|
Mar 25 11:16:22 10.0.0.151 kernel: [SysLog]: [Site allowed: github.com] from source 10.0.0.209,
|
|
Mar 25 11:16:22 10.0.0.151 kernel: [SysLog]: [Site allowed: aps.amap.com] from source 10.0.0.209,
|
|
Mar 25 11:16:24 10.0.0.151 kernel: [SysLog]: [Site allowed: offshoregit.com] from source 10.0.0.209,
|
|
Mar 25 11:16:24 10.0.0.151 kernel: [SysLog]: [Site allowed: github.com] from source 10.0.0.209,
|
|
Mar 25 11:16:25 10.0.0.151 kernel: [SysLog]: [Site allowed: iwillfolo.com] from source 10.0.0.209,
|
|
Mar 25 11:16:25 10.0.0.151 kernel: [SysLog]: [Site allowed: raw.github.com] from source 10.0.0.209,
|
|
Mar 25 11:16:26 10.0.0.151 kernel: [SysLog]: [Site allowed: istreamrepo.me] from source 10.0.0.209,
|
|
Mar 25 11:16:27 10.0.0.151 kernel: [SysLog]: [Site allowed: raw.githubusercontent.com] from source 10.0.0.209,
|
|
Mar 25 11:16:27 10.0.0.151 kernel: [SysLog]: [Site allowed: aps.amap.com] from source 10.0.0.209,
|
|
Mar 25 11:17:01 SELKS CRON[30800]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
|
|
Mar 25 11:17:35 10.0.0.151 kernel: [SysLog]: [Site allowed: oracle.112.2o7.net] from source 10.0.0.9,
|
|
Mar 25 11:17:38 10.0.0.151 kernel: [SysLog]: [Site allowed: javadl.oracle.com] from source 10.0.0.9,
|
|
Mar 25 11:17:38 SELKS kernel: [61860.202241] AFPacketeth24[30767]: segfault at 2 ip 00007ff353084a6c sp 00007ff3397ef260 error 4
|
|
Mar 25 11:17:38 SELKS kernel: [61860.601737] device eth1 left promiscuous mode
|
|
Mar 25 11:17:39 SELKS kernel: [61861.007224] device eth2 left promiscuous mode
|
|
|
|
root@SELKS:/etc/suricata/rules# suricata --build-info
|
|
This is Suricata version 3.0 RELEASE
|
|
Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS
|
|
SIMD support: none
|
|
Atomic intrisics: 1 2 4 8 byte(s)
|
|
64-bits, Little-endian architecture
|
|
GCC version 4.9.2, C version 199901
|
|
compiled with _FORTIFY_SOURCE=2
|
|
L1 cache line size (CLS)=64
|
|
thread local storage method: __thread
|
|
compiled with LibHTP v0.5.18, linked against LibHTP v0.5.18
|
|
|
|
Suricata Configuration:
|
|
AF_PACKET support: yes
|
|
PF_RING support: no
|
|
NFQueue support: yes
|
|
NFLOG support: no
|
|
IPFW support: no
|
|
Netmap support: no
|
|
DAG enabled: no
|
|
Napatech enabled: no
|
|
|
|
Unix socket enabled: yes
|
|
Detection enabled: yes
|
|
|
|
libnss support: yes
|
|
libnspr support: yes
|
|
libjansson support: yes
|
|
hiredis support: no
|
|
Prelude support: no
|
|
PCRE jit: yes
|
|
LUA support: yes, through luajit
|
|
libluajit: yes
|
|
libgeoip: yes
|
|
Non-bundled htp: yes
|
|
Old barnyard2 support: no
|
|
CUDA enabled: no
|
|
|
|
Suricatasc install: yes
|
|
|
|
Unit tests enabled: no
|
|
Debug output enabled: no
|
|
Debug validation enabled: no
|
|
Profiling enabled: no
|
|
Profiling locks enabled: no
|
|
Coccinelle / spatch: no
|
|
|
|
Generic build parameters:
|
|
Installation prefix: /usr
|
|
Configuration directory: /etc/suricata/
|
|
Log directory: /var/log/suricata/
|
|
|
|
--prefix /usr
|
|
--sysconfdir /etc
|
|
--localstatedir /var
|
|
|
|
Host: x86_64-pc-linux-gnu
|
|
Compiler: gcc (exec name) / gcc (real)
|
|
GCC Protect enabled: yes
|
|
GCC march native enabled: no
|
|
GCC Profile enabled: no
|
|
Position Independent Executable enabled: yes
|
|
CFLAGS -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
|
|
PCAP_CFLAGS -I/usr/include
|
|
SECCFLAGS -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
|
|
|
|
root@SELKS:/etc/suricata/rules# uname -a
|
|
Linux SELKS 3.18.11-stamus #1 SMP Sun Apr 12 05:32:17 EDT 2015 x86_64 GNU/Linux
|
|
|
|
|
|
ii logstash 1:1.5.6-1 all An extensible logging pipeline
|
|
ii suricata 3.0-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system.
|
|
ii elasticsearch 1.7.5 all Open Source, Distributed, RESTful Search Engine
|
|
ii selks-scripts-stamus 2015101901 amd64 SELKS Scritps by StamusN.
|
|
|
