|
[root@suricata ~]# suricata -c /etc/suricata/suricata.yaml -s /var/data/sahil/md5.rules --af-packet=ens160 -vvvv
|
|
Initialization syslog logging with format "[%i] <%d> -- ".
|
|
27/6/2016 -- 10:04:34 - <Notice> - This is Suricata version 3.1 RELEASE
|
|
27/6/2016 -- 10:04:34 - <Info> - CPUs/cores online: 8
|
|
27/6/2016 -- 10:04:34 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
|
|
27/6/2016 -- 10:04:34 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization.
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization.
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization.
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization.
|
|
27/6/2016 -- 10:04:34 - <Config> - DNS request flood protection level: 500
|
|
27/6/2016 -- 10:04:34 - <Config> - DNS per flow memcap (state-memcap): 524288
|
|
27/6/2016 -- 10:04:34 - <Config> - DNS global memcap: 16777216
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- DNS request flood protection level: 500
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- DNS per flow memcap (state-memcap): 524288
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- DNS request flood protection level: 500
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- DNS global memcap: 16777216
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- DNS per flow memcap (state-memcap): 524288
|
|
27/6/2016 -- 10:04:34 - <Config> - Protocol detection and parser disabled for modbus protocol.
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- DNS global memcap: 16777216
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- Protocol detection and parser disabled for modbus protocol.
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:34 ...
|
|
suricata:[16650] <Config> -- Protocol detection and parser disabled for modbus protocol.
|
|
27/6/2016 -- 10:04:34 - <Info> - Found an MTU of 1500 for 'ens160'
|
|
27/6/2016 -- 10:04:35 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:35 ...
|
|
suricata:[16650] <Config> -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
|
|
27/6/2016 -- 10:04:35 - <Config> - preallocated 65535 defrag trackers of size 168
|
|
27/6/2016 -- 10:04:35 - <Config> - defrag memory usage: 14679896 bytes, maximum: 4294967296
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- preallocated 65535 defrag trackers of size 168
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- defrag memory usage: 14679896 bytes, maximum: 4294967296
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:35 ...
|
|
suricata:[16650] <Config> -- preallocated 65535 defrag trackers of size 168
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:35 ...
|
|
suricata:[16650] <Config> -- defrag memory usage: 14679896 bytes, maximum: 4294967296
|
|
27/6/2016 -- 10:04:36 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
27/6/2016 -- 10:04:36 - <Config> - preallocated 1000 hosts of size 136
|
|
27/6/2016 -- 10:04:36 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
|
|
27/6/2016 -- 10:04:36 - <Config> - using magic-file /usr/share/file/magic
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- preallocated 1000 hosts of size 136
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:36 ...
|
|
suricata:[16650] <Config> -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- host memory usage: 398144 bytes, maximum: 16777216
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:36 ...
|
|
suricata:[16650] <Config> -- preallocated 1000 hosts of size 136
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- using magic-file /usr/share/file/magic
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:36 ...
|
|
suricata:[16650] <Config> -- host memory usage: 398144 bytes, maximum: 16777216
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:36 ...
|
|
suricata:[16650] <Config> -- using magic-file /usr/share/file/magic
|
|
27/6/2016 -- 10:04:37 - <Config> - Core dump size set to unlimited.
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:37 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- Core dump size set to unlimited.
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:37 ...
|
|
suricata:[16650] <Config> -- Core dump size set to unlimited.
|
|
27/6/2016 -- 10:04:38 - <Config> - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64
|
|
27/6/2016 -- 10:04:38 - <Config> - preallocated 10000 flows of size 296
|
|
27/6/2016 -- 10:04:38 - <Config> - flow memory usage: 7154304 bytes, maximum: 67108864
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- preallocated 10000 flows of size 296
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- flow memory usage: 7154304 bytes, maximum: 67108864
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- preallocated 10000 flows of size 296
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- flow memory usage: 7154304 bytes, maximum: 67108864
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "prealloc-sessions": 2048 (per thread)
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "prealloc-sessions": 2048 (per thread)
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "memcap": 1073741824
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "midstream" session pickups: disabled
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "async-oneside": disabled
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "checksum-validation": enabled
|
|
27/6/2016 -- 10:04:38 - <Config> - stream."inline": disabled
|
|
27/6/2016 -- 10:04:38 - <Config> - stream "max-synack-queued": 5
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "memcap": 1073741824
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "depth": 0
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "toserver-chunk-size": 2469
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "toclient-chunk-size": 2580
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly.raw: enabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "memcap": 1073741824
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "prealloc-sessions": 2048 (per thread)
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "midstream" session pickups: disabled
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "memcap": 1073741824
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "async-oneside": disabled
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "midstream" session pickups: disabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "checksum-validation": enabled
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "async-oneside": disabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream."inline": disabled
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "checksum-validation": enabled
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 4, prealloc 256
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 16, prealloc 512
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 112, prealloc 512
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 248, prealloc 512
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream "max-synack-queued": 5
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream."inline": disabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "memcap": 1073741824
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "depth": 0
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "toserver-chunk-size": 2469
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream "max-synack-queued": 5
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "toclient-chunk-size": 2580
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "memcap": 1073741824
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "depth": 0
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly.raw: enabled
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 512, prealloc 512
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "toserver-chunk-size": 2469
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "toclient-chunk-size": 2580
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 4, prealloc 256
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly.raw: enabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 16, prealloc 512
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 112, prealloc 512
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 248, prealloc 512
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 512, prealloc 512
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 768, prealloc 1024
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 4, prealloc 256
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 16, prealloc 512
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 768, prealloc 1024
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 112, prealloc 512
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 248, prealloc 512
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 512, prealloc 512
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 768, prealloc 1024
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 1448, prealloc 1024
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 1448, prealloc 1024
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - segment pool: pktsize 65535, prealloc 128
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "chunk-prealloc": 250
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- segment pool: pktsize 65535, prealloc 128
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 1448, prealloc 1024
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "chunk-prealloc": 250
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- segment pool: pktsize 65535, prealloc 128
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "chunk-prealloc": 250
|
|
27/6/2016 -- 10:04:38 - <Config> - stream.reassembly "zero-copy-size": 128
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- stream.reassembly "zero-copy-size": 128
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- stream.reassembly "zero-copy-size": 128
|
|
27/6/2016 -- 10:04:38 - <Config> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
|
|
27/6/2016 -- 10:04:38 - <Config> - preallocated 1000 ippairs of size 136
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - ippair memory usage: 398144 bytes, maximum: 16777216
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- preallocated 1000 ippairs of size 136
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- ippair memory usage: 398144 bytes, maximum: 16777216
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - Delayed detect disabled
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- preallocated 1000 ippairs of size 136
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- Delayed detect disabled
|
|
|
|
27/6/2016 -- 10:04:38 - <Config> - pattern matchers: MPM: ac, SPM: bm
|
|
27/6/2016 -- 10:04:38 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
|
|
27/6/2016 -- 10:04:38 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- pattern matchers: MPM: ac, SPM: bm
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- Delayed detect disabled
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- pattern matchers: MPM: ac, SPM: bm
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- grouping: udp-whitelist (default) 53, 135, 5060
|
|
|
|
27/6/2016 -- 10:04:38 - <Info> - Loading reputation file: /etc/suricata/iprep/badhosts.list
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:38 ...
|
|
suricata:[16650] <Config> -- grouping: udp-whitelist (default) 53, 135, 5060
|
|
27/6/2016 -- 10:04:39 - <Perf> - host memory usage: 13307672 bytes, maximum: 16777216
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:39 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- host memory usage: 13307672 bytes, maximum: 16777216
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:04:39 ...
|
|
suricata:[16650] <Perf> -- host memory usage: 13307672 bytes, maximum: 16777216
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/botcc.rules
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/ciarmy.rules
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/compromised.rules
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/drop.rules
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/dshield.rules
|
|
27/6/2016 -- 10:04:39 - <Info> - Loading rule file: /etc/suricata/rules/emerging-activex.rules
|
|
27/6/2016 -- 10:04:40 - <Info> - Loading rule file: /etc/suricata/rules/emerging-attack_response.rules
|
|
27/6/2016 -- 10:04:40 - <Info> - Loading rule file: /etc/suricata/rules/emerging-chat.rules
|
|
27/6/2016 -- 10:04:40 - <Info> - Loading rule file: /etc/suricata/rules/emerging-current_events.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-dns.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-dos.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-exploit.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-ftp.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-games.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules
|
|
27/6/2016 -- 10:04:41 - <Info> - Loading rule file: /etc/suricata/rules/emerging-malware.rules
|
|
27/6/2016 -- 10:04:42 - <Info> - Loading rule file: /etc/suricata/rules/emerging-misc.rules
|
|
27/6/2016 -- 10:04:42 - <Info> - Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules
|
|
27/6/2016 -- 10:04:42 - <Info> - Loading rule file: /etc/suricata/rules/emerging-p2p.rules
|
|
27/6/2016 -- 10:04:42 - <Info> - Loading rule file: /etc/suricata/rules/emerging-policy.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-rpc.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-scada.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-scan.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-shellcode.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-smtp.rules
|
|
27/6/2016 -- 10:04:43 - <Info> - Loading rule file: /etc/suricata/rules/emerging-sql.rules
|
|
27/6/2016 -- 10:04:46 - <Info> - Loading rule file: /etc/suricata/rules/emerging-trojan.rules
|
|
27/6/2016 -- 10:05:12 - <Info> - Loading rule file: /etc/suricata/rules/emerging-user_agents.rules
|
|
27/6/2016 -- 10:05:13 - <Info> - Loading rule file: /etc/suricata/rules/emerging-web_client.rules
|
|
27/6/2016 -- 10:05:14 - <Info> - Loading rule file: /etc/suricata/rules/emerging-web_server.rules
|
|
27/6/2016 -- 10:05:20 - <Info> - Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rules
|
|
27/6/2016 -- 10:05:47 - <Info> - Loading rule file: /etc/suricata/rules/emerging-worm.rules
|
|
27/6/2016 -- 10:05:47 - <Info> - Loading rule file: /etc/suricata/rules/tor.rules
|
|
27/6/2016 -- 10:05:48 - <Info> - Loading rule file: /etc/suricata/rules/local.rules
|
|
27/6/2016 -- 10:05:48 - <Info> - Loading rule file: /etc/suricata/rules/cnc.rules
|
|
27/6/2016 -- 10:05:50 - <Info> - Loading rule file: /etc/suricata/rules/attack.rules
|
|
27/6/2016 -- 10:06:00 - <Info> - Loading rule file: /etc/suricata/rules/phishing.rules
|
|
27/6/2016 -- 10:07:23 - <Info> - Loading rule file: /etc/suricata/rules/fraud.rules
|
|
27/6/2016 -- 10:07:23 - <Info> - Loading rule file: /etc/suricata/rules/malware.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/decoder-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/stream-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/http-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/smtp-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/dns-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/tls-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /etc/suricata/rules/app-layer-events.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - Loading rule file: /var/data/sahil/md5.rules
|
|
27/6/2016 -- 10:07:24 - <Info> - MD5 hash size 2097664 bytes
|
|
27/6/2016 -- 10:07:25 - <Info> - MD5 hash size 2097664 bytes
|
|
27/6/2016 -- 10:07:25 - <Info> - 47 rule files processed. 72869 rules successfully loaded, 0 rules failed
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for tcp-packet
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for tcp-stream
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for udp-packet
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for other-ip
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_uri
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_raw_uri
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_user_agent
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_raw_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_raw_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_method
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for file_data
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for tcp-packet
|
|
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for file_data
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for tcp-stream
|
|
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_stat_msg
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for udp-packet
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for tcp-packet
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for tcp-stream
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_stat_code
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for other-ip
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for udp-packet
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_client_body
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_uri
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for other-ip
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_host
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_raw_uri
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_uri
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_raw_host
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_header
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_raw_uri
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_cookie
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_header
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for http_cookie
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_user_agent
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_header
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for dns_query
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_raw_header
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_user_agent
|
|
27/6/2016 -- 10:07:33 - <Perf> - using shared mpm ctx' for tls_sni
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_raw_header
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_raw_header
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_method
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_raw_header
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for file_data
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_method
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for file_data
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for file_data
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_stat_msg
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for file_data
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_stat_code
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_stat_msg
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_stat_code
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_client_body
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_host
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_client_body
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_raw_host
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_host
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_cookie
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_raw_host
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for http_cookie
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_cookie
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for dns_query
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for http_cookie
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- using shared mpm ctx' for tls_sni
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for dns_query
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- using shared mpm ctx' for tls_sni
|
|
27/6/2016 -- 10:07:33 - <Info> - 72877 signatures processed. 1205 are IP-only rules, 60423 are inspecting packet payload, 13475 inspect application layer, 100 are decoder event only
|
|
27/6/2016 -- 10:07:33 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Config> -- building signature grouping structure, stage 1: preprocessing rules... complete
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Config> -- building signature grouping structure, stage 1: preprocessing rules... complete
|
|
27/6/2016 -- 10:07:33 - <Perf> - TCP toserver: 41 port groups, 41 unique SGH's, 0 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- TCP toserver: 41 port groups, 41 unique SGH's, 0 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- TCP toserver: 41 port groups, 41 unique SGH's, 0 copies
|
|
27/6/2016 -- 10:07:33 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
|
|
27/6/2016 -- 10:07:33 - <Perf> - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- UDP toserver: 41 port groups, 30 unique SGH's, 11 copies
|
|
27/6/2016 -- 10:07:33 - <Perf> - UDP toclient: 21 port groups, 12 unique SGH's, 9 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- UDP toclient: 21 port groups, 12 unique SGH's, 9 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:33 ...
|
|
suricata:[16650] <Perf> -- UDP toclient: 21 port groups, 12 unique SGH's, 9 copies
|
|
27/6/2016 -- 10:07:34 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:34 ...
|
|
suricata:[16650] <Perf> -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
|
|
27/6/2016 -- 10:07:34 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:34 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:34 ...
|
|
suricata:[16650] <Perf> -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
|
|
27/6/2016 -- 10:07:51 - <Perf> - Unique rule groups: 107
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toserver TCP packet": 29
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toclient TCP packet": 20
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toserver TCP stream": 33
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toclient TCP stream": 21
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toserver UDP packet": 29
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "toclient UDP packet": 11
|
|
27/6/2016 -- 10:07:51 - <Perf> - Builtin MPM "other IP packet": 2
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_uri": 10
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_header": 9
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toclient http_header": 4
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Unique rule groups: 107
|
|
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toserver TCP packet": 29
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Unique rule groups: 107
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toclient TCP packet": 20
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toserver TCP packet": 29
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_method": 4
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toserver TCP stream": 33
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toclient TCP packet": 20
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toclient TCP stream": 21
|
|
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver file_data": 1
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toserver TCP stream": 33
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toclient file_data": 5
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toserver UDP packet": 29
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toclient TCP stream": 21
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "toclient UDP packet": 11
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toserver UDP packet": 29
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_client_body": 6
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- Builtin MPM "other IP packet": 2
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "toclient UDP packet": 11
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toserver http_cookie": 2
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_uri": 10
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- Builtin MPM "other IP packet": 2
|
|
27/6/2016 -- 10:07:51 - <Perf> - AppLayer MPM "toclient http_cookie": 3
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_raw_uri": 2
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_uri": 10
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_header": 9
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_raw_uri": 2
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toclient http_header": 4
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_header": 9
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_user_agent": 3
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toclient http_header": 4
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_raw_header": 1
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_user_agent": 3
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toclient http_raw_header": 1
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_raw_header": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_method": 4
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toclient http_raw_header": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver file_data": 1
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_method": 4
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toclient file_data": 5
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver file_data": 1
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toclient http_stat_code": 1
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_client_body": 6
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toserver http_cookie": 2
|
|
|
|
|
|
Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT):
|
|
|
|
suricata[16650]: [16650] <Perf> -- AppLayer MPM "toclient http_cookie": 3
|
|
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toclient file_data": 5
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toclient http_stat_code": 1
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_client_body": 6
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toserver http_cookie": 2
|
|
|
|
Message from syslogd@suricata at Jun 27 10:07:51 ...
|
|
suricata:[16650] <Perf> -- AppLayer MPM "toclient http_cookie": 3
|
|
27/6/2016 -- 10:13:23 - <Error> - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes
|
|
27/6/2016 -- 10:13:23 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Out of memory. The engine cannot be initialized. Exiting...
|