       6             2             3915           4272          4093         8.2k  0.06  
http_header (request)             IPv4       6             2            65430          66591         66010       132.0k  0.89  
http_header (request trailer)     IPv4       6             2             2712           2835          2773         5.5k  0.04  
http_raw_header (request)         IPv4       6             2            16089          19461         17775        35.5k  0.24  
http_method                       IPv4       6             2             4434           4557          4495         9.0k  0.06  
http_cookie (request)             IPv4       6             2             3585           3648          3616         7.2k  0.05  
http_raw_uri                      IPv4       6             2             5844           6669          6256        12.5k  0.08  
http_user_agent                   IPv4       6             2            11361          13173         12267        24.5k  0.16  
dns_query                         IPv4      17             3             3255           5409          4495        13.5k  0.09  
http_header (response)            IPv4       6             2            45276          50532         47904        95.8k  0.64  
http_header (response trailer)    IPv4       6             2             3468           4467          3967         7.9k  0.05  
http_raw_header (response)        IPv4       6            76             5256          17673          6589       500.8k  3.37  
http_cookie (response)            IPv4       6             2             3681           4134          3907         7.8k  0.05  
http_stat_code                    IPv4       6             2             4383           4635          4509         9.0k  0.06  
file_data (http response)         IPv4       6            76             2661         795921         70507         5.4m  36.03 
Total                             IPv4                   422                                         35244        14.9m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            10             9387         156201         44848        448.5k  0.40  
PROF_DETECT_IPONLY          IPv4      17             8             6507         104448         49307        394.5k  0.35  
PROF_DETECT_RULES           IPv4       6           534             2592         359322         14416          7.7m  6.92  
PROF_DETECT_RULES           IPv4      17            33            61296         268131        101269          3.3m  3.01  
PROF_DETECT_STATEFUL_START    IPv4       6            49             5277         213990         15519        760.5k  0.68  
PROF_DETECT_STATEFUL_CONT    IPv4       6           534             2574        8521641         22143         11.8m  10.63 
PROF_DETECT_STATEFUL_CONT    IPv4      17            33             2796           4971          3272        108.0k  0.10  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           514             2616          35148          3102          1.6m  1.43  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             2796           3285          3002         18.0k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           534             8265       15352068         75870         40.5m  36.43 
PROF_DETECT_PREFILTER       IPv4      17            33            25731         108651         41242          1.4m  1.22  
PROF_DETECT_PF_PAYLOAD      IPv4       6           104            22416         305931         88016          9.2m  8.23  
PROF_DETECT_PF_PAYLOAD      IPv4      17            33             9447          89478         19320        637.6k  0.57  
PROF_DETECT_PF_TX           IPv4       6           514             2652       15337398         46545         23.9m  21.51 
PROF_DETECT_PF_TX           IPv4      17             3             9015          11670         10591         31.8k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6            77             2604          42636          3634        279.9k  0.25  
PROF_DETECT_PF_SORT1        IPv4      17            33             2796           5604          3718        122.7k  0.11  
PROF_DETECT_PF_SORT2        IPv4       6           534             2574         121068          3138          1.7m  1.51  
PROF_DETECT_PF_SORT2        IPv4      17            33             2640           4047          3082        101.7k  0.09  
PROF_DETECT_NONMPMLIST      IPv4       6           534             2589          29874          3195          1.7m  1.53  
PROF_DETECT_NONMPMLIST      IPv4      17            33             2631           3720          2949         97.3k  0.09  
PROF_DETECT_ALERT           IPv4       6           534             2592          25761          2922          1.6m  1.40  
PROF_DETECT_ALERT           IPv4      17            33             2604           3897          2703         89.2k  0.08  
PROF_DETECT_CLEANUP         IPv4       6           534             2622          29406          3220          1.7m  1.55  
PROF_DETECT_CLEANUP         IPv4      17            33             2598           5724          3047        100.6k  0.09  
PROF_DETECT_GETSGH          IPv4       6           534             2598          34179          3244          1.7m  1.56  
PROF_DETECT_GETSGH          IPv4      17            33             2667          74055          6201        204.6k  0.18  


suricata-report-2018-04-11-T-15-49-05-04112018.1548-merged.pcap.txt - (16835 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fbab2ae747e9739ee4a249a8c422457fd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04112018.1548-merged.pcap -vvv -k none
elapsedtime:12.903885
stderr:
stdout:
11/4/2018 -- 15:48:52 - <Info> - Configuration node 'rule-files' redefined.
11/4/2018 -- 15:48:52 - <Notice> - This is Suricata version 4.0.0 RELEASE
11/4/2018 -- 15:48:52 - <Info> - CPUs/cores online: 1
11/4/2018 -- 15:48:52 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33430 and 'request-body-inspect-window' set to 15828 after randomization.
11/4/2018 -- 15:48:52 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32724 and 'response-body-inspect-window' set to 15756 after randomization.
11/4/2018 -- 15:48:52 - <Config> - DNS request flood protection level: 500
11/4/2018 -- 15:48:52 - <Config> - DNS per flow memcap (state-memcap): 524288
11/4/2018 -- 15:48:52 - <Config> - DNS global memcap: 16777216
11/4/2018 -- 15:48:52 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
11/4/2018 -- 15:48:52 - <Config> - preallocated 1000 hosts of size 136
11/4/2018 -- 15:48:52 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
11/4/2018 -- 15:48:52 - <Config> - using magic-file /usr/share/file/magic
11/4/2018 -- 15:48:52 - <Config> - Core dump size is unlimited.
11/4/2018 -- 15:48:52 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
11/4/2018 -- 15:48:52 - <Config> - preallocated 1000 defrag trackers of size 168
11/4/2018 -- 15:48:52 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
11/4/2018 -- 15:48:52 - <Config> - stream "prealloc-sessions": 2048 (per thread)
11/4/2018 -- 15:48:52 - <Config> - stream "memcap": 33554432
11/4/2018 -- 15:48:52 - <Config> - stream "midstream" session pickups: disabled
11/4/2018 -- 15:48:52 - <Config> - stream "async-oneside": disabled
11/4/2018 -- 15:48:52 - <Config> - stream "checksum-validation": disabled
11/4/2018 -- 15:48:52 - <Config> - stream."inline": disabled
11/4/2018 -- 15:48:52 - <Config> - stream "bypass": disabled
11/4/2018 -- 15:48:52 - <Config> - stream "max-synack-queued": 5
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly "memcap": 134217728
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly "depth": 0
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly "toserver-chunk-size": 2542
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly "toclient-chunk-size": 2514
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly.raw: enabled
11/4/2018 -- 15:48:52 - <Config> - stream.reassembly "segment-prealloc": 2048
11/4/2018 -- 15:48:52 - <Config> - Delayed detect disabled
11/4/2018 -- 15:48:52 - <Config> - pattern matchers: MPM: ac, SPM: bm
11/4/2018 -- 15:48:52 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
11/4/2018 -- 15:48:52 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
11/4/2018 -- 15:48:52 - <Config> - prefilter engines: MPM
11/4/2018 -- 15:48:52 - <Config> - IP reputation disabled
11/4/2018 -- 15:48:52 - <Perf> - Registered 148 keyword profiling counters.
11/4/2018 -- 15:48:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
11/4/2018 -- 15:48:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
11/4/2018 -- 15:48:52 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
11/4/2018 -- 15:48:54 - <Config> - No rules loaded from ET-emerging-icmp.rules.
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
11/4/2018 -- 15:48:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
11/4/2018 -- 15:48:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
11/4/2018 -- 15:48:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
11/4/2018 -- 15:48:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
11/4/2018 -- 15:48:55 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
11/4/2018 -- 15:48:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
11/4/2018 -- 15:48:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
11/4/2018 -- 15:48:56 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
11/4/2018 -- 15:48:59 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
11/4/2018 -- 15:49:00 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
11/4/2018 -- 15:49:00 - <Config> - No rules loaded from local.rules.
11/4/2018 -- 15:49:00 - <Info> - 44 rule files processed. 19033 rules successfully loaded, 0 rules failed
11/4/2018 -- 15:49:00 - <Info> - Threshold config parsed: 0 rule(s) found
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tcp-packet
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tcp-stream
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for udp-packet
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for other-ip
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_uri
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_request_line
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_client_body
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_response_line
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_header
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_header
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_header_names
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_header_names
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_accept
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_accept_enc
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_accept_lang
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_referer
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_connection
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_content_len
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_content_len
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_content_type
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_content_type
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_protocol
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_protocol
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_start
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_start
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_raw_header
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_raw_header
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_method
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_cookie
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_cookie
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_raw_uri
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_user_agent
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_host
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_raw_host
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_stat_msg
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_stat_code
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for dns_query
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tls_sni
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tls_cert_issuer
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tls_cert_subject
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for tls_cert_serial
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for dce_stub_data
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for dce_stub_data
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for ssh_protocol
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for ssh_protocol
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for ssh_software
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for ssh_software
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for file_data
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for file_data
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_request_line
11/4/2018 -- 15:49:00 - <Perf> - using shared mpm ctx' for http_response_line
11/4/2018 -- 15:49:00 - <Info> - 19038 signatures processed. 1150 are IP-only rules, 6600 are inspecting packet payload, 13700 inspect application layer, 0 are decoder event only
11/4/2018 -- 15:49:00 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
11/4/2018 -- 15:49:00 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
11/4/2018 -- 15:49:00 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
11/4/2018 -- 15:49:00 - <Perf> - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
11/4/2018 -- 15:49:00 - <Perf> - UDP toclient: 21 port groups, 14 unique SGH's, 7 copies
11/4/2018 -- 15:49:00 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
11/4/2018 -- 15:49:00 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
11/4/2018 -- 15:49:02 - <Perf> - Unique rule groups: 107
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toserver TCP packet": 31
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toclient TCP packet": 20
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toserver TCP stream": 31
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toclient TCP stream": 21
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toserver UDP packet": 30
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "toclient UDP packet": 14
11/4/2018 -- 15:49:02 - <Perf> - Builtin MPM "other IP packet": 2
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_uri": 8
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_client_body": 6
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_header": 6
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toclient http_header": 3
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_method": 4
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_cookie": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toclient http_cookie": 2
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver dns_query": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toserver file_data": 1
11/4/2018 -- 15:49:02 - <Perf> - AppLayer MPM "toclient file_data": 5
11/4/2018 -- 15:49:03 - <Perf> - Registered 19038 rule profiling counters.
11/4/2018 -- 15:49:03 - <Info> - fast output device (regular) initialized: alert
11/4/2018 -- 15:49:03 - <Info> - eve-log output device (regular) initialized: eve.json
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'alert'
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'http'
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'dns'
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'tls'
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'files'
11/4/2018 -- 15:49:03 - <Config> - enabling 'eve-log' module 'ssh'
11/4/2018 -- 15:49:03 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
11/4/2018 -- 15:49:03 - <Info> - stats output device (regular) initialized: stats.log
11/4/2018 -- 15:49:03 - <Config> - AutoFP mode using "Hash" flow load balancer
11/4/2018 -- 15:49:03 - <Info> - reading pcap file /var/pcap/04112018.1548-merged.pcap
11/4/2018 -- 15:49:03 - <Config> - using 1 flow manager threads
11/4/2018 -- 15:49:03 - <Config> - using 1 flow recycler threads
11/4/2018 -- 15:49:03 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
11/4/2018 -- 15:49:03 - <Info> - pcap file end of file reached (pcap err code 0)
11/4/2018 -- 15:49:03 - <Notice> - Signal Received.  Stopping engine.
11/4/2018 -- 15:49:04 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
11/4/2018 -- 15:49:04 - <Info> - time elapsed 0.708s
11/4/2018 -- 15:49:05 - <Perf> - 10 flows processed
11/4/2018 -- 15:49:05 - <Notice> - Pcap-file module read 562 packets, 510990 bytes
11/4/2018 -- 15:49:05 - <Perf> - AutoFP - Total flow handler queues - 1
11/4/2018 -- 15:49:05 - <Info> - Alerts: 0
11/4/2018 -- 15:49:05 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
11/4/2018 -- 15:4

This file has been truncated. Go here to download in full.


stats.log - (3135 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 4/11/2018 -- 15:49:05 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 562
decoder.bytes                              | Total                     | 510990
decoder.ipv4                               | Total                     | 562
decoder.ethernet                           | Total                     | 562
decoder.tcp                                | Total                     | 529
decoder.udp                                | Total                     | 33
decoder.avg_pkt_size                       | Total                     | 909
decoder.max_pkt_size                       | Total                     | 2044
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 5
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 5
tcp.rst                                    | Total                     | 5
detect.mpm_list                            | Total                     | 1
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 3
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 2
flow_mgr.est_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10004
flow_mgr.flows_checked                     | Total                     | 10
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 6
flow_mgr.flows_timeout_inuse               | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65526
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077184


eve.json - (10673 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{"timestamp":"2018-03-06T05:16:54.524349+0000","flow_id":1376765260260364,"pcap_cnt":7,"event_type":"tls","src_ip":"192.168.0.121","src_port":49174,"dest_ip":"159.89.146.0","dest_port":443,"proto":"TCP","tls":{"subject":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name","issuerdn":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name"}}
{"timestamp":"2018-03-06T05:16:55.308302+0000","flow_id":814949178258510,"pcap_cnt":10,"event_type":"dns","src_ip":"192.168.0.121","src_port":55438,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9240,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-03-06T05:16:55.369593+0000","flow_id":814949178258510,"pcap_cnt":11,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":55438,"proto":"UDP","dns":{"type":"answer","id":9240,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":293,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2018-03-06T05:16:55.369593+0000","flow_id":814949178258510,"pcap_cnt":11,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":55438,"proto":"UDP","dns":{"type":"answer","id":9240,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":167,"rdata":"download.windowsupdate.com.edgesuite.net"}}
{"timestamp":"2018-03-06T05:16:55.369593+0000","flow_id":814949178258510,"pcap_cnt":11,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":55438,"proto":"UDP","dns":{"type":"answer","id":9240,"rcode":"NOERROR","rrname":"download.windowsupdate.com.edgesuite.net","rrtype":"CNAME","ttl":332,"rdata":"a767.dspw65.akamai.net"}}
{"timestamp":"2018-03-06T05:16:55.369593+0000","flow_id":814949178258510,"pcap_cnt":11,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":55438,"proto":"UDP","dns":{"type":"answer","id":9240,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":1,"rdata":"165.254.0.106"}}
{"timestamp":"2018-03-06T05:16:55.369593+0000","flow_id":814949178258510,"pcap_cnt":11,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":55438,"proto":"UDP","dns":{"type":"answer","id":9240,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":1,"rdata":"165.254.0.90"}}
{"timestamp":"2018-03-06T05:16:56.043457+0000","flow_id":259846130149825,"pcap_cnt":12,"event_type":"dns","src_ip":"192.168.0.121","src_port":49364,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14556,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":2992,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":1,"rdata":"wu.azureedge.net"}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"wu.azureedge.net","rrtype":"CNAME","ttl":1,"rdata":"wu.ec.azureedge.net"}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"wu.ec.azureedge.net","rrtype":"CNAME","ttl":1,"rdata":"wu.wpc.apr-52dd2.edgecastdns.net"}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"wu.wpc.apr-52dd2.edgecastdns.net","rrtype":"CNAME","ttl":1,"rdata":"cs11.wpc.v0cdn.net"}}
{"timestamp":"2018-03-06T05:16:56.092911+0000","flow_id":259846130149825,"pcap_cnt":13,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.0.121","dest_port":49364,"proto":"UDP","dns":{"type":"answer","id":14556,"rcode":"NOERROR","rrname":"cs11.wpc.v0cdn.net","rrtype":"A","ttl":1923,"rdata":"72.21.81.240"}}
{"timestamp":"2018-03-06T05:16:56.271130+0000","flow_id":301861647708293,"pcap_cnt":77,"event_type":"http","src_ip":"192.168.0.121","src_port":49176,"dest_ip":"165.254.0.106","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2018-03-06T17:23:17.628453+0000","flow_id":994490257222402,"pcap_cnt":307,"event_type":"tls","src_ip":"192.168.78.18","src_port":49187,"dest_ip":"159.89.146.0","dest_port":443,"proto":"TCP","tls":{"subject":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name","issuerdn":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name"}}
{"timestamp":"2018-03-06T17:23:21.816988+0000","flow_id":1439375855011857,"pcap_cnt":318,"event_type":"tls","src_ip":"192.168.78.18","src_port":49189,"dest_ip":"159.89.146.0","dest_port":443,"proto":"TCP","tls":{"subject":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name","issuerdn":"C=\/C=US\/ST=SD\/O=Cole Inc\/OU=bus\/CN=cole.inc.name\/emailAddress=bus@cole.inc.name"}}
{"timestamp":"2018-03-06T17:23:24.221822+0000","flow_id":396424651760254,"pcap_cnt":321,"event_type":"dns","src_ip":"192.168.78.18","src_port":53753,"dest_ip":"4.2.2.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7637,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":842,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":79,"rdata":"fg.download.windowsupdate.com.c.footprint.net"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"fg.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":188,"rdata":"8.253.110.235"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"fg.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":188,"rdata":"8.253.134.231"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"fg.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":188,"rdata":"8.253.110.234"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"fg.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":188,"rdata":"8.253.110.248"}}
{"timestamp":"2018-03-06T17:23:24.238798+0000","flow_id":396424651760254,"pcap_cnt":322,"event_type":"dns","src_ip":"4.2.2.1","src_port":53,"dest_ip":"192.168.78.18","dest_port":53753,"proto":"UDP","dns":{"type":"answer","id":7637,"rcode":"NOERROR","rrname":"fg.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":188,"rdata":"8.253.110.120"}}
{"timestamp":"2018-03-06T17:23:24.301767+0000","flow_id":492876732349098,"pcap_cnt":384,"event_type":"http","src_ip":"192.168.78.18","src_port":49191,"dest_ip":"8.253.110.235","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2018-03-06T17:23:47.677941+0000","flow_id":301861647708293,"event_type":"fileinfo","src_ip":"165.254.0.106","src_port":80,"dest_ip":"192.168.0.121","dest_port":49176,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":53978},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":53978,"tx_id":0}}
{"timestamp":"2018-03-06T17:23:47.677941+0000","flow_id":492876732349098,"event_type":"fileinfo","src_ip":"8.253.110.235","src_port":80,"dest_ip":"192.168.78.18","dest_port":49191,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":54018},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":54018,"tx_id":0}}


keyword_perf.log - (7309 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/11/2018 -- 15:49:05
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             456012          131             131             16683           3481.00         3481.00         0.00           
  content          724608          108             45              112311          6709.00         7648.00         6038.00        
  pcre             43287           2               2               33663           21643.00        21643.00        0.00           
  byte_test        149931          40              17              20178           3748.00         4487.00         3202.00        
  byte_jump        12459           1               0               12459           12459.00        0.00            12459.00       
  isdataat         8811            3               0               3174            2937.00         0.00            2937.00        
  flowbits         140772          38              6               10896           3704.00         5028.00         3456.00        
  urilen           12231           4               2               3123            3057.00         3066.00         3049.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             456012          131             131             16683           3481.00         3481.00         0.00           
  flowbits         110601          32              0               10116           3456.00         0.00            3456.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          406899          70              36              97518           5812.00         6847.00         4717.00        
  byte_test        149931          40              17              20178           3748.00         4487.00         3202.00        
  byte_jump        12459           1               0               12459           12459.00        0.00            12459.00       
  isdataat         8811            3               0               3174            2937.00         0.00            2937.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         30171           6               6               10896           5028.00         5028.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14805           4               0               3885            3701.00         0.00            3701.00        
  urilen           12231           4               2               3123            3057.00         3066.00         3049.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          269100          26              1               112311          10350.00        63849.00        8210.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26028           6               6               5256            4338.00         4338.00         0.00           
  pcre             43287           2               2               33663           21643.00        21643.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7776            2               2               3888            3888.00         3888.00         0.00           


suricata-4.0.0-etopen-all-perf.txt-2018-04-11-T-15-49-05-04112018.1548-merged.pcap.txt - (15062 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
  --------------------------------------------------------------------------
  Date: 4/11/2018 -- 15:49:05. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024771      1        1        8965047      59.85  76       0        8508660     117961.14   0.00        117961.14  
  2        2020865      1        3        207237       1.38   1        0        207237      207237.00   0.00        207237.00  
  3        2007670      1        9        245928       1.64   4        4        135990      61482.00    61482.00    0.00       
  4        2023476      1        5        225384       1.50   3        0        104343      75128.00    0.00        75128.00   
  5        2023818      1        2        119379       0.80   2        2        71952       59689.50    59689.50    0.00       
  6        2014701      1        12       105045       0.70   6        0        53400       17507.50    0.00        17507.50   
  7        2022535      1        11       98970        0.66   3        0        46512       32990.00    0.00        32990.00   
  8        2016537      1        2        632034       4.22   38       0        43395       16632.47    0.00        16632.47   
  9        2024829      1        2        58134        0.39   2        0        35751       29067.00    0.00        29067.00   
  10       2014519      1        7        118536       0.79   5        0        35580       23707.20    0.00        23707.20   
  11       2007703      1        11       74841        0.50   4        0        35238       18710.25    0.00        18710.25   
  12       2020787      1        2        30918        0.21   1        0        30918       30918.00    0.00        30918.00   
  13       2101941      1        10       123594       0.83   33       0        30081       3745.27     0.00        3745.27    
  14       2020698      1        2        56742        0.38   2        0        28461       28371.00    0.00        28371.00   
  15       2010142      1        4        110322       0.74   30       0        28308       3677.40     0.00        3677.40    
  16       2016143      1        3        155283       1.04   9        0        26910       17253.67    0.00        17253.67   
  17       2001330      1        8        291330       1.94   88       0        26637       3310.57     0.00        3310.57    
  18       2022627      1        12       70815        0.47   3        0        25953       23605.00    0.00        23605.00   
  19       2017552      1        6        612573       4.09   40       0        24729       15314.33    0.00        15314.33   
  20       2022552      1        2        24243        0.16   1        0        24243       24243.00    0.00        24243.00   
  21       2015986      1        5        44508        0.30   7        0        23796       6358.29     0.00        6358.29    
  22       2016112      1        3        119010       0.79   7        0        23184       17001.43    0.00        17001.43   
  23       2014703      1        9        59649        0.40   6        0        21597       9941.50     0.00        9941.50    
  24       2018375      1        3        100509       0.67   6        0        21561       16751.50    0.00        16751.50   
  25       2022914      1        1        46890        0.31   3        0        21528       15630.00    0.00        15630.00   
  26       2018667      1        2        42693        0.28   2        0        21408       21346.50    0.00        21346.50   
  27       2014702      1        9        58050        0.39   6        0        21039       9675.00     0.00        9675.00    
  28       2024650      1        1        78741        0.53   5        0        20022       15748.20    0.00        15748.20   
  29       2023626      1        3        107331       0.72   33       0        19158       3252.45     0.00        3252.45    
  30       2008117      1        3        37737        0.25   8        0        16953       4717.12     0.00        4717.12    
  31       2019230      1        2        57876        0.39   6        0        16590       9646.00     0.00        9646.00    
  32       2022543      1        1        45666        0.30   3        0        16161       15222.00    0.00        15222.00   
  33       2016948      1        2        132540       0.88   9        0        16134       14726.67    0.00        14726.67   
  34       2018316      1        4        30045        0.20   2        0        16014       15022.50    0.00        15022.50   
  35       2019345      1        2        31263        0.21   2        0        15720       15631.50    0.00        15631.50   
  36       2018666      1        4        28353        0.19   2        0        14862       14176.50    0.00        14176.50   
  37       2020741      1        1        28221        0.19   2        0        14832       14110.50    0.00        14110.50   
  38       2020742      1        1        28098        0.19   2        0        14523       14049.00    0.00        14049.00   
  39       2018908      1        2        10659        0.07   1        0        10659       10659.00    0.00        10659.00   
  40       2018382      1        8        23127        0.15   6        0        5433        3854.50     0.00        3854.50    
  41       2018377      1        3        21945        0.15   6        0        4986        3657.50     0.00        3657.50    
  42       2103159      1        4        22128        0.15   6        0        4947        3688.00     0.00        3688.00    
  43       2011732      1        2        32799        0.22   10       0        4848        3279.90     0.00        3279.90    
  44       2103158      1        6        40749        0.27   12       0        4692        3395.75     0.00        3395.75    
  45       2022547      1        1        41097        0.27   12       0        4668        3424.75     0.00        3424.75    
  46       2018373      1        3        20088        0.13   6        0        4539        3348.00     0.00        3348.00    
  47       2023622      1        3        91215        0.61   33       0        4539        2764.09     0.00        2764.09    
  48       2100327      1        10       11388        0.08   3        0        4524        3796.00     0.00        3796.00    
  49       2102190      1        5        34056        0.23   10       0        4395        3405.60     0.00        3405.60    
  50       2010140      1        7        87156        0.58   30       0        4389        2905.20     0.00        2905.20    
  51       2024773      1        2        7704         0.05   2        0        4383        3852.00     0.00        3852.00    
  52       2020661      1        3        8382         0.06   2        0        4347        4191.00     0.00        4191.00    
  53       2017935      1        3        10551        0.07   3        0        4320        3517.00     0.00        3517.00    
  54       2100540      1        12       13404        0.09   4        0        4281        3351.00     0.00        3351.00    
  55       2103195      1        5        36609        0.24   11       0        4278        3328.09     0.00        3328.09    
  56       2024775      1        1        14769        0.10   4        0        4215        3692.25     0.00        3692.25    
  57       2020966      1        3        4194         0.03   1        0        4194        4194.00     0.00        4194.00    
  58       2023627      1        3        81558        0.54   30       0        4188        2718.60     0.00        2718.60    
  59       2006447      1        13       8154         0.05   2        0        4176        4077.00     0.00        4077.00    
  60       2009702      1        5        19242        0.13   6        0        4176        3207.00     0.00        3207.00    
  61       2008116      1        4        6825         0.05   2        0        4161        3412.50     0.00        3412.50    
  62       2008120      1        4        96297        0.64   33       0        4017        2918.09     0.00        2918.09    
  63       2009984      1        2        14445        0.10   4        0        4014        3611.25     0.00        3611.25    
  64       2021977      1        6        6897         0.05   2        0        3996        3448.50     0.00        3448.50    
  65       2012051      1        2        6615         0.04   2        0        3954        3307.50     0.00        3307.50    
  66       2024777      1        2        33249        0.22   10       0        3942        3324.90     0.00        3324.90    
  67       2010143      1        3        87708        0.59   30       0        3942        2923.60     0.00        2923.60    
  68       2009243      1        2        55821        0.37   19       0        3930        2937.95     0.00        2937.95    
  69       2012236      1        2        6807         0.05   2        0        3897        3403.50     0.00        3403.50    
  70       2009387      1        4        19995        0.13   6        0        3897        3332.50     0.00        3332.50    
  71       2021151      1        1        6558         0.04   2        0        3822        3279.00     0.00        3279.00    
  72       2024776      1        1        7605         0.05   2        0        3804        3802.50     0.00        3802.50    
  73       2017548      1        6        7080         0.05   2        0        3801        3540.00     0.00        3540.00    
  74       2100540      1        12       13260        0.09   4        0        3777        3315.00     0.00        3315.00    
  75       2008118      1        3        54810        0.37   19       0        3750        2884.74     0.00        2884.74    
  76       2102110      1        4        7119         0.05   2        0        3690        3559.50     0.00        3559.50    
  77       2020611      1        4        3648         0.02   1        0        3648        3648.00     0.00        3648.00    
  78       2102330      1        3        6792         0.05   2        0        3627        3396.00     0.00        3396.00    
  79       2023623      1        3        61446        0.41   23       0        3609        2671.57     0.00        2671.57    
  80       2008420      1        4        13362        0.09   4        0        3570        3340.50     0.00        3340.50    
  81       2101379      1        13       7089         0.05   2        0        3570        3544.50     0.00        3544.50    
  82       2015793      1        2        7032         0.05   2        0        3552        3516.00     0.00        3516.00    
  83       2008220      1        5        6267         0.04   2        0        3549        3133.50     0.00        3133.50    
  84       2023625      1        3        59052        0.39   22       0        3543        2684.18     0.00        2684.18    
  85       2023624      1        3        90120        0.60   33       0        3540        2730.91     0.00        2730.91    
  86       2018065      1        2        3492         0.02   1        0        3492        3492.00     0.00        3492.00    
  87       2100660      1        13       6858         0.05   2        0        3447        3429.00     0.00        3429.00    
  88       2103238      1        4        8868         0.06   3        0        3393        2956.00     0.00        2956.00    
  89       2102523      1        8        15660        0.10   5        0        3351        3132.00     0.00        3132.00    
  90       2023620      1        3        5958         0.04   2        0        3348        2979.00     0.00        2979.00    
  91       2023615      1        3        9162         0.06   3        0        3318        3054.00     0.00        3054.00    
  92       2019010      1        3        6057         0.04   2        0        3297        3028.50     0.00        3028.50    
  93       2023618      1        3        3264         0.02   1        0        3264        3264.00     0.00        3264.00    
  94       2019017      1        3        5892         0.04   2        0        3264        2946.00     0.00        2946.00    
  95       2023613      1        3        8820         0.06   3        0        3258        2940.00     0.00        2940.00    
  96       2019016      1        3        5889         0.04   2        0        3246        2944.50     0.00        2944.50    
  97       2023612      1        4        9237         0.06   3        0        3234        3079.00     0.00        3079.00    
  98       2023617      1        3        5994         0.04   2        0        3231        2997.00     0.00        2997.00    
  99       2102523      1        8        15027        0.10   5        0        3231        3005.40     0.00        3005.40    
  100      2101936      1        9        6258         0.04   2        0        3168        3129.00     0.00        3129.00    
  101      2021701      1        1        17940        0.12   6        0        3144        2990.00     0.00        2990.00    
  102      2021702      1        1        17352        0.12   6        0        3123        2892.00     0.00        2892.00    
  103      2008119      1        3        9036         0.06   3        0        3120        3012.00     0.00        3012.00    
  104      2100518      1        8        5778         0.04   2        0        3120        2889.00     0.00        2889.00    
  105      2008297      1        4        6123         0.04   2        0        3087        3061.50     0.00        3061.50    
  106      2024778      1        1        11748        0.08   4        0        3075        2937.00     0.00        2937.00    
  107      2019011      1        3        5775         0.04   2        0        3039        2887.50     0.00        2887.50    
  108      2023619      1        3        8508         0.06   3        0        2904        2836.00     0.00        2836.00    
  109      2013075      1        8        8454         0.06   3        0        2898        2818.00     0.00        2818.00    
  110      2023614      1        3        10911        0.07   4        0        2832        2727.75     0.00        2727.75    
  111      2021152      1        1        2796         0.02   1        0        2796        2796.00     0.00        2796.00    
  112      2014130      1        2        15918        0.11   6        0        2673        2653.00     0.00        2653.00    
  113      2023616      1        3        5226         0.03   2        0        2625        2613.00     0.00        2613.00    
  114      2023621      1        4        7824         0.05   3        0        2619        2608.00     0.00        2608.00    


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2018-04-11 15:48:50,641 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-04-11 15:48:52,262 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-04-11 15:48:52,266 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-04-11 15:48:52,267 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-04-11 15:48:52,267 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-04-11 15:48:52,268 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fbab2ae747e9739ee4a249a8c422457fd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/04112018.1548-merged.pcap -vvv -k none
2018-04-11 15:49:05,175 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-04-11 15:49:05,176 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 14.5600450039