|
23/10/2019 -- 13:16:08 - <Info> -- Using data-directory /usr/local/var/lib/suricata.
|
|
23/10/2019 -- 13:16:08 - <Info> -- Using Suricata configuration /usr/local/etc/suricata/suricata.yaml
|
|
23/10/2019 -- 13:16:08 - <Info> -- Using /usr/local/share/suricata/rules for Suricata provided rules.
|
|
23/10/2019 -- 13:16:08 - <Info> -- Found Suricata version 4.1.4 at /usr/local/bin/suricata.
|
|
23/10/2019 -- 13:16:08 - <Info> -- Loading /usr/local/etc/suricata/suricata.yaml
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto dhcp
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto tftp
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto krb5
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto ntp
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto modbus
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto enip
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto dnp3
|
|
23/10/2019 -- 13:16:08 - <Info> -- Disabling rules with proto nfs
|
|
23/10/2019 -- 13:16:08 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-4.1.4/emerging.rules.tar.gz.
|
|
23/10/2019 -- 13:16:08 - <Error> -- Failed to fetch https://rules.emergingthreats.net/open/suricata-4.1.4/emerging.rules.tar.gz: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
|
|
23/10/2019 -- 13:16:08 - <Info> -- Fetching https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules.
|
|
23/10/2019 -- 13:16:09 - <Error> -- Failed to fetch https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
|
|
23/10/2019 -- 13:16:09 - <Info> -- Fetching https://security.etnetera.cz/feeds/etn_aggressive.rules.
|
|
23/10/2019 -- 13:16:09 - <Error> -- Failed to fetch https://security.etnetera.cz/feeds/etn_aggressive.rules: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
|
|
23/10/2019 -- 13:16:09 - <Info> -- Last download less than 15 minutes ago. Not downloading https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Fetching https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz.
|
|
23/10/2019 -- 13:16:09 - <Error> -- Failed to fetch https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules.tar.gz: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/app-layer-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/decoder-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/dnp3-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/dns-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/files.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/http-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/ipsec-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/kerberos-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/modbus-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/nfs-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/ntp-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/smb-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/smtp-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/stream-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loading distribution rule file /usr/local/share/suricata/rules/tls-events.rules
|
|
23/10/2019 -- 13:16:09 - <Info> -- Loaded 359 rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Disabled 20 rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Enabled 0 rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Modified 0 rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Dropped 0 rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Enabled 0 rules for flowbit dependencies.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Backing up current rules.
|
|
23/10/2019 -- 13:16:09 - <Info> -- Writing rules to /usr/local/var/lib/suricata/rules/suricata.rules: total: 359; enabled: 298; added: 34; removed 0; modified: 0
|
|
23/10/2019 -- 13:16:09 - <Info> -- Testing with suricata -T.
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "internal_error" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB internal parser error"; flow:to_server; app-layer-event:smb.internal_error; classtype:protocol-command-decode; sid:2225000; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 30
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ikev2.weak_crypto_nodh; classtype:protocol-command-decode; sid:2224006; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 32
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 invalid proposal selected"; flow:to_client; app-layer-event:ikev2.invalid_proposal; classtype:protocol-command-decode; sid:2224010; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 61
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (PRF)"; flow:to_client; app-layer-event:ikev2.weak_crypto_prf; classtype:protocol-command-decode; sid:2224003; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 74
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ikev2.weak_crypto_auth; classtype:protocol-command-decode; sid:2224004; rev:2;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 87
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no encryption (AH)"; flow:to_client; app-layer-event:ikev2.no_encryption; classtype:protocol-command-decode; sid:2224008; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 114
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "malformed_data" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB malformed response data"; flow:to_client; app-layer-event:smb.malformed_data; classtype:protocol-command-decode; sid:2225003; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 124
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 malformed response data"; flow:to_client; app-layer-event:ikev2.malformed_data; classtype:protocol-command-decode; sid:2224001; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 126
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "malformed_ntlmssp_request" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB malformed NTLMSSP record"; flow:to_server; app-layer-event:smb.malformed_ntlmssp_request; classtype:protocol-command-decode; sid:2225004; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 138
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "internal_error" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB internal parser error"; flow:to_client; app-layer-event:smb.internal_error; classtype:protocol-command-decode; sid:2225001; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 178
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 no authentication"; flow:to_client; app-layer-event:ikev2.weak_crypto_noauth; classtype:protocol-command-decode; sid:2224007; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 180
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 unknown proposal"; flow:to_server; app-layer-event:ikev2.unknown_proposal; classtype:protocol-command-decode; sid:2224011; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 207
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 unknown proposal selected"; flow:to_client; app-layer-event:ikev2.unknown_proposal; classtype:protocol-command-decode; sid:2224012; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 222
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ikev2.weak_crypto_dh; classtype:protocol-command-decode; sid:2224005; rev:2;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 236
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 invalid proposal"; flow:to_server; app-layer-event:ikev2.invalid_proposal; classtype:protocol-command-decode; sid:2224009; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 265
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 weak cryptographic parameters (Encryption)"; flow:to_client; app-layer-event:ikev2.weak_crypto_enc; classtype:protocol-command-decode; sid:2224002; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 279
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "negotiate_malformed_dialects" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB malformed request dialects"; flow:to_server; app-layer-event:smb.negotiate_malformed_dialects; classtype:protocol-command-decode; sid:2225005; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 294
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - app-layer-event keyword's protocol "smb" doesn't have event "malformed_data" registered
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert smb any any -> any any (msg:"SURICATA SMB malformed request data"; flow:to_server; app-layer-event:smb.malformed_data; classtype:protocol-command-decode; sid:2225002; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 332
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_UNKNOWN_PROTOCOL(124)] - protocol "ikev2" cannot be used in a signature. Either detection for this protocol supported yet OR detection has been disabled for protocol through the yaml option app-layer.protocols.ikev2.detection-enabled
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ikev2 any any -> any any (msg:"SURICATA IKEv2 malformed request data"; flow:to_server; app-layer-event:ikev2.malformed_data; classtype:protocol-command-decode; sid:2224000; rev:1;)" from file /usr/local/var/lib/suricata/rules/suricata.rules at line 334
|
|
23/10/2019 -- 13:16:09 - <Error> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.
|
|
23/10/2019 -- 13:16:09 - <Error> -- Suricata test failed, aborting.
|
|
23/10/2019 -- 13:16:09 - <Error> -- Restoring previous rules.
|
|
|