Project

General

Profile

Download (28.8 KB)

Bug #1806 » startup-3.0.log

Suricata 3.0 startup - Chris Beverly, 06/13/2016 11:00 AM

 
{"log":"Starting suri-graphite-stats script in background...\n","stream":"stdout","time":"2016-06-13T15:52:50.748905423Z"}
{"log":" GRAPHITE_HOST=gen1.graphs.test.int.godaddy.com\n","stream":"stdout","time":"2016-06-13T15:52:50.748986118Z"}
{"log":" GRAPHITE_PORT=2003\n","stream":"stdout","time":"2016-06-13T15:52:50.749000129Z"}
{"log":" GRAPHITE_DELAY=30\n","stream":"stdout","time":"2016-06-13T15:52:50.749005416Z"}
{"log":" GRAPHITE_PREFIX=security.ids\n","stream":"stdout","time":"2016-06-13T15:52:50.749010127Z"}
{"log":" GRAPHITE_NODEID=p3pltestids002\n","stream":"stdout","time":"2016-06-13T15:52:50.749014723Z"}
{"log":" GRAPHITE_POSTFIX=suricata.stats.iface\n","stream":"stdout","time":"2016-06-13T15:52:50.749019406Z"}
{"log":" GRAPHITE_VERBOSE=\n","stream":"stdout","time":"2016-06-13T15:52:50.749024128Z"}
{"log":" SURICATASC_SOCKET=/var/run/suricata/suricata-command.socket\n","stream":"stdout","time":"2016-06-13T15:52:50.749028853Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Including configuration file /etc/suricata/rules/rule-files.yaml at parent node rule-files.\n","stream":"stdout","time":"2016-06-13T15:52:50.770072623Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Including configuration file /etc/suricata/rules/vars.yaml at parent node vars.\n","stream":"stdout","time":"2016-06-13T15:52:50.770757001Z"}
{"log":"Warning: Invalid/No global_log_level assigned by user. Falling back on the default_log_level \"Info\"\n","stream":"stdout","time":"2016-06-13T15:52:50.77162469Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cNotice\u003e - This is Suricata version 3.0 RELEASE\n","stream":"stdout","time":"2016-06-13T15:52:50.771667692Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - CPUs/cores online: 8\n","stream":"stdout","time":"2016-06-13T15:52:50.77167523Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Adding interface bond1 from config file\n","stream":"stdout","time":"2016-06-13T15:52:50.771680683Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.\n","stream":"stdout","time":"2016-06-13T15:52:50.773505066Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization.\n","stream":"stdout","time":"2016-06-13T15:52:50.773548803Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - DNS request flood protection level: 500\n","stream":"stdout","time":"2016-06-13T15:52:50.77429131Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - DNS per flow memcap (state-memcap): 524288\n","stream":"stdout","time":"2016-06-13T15:52:50.774326819Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - DNS global memcap: 16777216\n","stream":"stdout","time":"2016-06-13T15:52:50.774333534Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Modbus request flood protection level: 500\n","stream":"stdout","time":"2016-06-13T15:52:50.774338818Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56\n","stream":"stdout","time":"2016-06-13T15:52:50.780340313Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - preallocated 65535 defrag trackers of size 168\n","stream":"stdout","time":"2016-06-13T15:52:50.790208352Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - defrag memory usage: 14679896 bytes, maximum: 536870912\n","stream":"stdout","time":"2016-06-13T15:52:50.790270546Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - AutoFP mode using \"Active Packets\" flow load balancer\n","stream":"stdout","time":"2016-06-13T15:52:50.791716107Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - allocated 517888 bytes of memory for the host hash... 8092 buckets of size 64\n","stream":"stdout","time":"2016-06-13T15:52:50.83769602Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - preallocated 8092 hosts of size 136\n","stream":"stdout","time":"2016-06-13T15:52:50.839082766Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - host memory usage: 1618400 bytes, maximum: 1073741824\n","stream":"stdout","time":"2016-06-13T15:52:50.839151637Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:52:50.84028724Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64\n","stream":"stdout","time":"2016-06-13T15:52:50.841839362Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - preallocated 10000 flows of size 288\n","stream":"stdout","time":"2016-06-13T15:52:50.843610917Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - flow memory usage: 7074304 bytes, maximum: 536870912\n","stream":"stdout","time":"2016-06-13T15:52:50.843660006Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"prealloc-sessions\": 1000000 (per thread)\n","stream":"stdout","time":"2016-06-13T15:52:50.84370644Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"memcap\": 2147483648\n","stream":"stdout","time":"2016-06-13T15:52:50.843724253Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"midstream\" session pickups: disabled\n","stream":"stdout","time":"2016-06-13T15:52:50.843739022Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"async-oneside\": enabled\n","stream":"stdout","time":"2016-06-13T15:52:50.843769617Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"checksum-validation\": disabled\n","stream":"stdout","time":"2016-06-13T15:52:50.843775176Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.\"inline\": disabled\n","stream":"stdout","time":"2016-06-13T15:52:50.843780503Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream \"max-synack-queued\": 5\n","stream":"stdout","time":"2016-06-13T15:52:50.843785708Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"memcap\": 4294967296\n","stream":"stdout","time":"2016-06-13T15:52:50.843790947Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"depth\": 1048576\n","stream":"stdout","time":"2016-06-13T15:52:50.843796133Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"toserver-chunk-size\": 2468\n","stream":"stdout","time":"2016-06-13T15:52:50.84380128Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"toclient-chunk-size\": 2653\n","stream":"stdout","time":"2016-06-13T15:52:50.843806496Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly.raw: enabled\n","stream":"stdout","time":"2016-06-13T15:52:50.843811732Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 4, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.843989169Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 16, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.844414642Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 112, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.845085579Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 248, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.845287508Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 512, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.845307107Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 768, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.846381098Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 1448, prealloc 50000\n","stream":"stdout","time":"2016-06-13T15:52:50.872068875Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - segment pool: pktsize 65535, prealloc 1024\n","stream":"stdout","time":"2016-06-13T15:52:50.880796069Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"chunk-prealloc\": 9573\n","stream":"stdout","time":"2016-06-13T15:52:50.880989368Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - stream.reassembly \"zero-copy-size\": 128\n","stream":"stdout","time":"2016-06-13T15:52:50.910472221Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64\n","stream":"stdout","time":"2016-06-13T15:52:50.910561555Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - preallocated 1000 ippairs of size 136\n","stream":"stdout","time":"2016-06-13T15:52:50.910571747Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - ippair memory usage: 398144 bytes, maximum: 16777216\n","stream":"stdout","time":"2016-06-13T15:52:50.91057796Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - using magic-file /usr/share/file/magic\n","stream":"stdout","time":"2016-06-13T15:52:50.910583227Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Delayed detect disabled\n","stream":"stdout","time":"2016-06-13T15:52:50.921934297Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - IP reputation disabled\n","stream":"stdout","time":"2016-06-13T15:52:50.922141236Z"}
{"log":"13/6/2016 -- 15:52:50 - \u003cInfo\u003e - Loading rule file: /etc/suricata/rules/automit.rules\n","stream":"stdout","time":"2016-06-13T15:52:50.922409078Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - Loading rule file: /etc/suricata/rules/global-csirt.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.707443306Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - Loading rule file: /etc/suricata/rules/global-threat.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.70890401Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cWarning\u003e - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/global-threat.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.708933878Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - Loading rule file: /etc/suricata/profile-rules/csirt.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.708946428Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - Loading rule file: /etc/suricata/profile-rules/threat.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.711189722Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cWarning\u003e - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/profile-rules/threat.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.711217673Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cWarning\u003e - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/profile-rules/dcu.rules\n","stream":"stdout","time":"2016-06-13T15:52:53.711230619Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - 6 rule files processed. 149 rules successfully loaded, 0 rules failed\n","stream":"stdout","time":"2016-06-13T15:52:53.711238311Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - 149 signatures processed. 0 are IP-only rules, 2 are inspecting packet payload, 0 inspect application layer, 0 are decoder event only\n","stream":"stdout","time":"2016-06-13T15:52:53.711753116Z"}
{"log":"13/6/2016 -- 15:52:53 - \u003cInfo\u003e - building signature grouping structure, stage 1: preprocessing rules... complete\n","stream":"stdout","time":"2016-06-13T15:52:53.711772974Z"}
{"log":"13/6/2016 -- 15:52:54 - \u003cInfo\u003e - building signature grouping structure, stage 2: building source address list... complete\n","stream":"stdout","time":"2016-06-13T15:52:54.135290318Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:52:55.841652068Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:00.843179055Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:05.845030676Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:10.845988148Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:15.846474454Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:20.847740424Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:25.847986985Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:30.849252859Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:35.850609989Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:40.855077811Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:45.855704796Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:50.856421881Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:53:55.857165069Z"}
{"log":"[suri-graphite-stats:65] [Errno 2] No such file or directory\n","stream":"stderr","time":"2016-06-13T15:54:00.857694746Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - building signature grouping structure, stage 3: building destination address lists... complete\n","stream":"stdout","time":"2016-06-13T15:54:03.705651187Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Threshold config parsed: 0 rule(s) found\n","stream":"stdout","time":"2016-06-13T15:54:03.705880995Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Core dump size is unlimited.\n","stream":"stdout","time":"2016-06-13T15:54:03.705906252Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - dropped the caps for main thread\n","stream":"stdout","time":"2016-06-13T15:54:03.70636531Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - fast output device (regular) initialized: fast.log\n","stream":"stdout","time":"2016-06-13T15:54:03.70639329Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - enabling 'eve-log' module 'alert'\n","stream":"stdout","time":"2016-06-13T15:54:03.70645993Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - stats output device (regular) initialized: stats.log\n","stream":"stdout","time":"2016-06-13T15:54:03.706506425Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Syslog output initialized\n","stream":"stdout","time":"2016-06-13T15:54:03.706537417Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"management-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706615042Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using default prio 'low'\n","stream":"stdout","time":"2016-06-13T15:54:03.706692932Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"receive-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706702515Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"decode-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706708476Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"stream-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706714157Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"detect-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706719678Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using default prio 'high'\n","stream":"stdout","time":"2016-06-13T15:54:03.706725176Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"verdict-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706730481Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using default prio 'high'\n","stream":"stdout","time":"2016-06-13T15:54:03.706736056Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"reject-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706744083Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using default prio 'low'\n","stream":"stdout","time":"2016-06-13T15:54:03.706749779Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Found affinity definition for \"output-cpu-set\"\n","stream":"stdout","time":"2016-06-13T15:54:03.706754884Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using default prio 'medium'\n","stream":"stdout","time":"2016-06-13T15:54:03.706779994Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Enabling mmaped capture on iface bond1\n","stream":"stdout","time":"2016-06-13T15:54:03.706786156Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using flow cluster mode for AF_PACKET (iface bond1)\n","stream":"stdout","time":"2016-06-13T15:54:03.706791448Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Using defrag kernel functionality for AF_PACKET (iface bond1)\n","stream":"stdout","time":"2016-06-13T15:54:03.706842004Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - NIC offloading on bond1: GRO: unset, LRO: unset\n","stream":"stdout","time":"2016-06-13T15:54:03.706857655Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - bond1: enabling zero copy mode\n","stream":"stdout","time":"2016-06-13T15:54:03.706864291Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - bond1: enabling zero copy mode by using data release call\n","stream":"stdout","time":"2016-06-13T15:54:03.706869631Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Going to use 8 thread(s)\n","stream":"stdout","time":"2016-06-13T15:54:03.706874897Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Setting affinity on CPU 0\n","stream":"stdout","time":"2016-06-13T15:54:03.708108981Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond11\" Module to cpu/core 0, thread id 11\n","stream":"stdout","time":"2016-06-13T15:54:03.70815761Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond11: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:03.708138269Z"}
{"log":"13/6/2016 -- 15:54:03 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:03.717987489Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 1\n","stream":"stdout","time":"2016-06-13T15:54:04.045084883Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond12\" Module to cpu/core 1, thread id 12\n","stream":"stdout","time":"2016-06-13T15:54:04.045148221Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond12: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.045156913Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.050069061Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 2\n","stream":"stdout","time":"2016-06-13T15:54:04.229245151Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond13\" Module to cpu/core 2, thread id 13\n","stream":"stdout","time":"2016-06-13T15:54:04.229369497Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond13: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.229369427Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.235217087Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond14: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.41537105Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 3\n","stream":"stdout","time":"2016-06-13T15:54:04.415373561Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond14\" Module to cpu/core 3, thread id 14\n","stream":"stdout","time":"2016-06-13T15:54:04.415428688Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.420089222Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 4\n","stream":"stdout","time":"2016-06-13T15:54:04.600040094Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond15\" Module to cpu/core 4, thread id 15\n","stream":"stdout","time":"2016-06-13T15:54:04.60016026Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond15: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.600167561Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.605548668Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond16: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.786338059Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 5\n","stream":"stdout","time":"2016-06-13T15:54:04.786452167Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond16\" Module to cpu/core 5, thread id 16\n","stream":"stdout","time":"2016-06-13T15:54:04.786485719Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.791894045Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting affinity on CPU 6\n","stream":"stdout","time":"2016-06-13T15:54:04.971821492Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond17\" Module to cpu/core 6, thread id 17\n","stream":"stdout","time":"2016-06-13T15:54:04.971999008Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond17: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:04.971906728Z"}
{"log":"13/6/2016 -- 15:54:04 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:04.977333119Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting affinity on CPU 7\n","stream":"stdout","time":"2016-06-13T15:54:05.160519427Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio -2 for \"AFPacketbond18\" Module to cpu/core 7, thread id 18\n","stream":"stdout","time":"2016-06-13T15:54:05.160544757Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cError\u003e - [ERRCODE: SC_ERR_THREAD_NICE_PRIO(47)] - Error setting nice value for thread AFPacketbond18: Operation not permitted\n","stream":"stderr","time":"2016-06-13T15:54:05.160552869Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:05.166082945Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio 2 for \"UnixManagerThread\" thread , thread id 19\n","stream":"stdout","time":"2016-06-13T15:54:05.346389979Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Using unix socket file '/var/run/suricata//suricata-command.socket'\n","stream":"stdout","time":"2016-06-13T15:54:05.346589979Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - using 1 flow manager threads\n","stream":"stdout","time":"2016-06-13T15:54:05.346687006Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio 2 for \"FlowManagerThread\" thread , thread id 20\n","stream":"stdout","time":"2016-06-13T15:54:05.347882171Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - preallocated 4096 packets. Total memory 14393344\n","stream":"stdout","time":"2016-06-13T15:54:05.352884868Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - using 1 flow recycler threads\n","stream":"stdout","time":"2016-06-13T15:54:05.353119497Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio 2 for \"FlowRecyclerThread\" thread , thread id 21\n","stream":"stdout","time":"2016-06-13T15:54:05.354653639Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio 2 for \"StatsWakeupThread\" thread , thread id 22\n","stream":"stdout","time":"2016-06-13T15:54:05.356592428Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting prio 2 for \"StatsMgmtThread\" thread , thread id 23\n","stream":"stdout","time":"2016-06-13T15:54:05.357944346Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cNotice\u003e - all 8 packet processing threads, 4 management threads initialized, engine started.\n","stream":"stdout","time":"2016-06-13T15:54:05.358077579Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:05.422128011Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:05.477398945Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:05.680747448Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:05.687295728Z"}
{"log":"13/6/2016 -- 15:54:05 - \u003cInfo\u003e - Unix socket: client version: \"0.1\"\n","stream":"stdout","time":"2016-06-13T15:54:05.86282836Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:06.020794426Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:06.111502178Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:06.515802855Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:06.530806995Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:06.837978119Z"}
{"log":"13/6/2016 -- 15:54:06 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:06.885643688Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:07.122617339Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:07.173433911Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:07.434657579Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:07.506176377Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - Setting AF_PACKET socket buffer to 32768\n","stream":"stdout","time":"2016-06-13T15:54:07.844164057Z"}
{"log":"13/6/2016 -- 15:54:07 - \u003cInfo\u003e - AF_PACKET RX Ring params: block_size=32768 block_nr=15001 frame_size=1584 frame_nr=300020\n","stream":"stdout","time":"2016-06-13T15:54:07.910912183Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - All AFP capture threads are running.\n","stream":"stdout","time":"2016-06-13T15:54:08.126137942Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond15\n","stream":"stdout","time":"2016-06-13T15:54:08.126262906Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond11\n","stream":"stdout","time":"2016-06-13T15:54:08.126272632Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond16\n","stream":"stdout","time":"2016-06-13T15:54:08.126365715Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond17\n","stream":"stdout","time":"2016-06-13T15:54:08.127089124Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond18\n","stream":"stdout","time":"2016-06-13T15:54:08.138714626Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond14\n","stream":"stdout","time":"2016-06-13T15:54:08.153104739Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond12\n","stream":"stdout","time":"2016-06-13T15:54:08.212193796Z"}
{"log":"13/6/2016 -- 15:54:08 - \u003cInfo\u003e - Starting to read on AFPacketbond13\n","stream":"stdout","time":"2016-06-13T15:54:08.766396101Z"}
(2-2/3)