|
30/3/2016 -- 19:47:45 - <Notice> - This is Suricata version 3.0 RELEASE
|
|
30/3/2016 -- 19:47:45 - <Info> - CPUs/cores online: 8
|
|
30/3/2016 -- 19:47:45 - <Info> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-ins
|
|
pect-window' set to 4053 after randomization.
|
|
30/3/2016 -- 19:47:45 - <Info> - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-i
|
|
nspect-window' set to 16872 after randomization.
|
|
30/3/2016 -- 19:47:45 - <Info> - DNS request flood protection level: 500
|
|
30/3/2016 -- 19:47:45 - <Info> - DNS per flow memcap (state-memcap): 524288
|
|
30/3/2016 -- 19:47:45 - <Info> - DNS global memcap: 16777216
|
|
30/3/2016 -- 19:47:45 - <Info> - Protocol detection and parser disabled for modbus protocol.
|
|
30/3/2016 -- 19:47:45 - <Info> - allocated 786432 bytes of memory for the defrag hash... 65536 buckets of size 12
|
|
30/3/2016 -- 19:47:45 - <Info> - preallocated 65535 defrag trackers of size 96
|
|
30/3/2016 -- 19:47:45 - <Info> - defrag memory usage: 7077792 bytes, maximum: 33554432
|
|
30/3/2016 -- 19:47:45 - <Info> - AutoFP mode using default "Active Packets" flow load balancer
|
|
30/3/2016 -- 19:47:45 - <Info> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
30/3/2016 -- 19:47:45 - <Info> - preallocated 1000 hosts of size 64
|
|
30/3/2016 -- 19:47:45 - <Info> - host memory usage: 326144 bytes, maximum: 16777216
|
|
30/3/2016 -- 19:47:45 - <Info> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
|
|
30/3/2016 -- 19:47:45 - <Info> - preallocated 10000 flows of size 188
|
|
30/3/2016 -- 19:47:45 - <Info> - flow memory usage: 6074304 bytes, maximum: 67108864
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "prealloc-sessions": 2048 (per thread)
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "memcap": 33554432
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "midstream" session pickups: disabled
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "async-oneside": disabled
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "checksum-validation": enabled
|
|
30/3/2016 -- 19:47:45 - <Info> - stream."inline": disabled
|
|
30/3/2016 -- 19:47:45 - <Info> - stream "max-synack-queued": 5
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "memcap": 134217728
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "depth": 1048576
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "toserver-chunk-size": 2469
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "toclient-chunk-size": 2649
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly.raw: enabled
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 4, prealloc 256
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 16, prealloc 512
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 112, prealloc 512
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 248, prealloc 512
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 512, prealloc 512
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 768, prealloc 1024
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 1448, prealloc 1024
|
|
30/3/2016 -- 19:47:45 - <Info> - segment pool: pktsize 65535, prealloc 128
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "chunk-prealloc": 250
|
|
30/3/2016 -- 19:47:45 - <Info> - stream.reassembly "zero-copy-size": 128
|
|
30/3/2016 -- 19:47:45 - <Info> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
|
|
30/3/2016 -- 19:47:45 - <Info> - preallocated 1000 ippairs of size 72
|
|
30/3/2016 -- 19:47:45 - <Info> - ippair memory usage: 334144 bytes, maximum: 16777216
|
|
30/3/2016 -- 19:47:45 - <Info> - using magic-file C:\Program Files (x86)\Suricata\magic.mgc
|
|
30/3/2016 -- 19:47:45 - <Info> - Delayed detect disabled
|
|
30/3/2016 -- 19:47:45 - <Info> - IP reputation disabled
|
|
****** RULE FILES LOADING ******
|
|
30/3/2016 -- 19:47:52 - <Info> - 49 rule files processed. 17819 rules successfully loaded, 0 rules failed
|
|
30/3/2016 -- 19:47:53 - <Info> - 17827 signatures processed. 1013 are IP-only rules, 6820 are inspecting packet payload, 132
|
|
43 inspect application layer, 99 are decoder event only
|
|
30/3/2016 -- 19:47:53 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
|
|
30/3/2016 -- 19:47:53 - <Info> - building signature grouping structure, stage 2: building source address list... complete
|
|
30/3/2016 -- 19:47:55 - <Info> - building signature grouping structure, stage 3: building destination address lists... compl
|
|
ete
|
|
30/3/2016 -- 19:47:57 - <Info> - Threshold config parsed: 0 rule(s) found
|
|
30/3/2016 -- 19:47:57 - <Info> - Core dump size is unlimited.
|
|
30/3/2016 -- 19:47:57 - <Info> - fast output device (regular) initialized: fast.log
|
|
30/3/2016 -- 19:47:57 - <Warning> - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/reco
|
|
mpile with libjansson and its development files installed to add eve-log support.
|
|
30/3/2016 -- 19:47:57 - <Info> - http-log output device (regular) initialized: http.log
|
|
30/3/2016 -- 19:47:57 - <Info> - stats output device (regular) initialized: stats.log
|
|
30/3/2016 -- 19:47:57 - <Info> - preallocated 1024 packets. Total memory 2861056
|
|
30/3/2016 -- 19:47:57 - <Info> - reading pcap file C:\Users\Administrator\Downloads\maccdc2012_00013.pcap
|
|
30/3/2016 -- 19:47:57 - <Info> - using 1 flow manager threads
|
|
30/3/2016 -- 19:47:57 - <Info> - preallocated 1024 packets. Total memory 2861056
|
|
30/3/2016 -- 19:47:57 - <Info> - using 1 flow recycler threads
|
|
30/3/2016 -- 19:47:57 - <Notice> - all 1 packet processing threads, 4 management threads initialized, engine started.
|
|
30/3/2016 -- 19:47:57 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
|
|
30/3/2016 -- 19:49:34 - <Info> - pcap file end of file reached (pcap err code 0)
|
|
30/3/2016 -- 19:49:34 - <Notice> - Signal Received. Stopping engine.
|
|
30/3/2016 -- 19:52:28 - <Info> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
|
|
30/3/2016 -- 19:52:28 - <Info> - preallocated 1024 packets. Total memory 2861056
|
|
30/3/2016 -- 19:52:28 - <Info> - time elapsed 271.217s
|
|
30/3/2016 -- 19:52:28 - <Info> - 1002314 flows processed
|
|
30/3/2016 -- 19:52:47 - <Notice> - Pcap-file module read 3190917 packets, 1022686575 bytes
|
|
30/3/2016 -- 19:52:47 - <Info> - Stream TCP processed 3056562 TCP packets
|
|
30/3/2016 -- 19:52:47 - <Info> - Fast log output wrote 1194 alerts
|
|
30/3/2016 -- 19:52:47 - <Info> - HTTP logger logged 2897 requests
|
|
30/3/2016 -- 19:53:05 - <Info> - ippair memory usage: 334144 bytes, maximum: 16777216
|
|
30/3/2016 -- 20:05:02 - <Info> - host memory usage: 326144 bytes, maximum: 16777216
|
|
30/3/2016 -- 20:05:02 - <Info> - cleaning up signature grouping structure... complete
|
|
|