suricata.log - Suricata - Open Information Security Foundation

Support #2692 » suricata.log

prasert sook, 11/21/2018 07:12 AM

       [9965] 21/11/2018 -- 13:27:43 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 5aef72ef)
       [9965] 21/11/2018 -- 13:27:43 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 20
       [9965] 21/11/2018 -- 13:27:43 - (util-luajit.c:98) <Config> (LuajitSetupStatesPool) -- luajit states preallocated: 128
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-htp.c:2310) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33125 and 'request-body-inspect-window' set to 4118 after randomization.
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-htp.c:2328) <Config> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 41787 and 'response-body-inspect-window' set to 15784 after randomization.
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-smb-tcp-rust.c:295) <Config> (RegisterRustSMBTCPParsers) -- SMB stream depth: 0
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-modbus.c:1515) <Config> (RegisterModbusParsers) -- Protocol detection and parser disabled for modbus protocol.
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-enip.c:416) <Config> (RegisterENIPUDPParsers) -- Protocol detection and parser disabled for enip protocol.
       [9965] 21/11/2018 -- 13:27:43 - (app-layer-dnp3.c:1599) <Config> (RegisterDNP3Parsers) -- Protocol detection and parser disabled for DNP3.
       [9965] 21/11/2018 -- 13:27:43 - (host.c:254) <Config> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
       [9965] 21/11/2018 -- 13:27:43 - (host.c:277) <Config> (HostInitConfig) -- preallocated 1000 hosts of size 136
       [9965] 21/11/2018 -- 13:27:43 - (host.c:279) <Config> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432
       [9965] 21/11/2018 -- 13:27:43 - (util-coredump-config.c:129) <Config> (CoredumpLoadConfig) -- Core dump size set to unlimited.
       [9965] 21/11/2018 -- 13:27:43 - (defrag-hash.c:248) <Config> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
       [9965] 21/11/2018 -- 13:27:43 - (defrag-hash.c:273) <Config> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 160
       [9965] 21/11/2018 -- 13:27:43 - (defrag-hash.c:280) <Config> (DefragInitConfig) -- defrag memory usage: 14155616 bytes, maximum: 33554432
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:399) <Config> (StreamTcpInitConfig) -- stream "prealloc-sessions": 375000 (per thread)
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:418) <Config> (StreamTcpInitConfig) -- stream "memcap": 15032385536
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:424) <Config> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:430) <Config> (StreamTcpInitConfig) -- stream "async-oneside": disabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:447) <Config> (StreamTcpInitConfig) -- stream "checksum-validation": disabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:475) <Config> (StreamTcpInitConfig) -- stream."inline": disabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:488) <Config> (StreamTcpInitConfig) -- stream "bypass": enabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:510) <Config> (StreamTcpInitConfig) -- stream "max-synack-queued": 5
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:532) <Config> (StreamTcpInitConfig) -- stream.reassembly "memcap": 21474836480
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:550) <Config> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:626) <Config> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2445
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:628) <Config> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2671
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp.c:640) <Config> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled
       [9965] 21/11/2018 -- 13:27:43 - (stream-tcp-reassemble.c:373) <Config> (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 200000
       [9965] 21/11/2018 -- 13:27:43 - (util-logopenfile.c:501) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
       [9965] 21/11/2018 -- 13:27:43 - (util-logopenfile.c:501) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'http'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dns'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tls'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'files'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smtp'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'nfs'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'smb'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'tftp'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ikev2'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'krb5'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'dhcp'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'ssh'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'stats'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'flow'
       [9965] 21/11/2018 -- 13:27:43 - (runmodes.c:618) <Config> (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'metadata'
       [9965] 21/11/2018 -- 13:27:43 - (util-logopenfile.c:501) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log
       [9965] 21/11/2018 -- 13:27:43 - (suricata.c:2437) <Config> (SetupDelayedDetect) -- Delayed detect disabled
       [9965] 21/11/2018 -- 13:27:43 - (util-conf.c:115) <Info> (ConfUnixSocketIsEnable) -- Running in live mode, activating unix socket
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine.c:1514) <Config> (DetectEngineCtxInitReal) -- pattern matchers: MPM: hs, SPM: hs
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine.c:1915) <Config> (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine.c:1939) <Config> (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine.c:1967) <Config> (DetectEngineCtxLoadConf) -- prefilter engines: MPM
       [9965] 21/11/2018 -- 13:27:43 - (reputation.c:609) <Config> (SRepInit) -- IP reputation disabled
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:247) <Config> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/scirius.rules
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"2c:34:71:27:a7:33:33:09:51:af:90:bd:39:1d:4c:b2:5c:f6:86:20"; sid:902333297; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7456
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"5b:66:b1:0a:ec:a3:0b:93:d2:c7:76:c9:2b:3b:cb:02:d6:d3:6a:e5"; sid:902333299; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7460
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"7e:55:fb:87:67:15:0f:56:55:cd:0a:b8:53:c4:6c:cd:83:e0:e2:6c"; sid:902333301; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7462
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gootkit C&C)"; tls_fingerprint:"b1:5b:34:ca:a4:71:58:b1:7b:5d:64:fc:ce:46:21:19:35:5c:db:16"; sid:902333303; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7464
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gootkit C&C)"; tls_fingerprint:"5c:95:5d:b9:6e:be:42:de:ea:35:db:89:92:ca:f9:43:e2:a3:3d:b1"; sid:902333305; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7466
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"ac:d5:3a:9a:fe:1e:cc:f4:13:14:05:19:93:5d:ab:f7:52:b4:43:4b"; sid:902333307; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7468
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (IcedID C&C)"; tls_fingerprint:"ac:2d:7d:26:06:2d:68:bc:48:87:0c:fe:1a:fb:c1:dd:42:a2:43:41"; sid:902333309; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7470
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (IcedId C&C)"; tls_fingerprint:"d6:41:2d:b5:0d:f6:62:b5:af:43:a2:a2:0d:fe:58:e0:0c:ab:09:96"; sid:902333311; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7472
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (PandaZeuS C&C)"; tls_fingerprint:"a2:39:ed:1a:80:53:2b:74:1f:b9:e0:94:cd:51:b0:5c:ea:9b:6f:fa"; sid:902333313; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7474
       [9965] 21/11/2018 -- 13:27:43 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:43 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"a9:03:28:dc:8d:f0:80:df:60:1e:67:3f:30:59:a7:03:c0:c4:06:84"; sid:902333315; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 7476
       [9965] 21/11/2018 -- 13:27:47 - (detect-parse.c:631) <Error> (SigParseOptions) -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'tls_fingerprint'.
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"SSL Fingerprint Blacklist: Malicious SSL certificate detected (Gozi C&C)"; tls_fingerprint:"38:83:e2:f7:30:57:40:57:d5:cd:f9:1e:ae:56:2b:9c:56:e5:b5:0d"; sid:902333295; rev:1;)" from file /etc/suricata/rules/scirius.rules at line 46806
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-loader.c:351) <Info> (SigLoadSignatures) -- 1 rule files processed. 23740 rules successfully loaded, 11 rules failed
       [9965] 21/11/2018 -- 13:27:47 - (util-threshold-config.c:1126) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 23 rule(s) found
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:340) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:340) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:340) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:340) <Perf> (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_uri
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_request_line
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_client_body
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_response_line
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_header
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_header
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_header_names
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_header_names
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_accept
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_accept_enc
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_accept_lang
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_referer
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_connection
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_content_len
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_content_len
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_content_type
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_content_type
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_protocol
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_protocol
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_start
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_start
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_raw_header
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_raw_header
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_method
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_cookie
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_cookie
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_raw_uri
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_user_agent
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_host
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_raw_host
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_stat_msg
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for http_stat_code
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for dns_query
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for tls_sni
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for tls_cert_issuer
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for tls_cert_subject
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for tls_cert_serial
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for tls_cert_fingerprint
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ja3_hash
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ja3_string
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for dce_stub_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for dce_stub_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for smb_named_pipe
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for smb_share
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ssh_protocol
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ssh_protocol
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ssh_software
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for ssh_software
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for file_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for file_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for file_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for file_data
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for krb5_cname
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-mpm.c:285) <Perf> (DetectMpmSetupAppMpms) -- using shared mpm ctx' for krb5_sname
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1427) <Info> (SigAddressPrepareStage1) -- 23745 signatures processed. 1033 are IP-only rules, 7158 are inspecting packet payload, 18222 inspect application layer, 0 are decoder event only
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1430) <Config> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete
       [9965] 21/11/2018 -- 13:27:47 - (detect-flowbits.c:480) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BSis.vnc.setup' is checked but not set. Checked in 2002914 and 3 other sigs
       [9965] 21/11/2018 -- 13:27:47 - (detect-flowbits.c:480) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BSvnc.null.auth.sent' is checked but not set. Checked in 2002917 and 0 other sigs
       [9965] 21/11/2018 -- 13:27:47 - (detect-flowbits.c:480) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'BSvnc.auth.agreed' is checked but not set. Checked in 2002921 and 0 other sigs
       [9965] 21/11/2018 -- 13:27:47 - (detect-flowbits.c:480) <Warning> (DetectFlowbitsAnalyze) -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.Netwire.HB.1' is checked but not set. Checked in 2018282 and 0 other sigs
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1269) <Perf> (RulesGroupByPorts) -- TCP toserver: 41 port groups, 36 unique SGH's, 5 copies
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1269) <Perf> (RulesGroupByPorts) -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1269) <Perf> (RulesGroupByPorts) -- UDP toserver: 41 port groups, 36 unique SGH's, 5 copies
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1269) <Perf> (RulesGroupByPorts) -- UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1015) <Perf> (RulesGroupByProto) -- OTHER toserver: 254 proto groups, 5 unique SGH's, 249 copies
       [9965] 21/11/2018 -- 13:27:47 - (detect-engine-build.c:1052) <Perf> (RulesGroupByProto) -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-build.c:1802) <Perf> (SigAddressPrepareStage4) -- Unique rule groups: 113
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 31
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 19
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 31
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 21
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 36
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 14
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1000) <Perf> (MpmStoreReportStats) -- Builtin MPM "other IP packet": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_uri": 10
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_request_line": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_client_body": 6
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_response_line": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_header": 6
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_header": 3
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_header_names": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_accept": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_referer": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_len": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_type": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_content_type": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_start": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_header": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_raw_header": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_method": 4
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_cookie": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_cookie": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_uri": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_user_agent": 4
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver http_host": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient http_stat_code": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver dns_query": 4
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver tls_sni": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_issuer": 2
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_subject": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_serial": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver ssh_protocol": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toserver file_data": 1
       [9965] 21/11/2018 -- 13:27:48 - (detect-engine-mpm.c:1007) <Perf> (MpmStoreReportStats) -- AppLayer MPM "toclient file_data": 5
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:233) <Config> (ParseAFPConfig) -- Enabling tpacket v3 capture on iface enp179s0f1
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:328) <Config> (ParseAFPConfig) -- Using queue based cluster mode for AF_PACKET (iface enp179s0f1)
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:401) <Config> (ParseAFPConfig) -- af-packet will use '/etc/suricata/ebpf/bypass_filter.bpf' as eBPF filter file
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:408) <Config> (ParseAFPConfig) -- Using bypass kernel functionality for AF_PACKET (iface enp179s0f1)
       libbpf: failed to create map (name: 'flow_table_v4'): Function not implemented
       libbpf: failed to load object '/etc/suricata/ebpf/bypass_filter.bpf'
       [9965] 21/11/2018 -- 13:27:52 - (util-ebpf.c:229) <Error> (EBPFLoadFile) -- [ERRCODE: SC_ERR_MEM_ALLOC(1)] - Permission issue when loading eBPF object: Unknown error -1 (-1)
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:426) <Warning> (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Error when loading eBPF filter file
       [9965] 21/11/2018 -- 13:27:52 - (runmode-af-packet.c:643) <Config> (ParseAFPConfig) -- enp179s0f1: enabling zero copy mode by using data release call
       [9965] 21/11/2018 -- 13:27:52 - (util-runmodes.c:297) <Info> (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 20 thread(s)
       [10053] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10053] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10054] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10054] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10055] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10055] 21/11/2018 -- 13:27:52 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10058] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10058] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10063] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10063] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10070] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10070] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10071] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10071] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10072] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10072] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10073] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10073] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10074] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10074] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10075] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10075] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10076] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10076] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10077] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10077] 21/11/2018 -- 13:27:53 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10078] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10078] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10081] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10081] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10084] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10084] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10089] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10089] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10090] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10090] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10091] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10091] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [10092] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2574) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v4'
       [10092] 21/11/2018 -- 13:27:54 - (source-af-packet.c:2578) <Error> (ReceiveAFPThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Can't find eBPF map fd for 'flow_table_v6'
       [9965] 21/11/2018 -- 13:27:54 - (flow-manager.c:819) <Config> (FlowManagerThreadSpawn) -- using 1 flow manager threads
       [9965] 21/11/2018 -- 13:27:54 - (flow-manager.c:980) <Config> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
       [9965] 21/11/2018 -- 13:27:54 - (util-conf.c:115) <Info> (ConfUnixSocketIsEnable) -- Running in live mode, activating unix socket
       [9965] 21/11/2018 -- 13:27:54 - (unix-manager.c:131) <Info> (UnixNew) -- Using unix socket file '/var/run/suricata/suricata-command.socket'
       [9965] 21/11/2018 -- 13:27:54 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 20 packet processing threads, 5 management threads initialized, engine started.
       [10053] 21/11/2018 -- 13:27:54 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10054] 21/11/2018 -- 13:27:54 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10055] 21/11/2018 -- 13:27:54 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10058] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10063] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10070] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10071] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10072] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10073] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10074] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10075] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10076] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10077] 21/11/2018 -- 13:27:55 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10078] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10081] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10084] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10089] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10090] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10091] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10092] 21/11/2018 -- 13:27:56 - (source-af-packet.c:1773) <Perf> (AFPComputeRingParamsV3) -- AF_PACKET V3 RX Ring params: block_size=32768 block_nr=10001 frame_size=1600 frame_nr=200020 (mem: 327712768)
       [10092] 21/11/2018 -- 13:27:56 - (source-af-packet.c:513) <Info> (AFPPeersListReachedInc) -- All AFP capture threads are running.

« Previous
1
2
Next »

(1-1/2)

Project

General

Profile

Suricata

Support #2692 » suricata.log