|
20/2/2016 -- 17:49:34 - <Notice> - This is Suricata version 3.0 RELEASE
|
|
20/2/2016 -- 17:49:34 - <Info> - CPUs/cores online: 4
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for http protocol
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for tls protocol
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for smb protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for dcerpc protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for dcerpc protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Parsed disabled for ftp protocol. Protocol detectionstill on.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for smtp protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - DNS request flood protection level: 500
|
|
20/2/2016 -- 17:49:34 - <Info> - DNS per flow memcap (state-memcap): 524288
|
|
20/2/2016 -- 17:49:34 - <Info> - DNS global memcap: 16777216
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for dns protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for modbus protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for imap protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - Protocol detection and parser disabled for msn protocol.
|
|
20/2/2016 -- 17:49:34 - <Info> - allocated 14680064 bytes of memory for the defrag hash... 262144 buckets of size 56
|
|
20/2/2016 -- 17:49:34 - <Info> - preallocated 65535 defrag trackers of size 168
|
|
20/2/2016 -- 17:49:34 - <Info> - defrag memory usage: 25689944 bytes, maximum: 2147483648
|
|
20/2/2016 -- 17:49:34 - <Info> - AutoFP mode using "Active Packets" flow load balancer
|
|
20/2/2016 -- 17:49:34 - <Info> - Use pid file /var/run/suricata.pid from config file.
|
|
20/2/2016 -- 17:49:34 - <Info> - allocated 1048576 bytes of memory for the host hash... 16384 buckets of size 64
|
|
20/2/2016 -- 17:49:34 - <Info> - preallocated 8000 hosts of size 136
|
|
20/2/2016 -- 17:49:34 - <Info> - host memory usage: 2136576 bytes, maximum: 16777216
|
|
20/2/2016 -- 17:49:34 - <Info> - allocated 33554432 bytes of memory for the flow hash... 524288 buckets of size 64
|
|
20/2/2016 -- 17:49:34 - <Info> - preallocated 80000 flows of size 288
|
|
20/2/2016 -- 17:49:34 - <Info> - flow memory usage: 56594432 bytes, maximum: 268435456
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "prealloc-sessions": 262144 (per thread)
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "memcap": 402653184
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "midstream" session pickups: disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "async-oneside": disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "checksum-validation": disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - stream."inline": disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - stream "max-synack-queued": 5
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "memcap": 67108864
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "depth": 1048576
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "toserver-chunk-size": 2669
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "toclient-chunk-size": 2484
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly.raw: enabled
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 112, prealloc 4096
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 248, prealloc 2048
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 512, prealloc 2048
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 768, prealloc 4096
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 1448, prealloc 4096
|
|
20/2/2016 -- 17:49:34 - <Info> - segment pool: pktsize 65535, prealloc 512
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "chunk-prealloc": 250
|
|
20/2/2016 -- 17:49:34 - <Info> - stream.reassembly "zero-copy-size": 128
|
|
20/2/2016 -- 17:49:34 - <Info> - allocated 2097152 bytes of memory for the ippair hash... 32768 buckets of size 64
|
|
20/2/2016 -- 17:49:34 - <Info> - preallocated 16000 ippairs of size 136
|
|
20/2/2016 -- 17:49:34 - <Info> - ippair memory usage: 4273152 bytes, maximum: 16777216
|
|
20/2/2016 -- 17:49:34 - <Info> - using magic-file /usr/share/file/magic
|
|
20/2/2016 -- 17:49:34 - <Info> - Delayed detect disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - IP reputation disabled
|
|
20/2/2016 -- 17:49:34 - <Info> - Loading rule file: /etc/suricata/rules/react.rules
|
|
20/2/2016 -- 17:49:34 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "reject tcp-pkt any any -> 143.95.87.72 2509 (msg:"URL http://svetoch.org:2509 from minust"; content:"svetoch.org"; nocase; offset:21; content:"";nocase;offset:3; sid:909450; rev:1;)" from file /etc/suricata/rules/react.rules at line 8954
|
|
20/2/2016 -- 17:49:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "reject tcp-pkt any any -> 77.232.66.93 2364 (msg:"URL http://antiempire.marsho.net:2364 from minust"; content:"antiempire.marsho.net"; nocase; offset:21; content:"";nocase;offset:3; sid:910486; rev:1;)" from file /etc/suricata/rules/react.rules at line 9964
|
|
20/2/2016 -- 17:49:35 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "reject tcp-pkt any any -> 88.212.205.238 2503 (msg:"URL http://dezinfo.net:2503 from minust"; content:"dezinfo.net"; nocase; offset:21; content:"";nocase;offset:3; sid:911813; rev:1;)" from file /etc/suricata/rules/react.rules at line 11252
|
|
20/2/2016 -- 17:49:35 - <Info> - Loading rule file: /etc/suricata/rules/react-https.rules
|
|
20/2/2016 -- 17:49:35 - <Info> - 2 rule files processed. 11657 rules successfully loaded, 3 rules failed
|
|
20/2/2016 -- 17:49:35 - <Info> - 11657 signatures processed. 0 are IP-only rules, 11657 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only
|
|
20/2/2016 -- 17:49:35 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
|
|
20/2/2016 -- 17:49:35 - <Info> - building signature grouping structure, stage 2: building source address list... complete
|
|
20/2/2016 -- 17:49:39 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
|
|
20/2/2016 -- 17:49:41 - <Info> - Threshold config parsed: 0 rule(s) found
|
|
20/2/2016 -- 17:49:41 - <Info> - Core dump size set to unlimited.
|
|
20/2/2016 -- 17:49:41 - <Info> - fast output device (regular) initialized: fast.log
|
|
20/2/2016 -- 17:49:41 - <Info> - stats output device (regular) initialized: stats.log
|
|
20/2/2016 -- 17:49:41 - <Info> - Found 4 RX RSS queues for 'eth1'
|
|
20/2/2016 -- 17:49:41 - <Info> - Using 4 threads for interface eth1
|
|
20/2/2016 -- 17:49:41 - <Info> - Going to use 4 ReceiveNetmap receive thread(s)
|
|
20/2/2016 -- 17:49:41 - <Info> - preallocated 2048 packets. Total memory 7204864
|
|
20/2/2016 -- 17:49:41 - <Info> - NIC offloading on eth1: GRO: unset, LRO: unset
|
|
20/2/2016 -- 17:49:41 - <Info> - preallocated 2048 packets. Total memory 7204864
|
|
20/2/2016 -- 17:49:41 - <Info> - NIC offloading on eth1: GRO: unset, LRO: unset
|
|
20/2/2016 -- 17:49:41 - <Info> - preallocated 2048 packets. Total memory 7204864
|
|
20/2/2016 -- 17:49:41 - <Info> - NIC offloading on eth1: GRO: unset, LRO: unset
|
|
20/2/2016 -- 17:49:41 - <Info> - preallocated 2048 packets. Total memory 7204864
|
|
20/2/2016 -- 17:49:41 - <Info> - NIC offloading on eth1: GRO: unset, LRO: unset
|
|
20/2/2016 -- 17:49:41 - <Info> - RunModeIdsNetmapAutoFp initialised
|
|
20/2/2016 -- 17:49:41 - <Info> - using 1 flow manager threads
|
|
20/2/2016 -- 17:49:41 - <Info> - preallocated 2048 packets. Total memory 7204864
|
|
20/2/2016 -- 17:49:41 - <Info> - using 1 flow recycler threads
|
|
20/2/2016 -- 17:49:41 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started.
|
|
20/2/2016 -- 18:43:52 - <Notice> - Signal Received. Stopping engine.
|
