Project

General

Profile

Download (13.5 KB)

Support #2140 » suri_start.txt

verbose start of suricata - Robbie Corley, 06/09/2017 08:58 PM

 
sudo /opt/suricata/bin/suricata -c /opt/suricata/etc/suricata/suricata.yaml --af-packet=eth0 -v
9/6/2017 -- 21:51:04 - <Notice> - This is Suricata version 3.0.1 RELEASE
9/6/2017 -- 21:51:04 - <Info> - CPUs/cores online: 4
9/6/2017 -- 21:51:04 - <Info> - 'default' server has 'request-body-minimal-inspe ct-size' set to 33882 and 'request-body-inspect-window' set to 4053 after random ization.
9/6/2017 -- 21:51:04 - <Info> - 'default' server has 'response-body-minimal-insp ect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after ran domization.
9/6/2017 -- 21:51:04 - <Info> - DNS request flood protection level: 500
9/6/2017 -- 21:51:04 - <Info> - DNS per flow memcap (state-memcap): 524288
9/6/2017 -- 21:51:04 - <Info> - DNS global memcap: 16777216
9/6/2017 -- 21:51:04 - <Info> - Protocol detection and parser disabled for modbu s protocol.
9/6/2017 -- 21:51:04 - <Info> - Found an MTU of 1500 for 'eth0'
9/6/2017 -- 21:51:04 - <Info> - allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32
9/6/2017 -- 21:51:04 - <Info> - preallocated 65535 defrag trackers of size 116
9/6/2017 -- 21:51:04 - <Info> - defrag memory usage: 9699212 bytes, maximum: 335 54432
9/6/2017 -- 21:51:04 - <Info> - allocated 262144 bytes of memory for the host ha sh... 4096 buckets of size 64
9/6/2017 -- 21:51:04 - <Info> - preallocated 1000 hosts of size 84
9/6/2017 -- 21:51:04 - <Info> - host memory usage: 346144 bytes, maximum: 167772 16
9/6/2017 -- 21:51:04 - <Info> - allocated 4194304 bytes of memory for the flow h ash... 65536 buckets of size 64
9/6/2017 -- 21:51:04 - <Info> - preallocated 10000 flows of size 212
9/6/2017 -- 21:51:04 - <Info> - flow memory usage: 6314304 bytes, maximum: 67108 864
9/6/2017 -- 21:51:04 - <Info> - stream "prealloc-sessions": 2048 (per thread)
9/6/2017 -- 21:51:04 - <Info> - stream "memcap": 33554432
9/6/2017 -- 21:51:04 - <Info> - stream "midstream" session pickups: disabled
9/6/2017 -- 21:51:04 - <Info> - stream "async-oneside": disabled
9/6/2017 -- 21:51:04 - <Info> - stream "checksum-validation": enabled
9/6/2017 -- 21:51:04 - <Info> - stream."inline": disabled
9/6/2017 -- 21:51:04 - <Info> - stream "max-synack-queued": 5
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "memcap": 134217728
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "depth": 1048576
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "toserver-chunk-size": 2529
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "toclient-chunk-size": 2640
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly.raw: enabled
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 4, prealloc 256
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 16, prealloc 512
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 112, prealloc 512
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 248, prealloc 512
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 512, prealloc 512
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 768, prealloc 1024
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 1448, prealloc 1024
9/6/2017 -- 21:51:04 - <Info> - segment pool: pktsize 65535, prealloc 128
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "chunk-prealloc": 250
9/6/2017 -- 21:51:04 - <Info> - stream.reassembly "zero-copy-size": 128
9/6/2017 -- 21:51:04 - <Info> - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64
9/6/2017 -- 21:51:04 - <Info> - preallocated 1000 ippairs of size 92
9/6/2017 -- 21:51:04 - <Info> - ippair memory usage: 354144 bytes, maximum: 1677 7216
9/6/2017 -- 21:51:04 - <Info> - Delayed detect disabled
9/6/2017 -- 21:51:04 - <Info> - IP reputation disabled
9/6/2017 -- 21:51:04 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/botcc.rules
9/6/2017 -- 21:51:04 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/ciarmy.rules
9/6/2017 -- 21:51:04 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/compromised.rules
9/6/2017 -- 21:51:04 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/drop.rules
9/6/2017 -- 21:51:05 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/dshield.rules
9/6/2017 -- 21:51:05 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/emerging-attack_response.rules
9/6/2017 -- 21:51:05 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/emerging-chat.rules
9/6/2017 -- 21:51:05 - <Info> - Loading rule file: /opt/suricata/etc/suricata/ru les/emerging-current_events.rules
9/6/2017 -- 21:51:11 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-dns.rules
9/6/2017 -- 21:51:11 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-dos.rules
9/6/2017 -- 21:51:12 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-exploit.rules
9/6/2017 -- 21:51:13 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-ftp.rules
9/6/2017 -- 21:51:13 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-imap.rules
9/6/2017 -- 21:51:13 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-malware.rules
9/6/2017 -- 21:51:15 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-misc.rules
9/6/2017 -- 21:51:15 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-mobile_malware.rules
9/6/2017 -- 21:51:15 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-netbios.rules
9/6/2017 -- 21:51:18 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-p2p.rules
9/6/2017 -- 21:51:18 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-policy.rules
9/6/2017 -- 21:51:19 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-pop3.rules
9/6/2017 -- 21:51:19 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-rpc.rules
9/6/2017 -- 21:51:20 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-scada.rules
9/6/2017 -- 21:51:20 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-scan.rules
9/6/2017 -- 21:51:20 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-smtp.rules
9/6/2017 -- 21:51:20 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-snmp.rules
9/6/2017 -- 21:51:20 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-sql.rules
9/6/2017 -- 21:51:21 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-telnet.rules
9/6/2017 -- 21:51:21 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-tftp.rules
9/6/2017 -- 21:51:21 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-trojan.rules
9/6/2017 -- 21:51:37 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-user_agents.rules
9/6/2017 -- 21:51:37 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-voip.rules
9/6/2017 -- 21:51:37 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-web_client.rules
9/6/2017 -- 21:51:37 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/files.rules
9/6/2017 -- 21:51:37 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-web_server.rules
9/6/2017 -- 21:51:38 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/emerging-worm.rules
9/6/2017 -- 21:51:38 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/tor.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/decoder-events.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/stream-events.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/http-events.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/smtp-events.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/dns-events.rules
9/6/2017 -- 21:51:39 - <Warning> - [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /opt/suricata/etc/suricata/rules/tls-events.rules
9/6/2017 -- 21:51:39 - <Info> - Loading rule file: /opt/suricata/etc/suricata/rules/app-layer-events.rules
9/6/2017 -- 21:51:39 - <Info> - 43 rule files processed. 13237 rules successfully loaded, 0 rules failed
9/6/2017 -- 21:51:40 - <Info> - 13245 signatures processed. 1235 are IP-only rules, 5485 are inspecting packet payload, 8022 inspect application layer, 100 are decoder event only
9/6/2017 -- 21:51:40 - <Info> - building signature grouping structure, stage 1: preprocessing rules... complete
9/6/2017 -- 21:51:42 - <Info> - building signature grouping structure, stage 2: building source address list... complete
9/6/2017 -- 21:51:52 - <Info> - building signature grouping structure, stage 3: building destination address lists... complete
9/6/2017 -- 21:51:59 - <Info> - Threshold config parsed: 0 rule(s) found
9/6/2017 -- 21:51:59 - <Info> - Core dump size set to unlimited.
9/6/2017 -- 21:51:59 - <Info> - fast output device (regular) initialized: fast.log
9/6/2017 -- 21:51:59 - <Info> - eve-log output device (regular) initialized: eve.json
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'alert'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'http'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'dns'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'tls'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'files'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'smtp'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'ssh'
9/6/2017 -- 21:51:59 - <Info> - enabling 'eve-log' module 'stats'
9/6/2017 -- 21:51:59 - <Info> - http-log output device (regular) initialized: http.log
9/6/2017 -- 21:51:59 - <Info> - stats output device (regular) initialized: stats.log
9/6/2017 -- 21:51:59 - <Info> - forcing md5 calculation for stored files
9/6/2017 -- 21:51:59 - <Info> - storing files in /var/log/suricata//files
9/6/2017 -- 21:51:59 - <Info> - file-log output device (regular) initialized: files-json.log
9/6/2017 -- 21:51:59 - <Info> - forcing md5 calculation for logged files
9/6/2017 -- 21:51:59 - <Info> - Using 4 AF_PACKET threads for interface eth0
9/6/2017 -- 21:51:59 - <Info> - Enabling mmaped capture on iface eth0
9/6/2017 -- 21:51:59 - <Info> - Using flow cluster mode for AF_PACKET (iface eth0)
9/6/2017 -- 21:51:59 - <Info> - Using defrag kernel functionality for AF_PACKET (iface eth0)
9/6/2017 -- 21:51:59 - <Info> - NIC offloading on eth0: GRO: unset, LRO: unset
9/6/2017 -- 21:51:59 - <Info> - eth0: enabling zero copy mode
9/6/2017 -- 21:51:59 - <Info> - eth0: enabling zero copy mode by using data release call
9/6/2017 -- 21:51:59 - <Info> - Going to use 4 thread(s)
9/6/2017 -- 21:51:59 - <Info> - preallocated 1024 packets. Total memory 2895872
9/6/2017 -- 21:51:59 - <Info> - id 43
9/6/2017 -- 21:51:59 - <Info> - preallocated 1024 packets. Total memory 2895872
9/6/2017 -- 21:51:59 - <Info> - preallocated 1024 packets. Total memory 2895872
9/6/2017 -- 21:51:59 - <Info> - preallocated 1024 packets. Total memory 2895872
9/6/2017 -- 21:51:59 - <Info> - using 1 flow manager threads
9/6/2017 -- 21:51:59 - <Info> - preallocated 1024 packets. Total memory 2895872
9/6/2017 -- 21:51:59 - <Info> - using 1 flow recycler threads
9/6/2017 -- 21:51:59 - <Notice> - all 4 packet processing threads, 4 management threads initialized, engine started.
9/6/2017 -- 21:51:59 - <Info> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1584 frame_nr=520
9/6/2017 -- 21:51:59 - <Info> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1584 frame_nr=520
9/6/2017 -- 21:51:59 - <Info> - Starting to read on AFPacketeth01
9/6/2017 -- 21:51:59 - <Info> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1584 frame_nr=520
9/6/2017 -- 21:51:59 - <Info> - AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1584 frame_nr=520
9/6/2017 -- 21:52:00 - <Info> - All AFP capture threads are running.

(2-2/2)