|
[1633] 27/2/2018 -- 20:27:17 - (suricata.c:1107) <Notice> (LogVersion) -- This is Suricata version 4.0.0-dev
|
|
[1633] 27/2/2018 -- 20:27:17 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 4
|
|
[1633] 27/2/2018 -- 20:27:17 - (util-device.c:252) <Config> (LiveBuildDeviceListCustom) -- Adding interface enp10s0 from config file
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-htp.c:2251) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 31994 and 'request-body-inspect-window' set to 3967 after randomization.
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-htp.c:2269) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 42393 and 'response-body-inspect-window' set to 16583 after randomization.
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:360) <Config> (DNSUDPConfigure) -- DNS request flood protection level: 500
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:372) <Config> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:384) <Config> (DNSUDPConfigure) -- DNS global memcap: 16777216
|
|
[1633] 27/2/2018 -- 20:27:17 - (app-layer-modbus.c:1521) <Config> (RegisterModbusParsers) -- Protocol detection and parser disabled for modbus protocol.
|
|
[1633] 27/2/2018 -- 20:27:17 - (util-ioctl.c:107) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'enp10s0'
|
|
[1633] 27/2/2018 -- 20:27:17 - (util-ioctl.c:107) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'enp10s0'
|
|
[1634] 27/2/2018 -- 20:27:17 - (host.c:213) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
|
|
[1634] 27/2/2018 -- 20:27:17 - (host.c:236) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136
|
|
[1634] 27/2/2018 -- 20:27:17 - (host.c:238) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432
|
|
[1634] 27/2/2018 -- 20:27:17 - (util-coredump-config.c:129) <Config> (CoredumpLoadConfig) -- Core dump size set to unlimited.
|
|
[1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:208) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
|
|
[1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:233) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168
|
|
[1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:240) <Config> (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:366) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread)
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:382) <Config> (StreamTcpInitConfig) -- stream "memcap": 67108864
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:388) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:394) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:411) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": enabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:439) <Config> (StreamTcpInitConfig) -- stream."inline": disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:452) <Config> (StreamTcpInitConfig) -- stream "bypass": disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:474) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:492) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:510) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:586) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2439
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:588) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2588
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:600) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (stream-tcp-reassemble.c:354) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048
|
|
[1634] 27/2/2018 -- 20:27:17 - (suricata.c:2407) <Config> (SetupDelayedDetect) -- Delayed detect disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1025) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: hs, SPM: hs
|
|
[1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1421) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
|
|
[1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1445) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060
|
|
[1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1473) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM
|
|
[1634] 27/2/2018 -- 20:27:17 - (reputation.c:609) <Config> (SRepInit) -- IP reputation disabled
|
|
[1634] 27/2/2018 -- 20:27:17 - (detect.c:425) <Config> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tss.rules
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect.c:410) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/custom.rules
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect.c:496) <Config> (SigLoadSignatures) -- No rules loaded from custom.rules.
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect.c:529) <Info> (SigLoadSignatures) -- 2 rule files processed. 17847 rules successfully loaded, 0 rules failed
|
|
[1634] 27/2/2018 -- 20:27:29 - (util-threshold-config.c:1184) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_sni
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_issuer
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_subject
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_serial
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_protocol
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_protocol
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) <Perf> (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect.c:3060) <Info> (SigAddressPrepareStage1) -- 18213 signatures processed. 1887 are IP-only rules, 5680 are inspecting packet payload, 12650 inspect application layer, 0 are decoder event only
|
|
[1634] 27/2/2018 -- 20:27:29 - (detect.c:3063) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) <Perf> (RulesGroupByPorts) -- TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) <Perf> (RulesGroupByPorts) -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) <Perf> (RulesGroupByPorts) -- UDP toserver: 41 port groups, 31 unique SGH's, 10 copies
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) <Perf> (RulesGroupByPorts) -- UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2648) <Perf> (RulesGroupByProto) -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
|
|
[1634] 27/2/2018 -- 20:27:30 - (detect.c:2685) <Perf> (RulesGroupByProto) -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect.c:3428) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 110
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 30
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 20
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 31
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 21
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 31
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 14
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 2
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_uri": 8
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_request_line": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_client_body": 6
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_response_line": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_header": 6
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_header": 3
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_header_names": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_accept": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_referer": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_len": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_type": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_content_type": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_header": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_raw_header": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_method": 2
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_cookie": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_cookie": 2
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_uri": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_user_agent": 4
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_host": 2
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver dns_query": 4
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver tls_sni": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_issuer": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_subject": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_serial": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver ssh_protocol": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver file_data": 1
|
|
[1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient file_data": 5
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-logopenfile.c:530) <Info> (SCConfLogOpenGeneric) -- Setting logging socket of non-blocking in live mode.
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-logopenfile.c:535) <Info> (SCConfLogOpenGeneric) -- eve-log output device (unix_stream) initialized: dmutmd_fastlog.sck
|
|
[1634] 27/2/2018 -- 20:27:38 - (runmodes.c:604) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert'
|
|
[1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:421) <Perf> (ParseAFPConfig) -- 4 cores, so using 4 threads
|
|
[1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:434) <Perf> (ParseAFPConfig) -- Using 4 AF_PACKET threads for interface enp10s0
|
|
[1634] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) <Info> (AFPGetDevLinktype) -- sa_family = 1
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:435) <Perf> (DisableIfaceOffloadingLinux) -- enp10s0: disabling gro offloading
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:442) <Perf> (DisableIfaceOffloadingLinux) -- enp10s0: disabling tso offloading
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:449) <Perf> (DisableIfaceOffloadingLinux) -- enp10s0: disabling gso offloading
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:456) <Perf> (DisableIfaceOffloadingLinux) -- enp10s0: disabling sg offloading
|
|
[1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:491) <Config> (ParseAFPConfig) -- enp10s0: enabling zero copy mode by using data release call
|
|
[1634] 27/2/2018 -- 20:27:38 - (util-runmodes.c:296) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 4 thread(s)
|
|
[1634] 27/2/2018 -- 20:27:38 - (flow-manager.c:828) <Config> (FlowManagerThreadSpawn) -- using 1 flow manager threads
|
|
[1634] 27/2/2018 -- 20:27:38 - (flow-manager.c:992) <Config> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
|
|
[1634] 27/2/2018 -- 20:27:38 - (unix-manager.c:124) <Info> (UnixNew) -- Using unix socket file '/var/run/suricata/suricata-command.socket'
|
|
[1634] 27/2/2018 -- 20:27:38 - (unix-manager.c:142) <Info> (UnixNew) -- Created socket directory /var/run/suricata/
|
|
[1634] 27/2/2018 -- 20:27:38 - (tm-threads.c:2182) <Notice> (TmThreadWaitOnThreadInit) -- all 4 packet processing threads, 2 management threads initialized, engine started.
|
|
[1715] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
|
|
[1715] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) <Info> (AFPGetDevLinktype) -- sa_family = 1
|
|
[1716] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
|
|
[1716] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) <Info> (AFPGetDevLinktype) -- sa_family = 1
|
|
[1717] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
|
|
[1717] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) <Info> (AFPGetDevLinktype) -- sa_family = 1
|
|
[1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) <Perf> (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520
|
|
[1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) <Info> (AFPGetDevLinktype) -- sa_family = 1
|
|
[1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:479) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running.
|