Project

General

Profile

Bug #4629 » out.txt

Martin Rehak, 07/01/2021 08:52 AM

 
1
# suricata --pcap=igb0 -vvvv
2
1/7/2021 -- 10:34:04 - <Notice> - This is Suricata version 6.0.2 RELEASE running in SYSTEM mode
3
1/7/2021 -- 10:34:04 - <Info> - CPUs/cores online: 12
4
1/7/2021 -- 10:34:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33553 and 'request-body-inspect-window' set to 4066 after randomization.
5
1/7/2021 -- 10:34:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 41964 and 'response-body-inspect-window' set to 16108 after randomization.
6
1/7/2021 -- 10:34:04 - <Config> - SMB stream depth: 0
7
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for modbus protocol.
8
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for enip protocol.
9
1/7/2021 -- 10:34:04 - <Config> - Protocol detection and parser disabled for DNP3.
10
1/7/2021 -- 10:34:04 - <Info> - Found an MTU of 1500 for 'igb0'
11
1/7/2021 -- 10:34:04 - <Info> - Found an MTU of 1500 for 'igb0'
12
1/7/2021 -- 10:34:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
13
1/7/2021 -- 10:34:04 - <Config> - preallocated 1000 hosts of size 104
14
1/7/2021 -- 10:34:04 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
15
1/7/2021 -- 10:34:04 - <Config> - Core dump size is unlimited.
16
1/7/2021 -- 10:34:04 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
17
1/7/2021 -- 10:34:04 - <Config> - preallocated 65535 defrag trackers of size 128
18
1/7/2021 -- 10:34:04 - <Config> - defrag memory usage: 9961344 bytes, maximum: 33554432
19
1/7/2021 -- 10:34:04 - <Config> - flow size 288, memcap allows for 466033 flows. Per hash row in perfect conditions 7
20
1/7/2021 -- 10:34:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21
1/7/2021 -- 10:34:04 - <Config> - stream "memcap": 67108864
22
1/7/2021 -- 10:34:04 - <Config> - stream "midstream" session pickups: disabled
23
1/7/2021 -- 10:34:04 - <Config> - stream "async-oneside": disabled
24
1/7/2021 -- 10:34:04 - <Config> - stream "checksum-validation": enabled
25
1/7/2021 -- 10:34:04 - <Config> - stream."inline": disabled
26
1/7/2021 -- 10:34:04 - <Config> - stream "bypass": disabled
27
1/7/2021 -- 10:34:04 - <Config> - stream "max-synack-queued": 5
28
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "memcap": 268435456
29
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "depth": 1048576
30
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "toserver-chunk-size": 2669
31
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "toclient-chunk-size": 2625
32
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly.raw: enabled
33
1/7/2021 -- 10:34:04 - <Config> - stream.reassembly "segment-prealloc": 2048
34
1/7/2021 -- 10:34:04 - <Info> - fast output device (regular) initialized: fast.log
35
1/7/2021 -- 10:34:04 - <Info> - eve-log output device (regular) initialized: eve.json
36
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'alert'
37
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'anomaly'
38
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'http'
39
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dns'
40
1/7/2021 -- 10:34:04 - <Config> - eve-log dns version not set, defaulting to version 2
41
1/7/2021 -- 10:34:04 - <Config> - eve-log dns version not set, defaulting to version 2
42
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'tls'
43
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'files'
44
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'smtp'
45
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ftp'
46
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'rdp'
47
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'nfs'
48
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'smb'
49
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'tftp'
50
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ikev2'
51
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dcerpc'
52
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'krb5'
53
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'snmp'
54
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'rfb'
55
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'sip'
56
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'dhcp'
57
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'ssh'
58
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'mqtt'
59
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'stats'
60
1/7/2021 -- 10:34:04 - <Config> - enabling 'eve-log' module 'flow'
61
1/7/2021 -- 10:34:04 - <Info> - stats output device (regular) initialized: stats.log
62
1/7/2021 -- 10:34:04 - <Config> - Delayed detect disabled
63
1/7/2021 -- 10:34:04 - <Info> - Running in live mode, activating unix socket
64
1/7/2021 -- 10:34:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
65
1/7/2021 -- 10:34:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
66
1/7/2021 -- 10:34:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
67
1/7/2021 -- 10:34:04 - <Config> - prefilter engines: MPM
68
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_uri
69
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_uri
70
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_request_line
71
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_client_body
72
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_response_line
73
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header
74
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header
75
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header_names
76
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_header_names
77
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept
78
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept_enc
79
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_accept_lang
80
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_referer
81
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_connection
82
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_len
83
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_len
84
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_type
85
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_content_type
86
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http.server
87
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http.location
88
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_protocol
89
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_protocol
90
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_start
91
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_start
92
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_header
93
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_header
94
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_method
95
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_cookie
96
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_cookie
97
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
98
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
99
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
100
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
101
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
102
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
103
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
104
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
105
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
106
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
107
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.name
108
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
109
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
110
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
111
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
112
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
113
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
114
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
115
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
116
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
117
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
118
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file.magic
119
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_user_agent
120
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_host
121
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_raw_host
122
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_stat_msg
123
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http_stat_code
124
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header_name
125
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header_name
126
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header
127
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for http2_header
128
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dns_query
129
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dnp3_data
130
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dnp3_data
131
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.sni
132
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_issuer
133
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_subject
134
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_serial
135
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.cert_fingerprint
136
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tls.certs
137
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3.hash
138
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3.string
139
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3s.hash
140
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ja3s.string
141
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
142
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
143
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
144
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for dce_stub_data
145
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for smb_named_pipe
146
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for smb_share
147
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.proto
148
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.proto
149
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh_software
150
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh_software
151
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh
152
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.server
153
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.string
154
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ssh.hassh.server.string
155
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
156
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
157
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
158
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
159
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
160
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for file_data
161
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for krb5_cname
162
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for krb5_sname
163
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.method
164
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.uri
165
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.protocol
166
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.protocol
167
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.method
168
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.stat_msg
169
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.request_line
170
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for sip.response_line
171
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for rfb.name
172
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for snmp.community
173
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for snmp.community
174
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.clientid
175
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.username
176
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.password
177
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.willtopic
178
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.connect.willmessage
179
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.publish.topic
180
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.publish.message
181
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.subscribe.topic
182
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for mqtt.unsubscribe.topic
183
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for icmpv4.hdr
184
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for tcp.hdr
185
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for udp.hdr
186
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for icmpv6.hdr
187
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ipv4.hdr
188
1/7/2021 -- 10:34:04 - <Perf> - using shared mpm ctx' for ipv6.hdr
189
1/7/2021 -- 10:34:04 - <Config> - IP reputation disabled
190
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/3coresec.rules
191
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/botcc.rules
192
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/ciarmy.rules
193
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/compromised.rules
194
1/7/2021 -- 10:34:04 - <Config> - No rules loaded from compromised.rules.
195
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/drop.rules
196
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/dshield.rules
197
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-attack_response.rules
198
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-chat.rules
199
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-current_events.rules
200
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-dns.rules
201
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-dos.rules
202
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-exploit.rules
203
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-imap.rules
204
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-malware.rules
205
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-misc.rules
206
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-mobile_malware.rules
207
1/7/2021 -- 10:34:04 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-netbios.rules
208
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-policy.rules
209
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-pop3.rules
210
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-rpc.rules
211
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-scan.rules
212
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-shellcode.rules
213
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-smtp.rules
214
1/7/2021 -- 10:34:05 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-trojan.rules
215
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-user_agents.rules
216
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-voip.rules
217
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_client.rules
218
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_server.rules
219
1/7/2021 -- 10:34:06 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-web_specific_apps.rules
220
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/emerging-worm.rules
221
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/tor.rules
222
1/7/2021 -- 10:34:07 - <Config> - Loading rule file: /var/lib/suricata/rules/custom.rules
223
1/7/2021 -- 10:34:07 - <Config> - No rules loaded from custom.rules.
224
1/7/2021 -- 10:34:07 - <Info> - 32 rule files processed. 20590 rules successfully loaded, 0 rules failed
225
1/7/2021 -- 10:34:07 - <Info> - Threshold config parsed: 2 rule(s) found
226
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for tcp-packet
227
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for tcp-stream
228
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for udp-packet
229
1/7/2021 -- 10:34:07 - <Perf> - using shared mpm ctx' for other-ip
230
1/7/2021 -- 10:34:07 - <Info> - 20593 signatures processed. 1134 are IP-only rules, 3288 are inspecting packet payload, 16147 inspect application layer, 0 are decoder event only
231
1/7/2021 -- 10:34:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
232
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.http.PK' is checked but not set. Checked in 2019835 and 3 other sigs
233
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'HTTP.UncompressedFlash' is checked but not set. Checked in 2016396 and 3 other sigs
234
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019822 and 1 other sigs
235
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
236
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
237
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.XMLHTTP.no.exe.request' is checked but not set. Checked in 2022053 and 0 other sigs
238
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
239
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023671 and 9 other sigs
240
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.pdf.in.http' is checked but not set. Checked in 2017150 and 4 other sigs
241
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017768 and 11 other sigs
242
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'et.MCOFF' is checked but not set. Checked in 2019837 and 1 other sigs
243
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
244
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.armwget' is checked but not set. Checked in 2024241 and 1 other sigs
245
1/7/2021 -- 10:34:07 - <Warning> - [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'ET.JS.Obfus.Func' is checked but not set. Checked in 2017247 and 0 other sigs
246
1/7/2021 -- 10:34:07 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
247
1/7/2021 -- 10:34:07 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
248
1/7/2021 -- 10:34:08 - <Perf> - UDP toserver: 41 port groups, 24 unique SGH's, 17 copies
249
1/7/2021 -- 10:34:08 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
250
1/7/2021 -- 10:34:08 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
251
1/7/2021 -- 10:34:08 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
252
1/7/2021 -- 10:34:17 - <Perf> - Unique rule groups: 106
253
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver TCP packet": 29
254
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient TCP packet": 20
255
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver TCP stream": 29
256
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient TCP stream": 21
257
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toserver UDP packet": 24
258
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "toclient UDP packet": 18
259
1/7/2021 -- 10:34:17 - <Perf> - Builtin MPM "other IP packet": 2
260
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_uri (http)": 9
261
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_raw_uri (http)": 1
262
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_request_line (http)": 2
263
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_client_body (http)": 6
264
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_response_line (http)": 1
265
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_header (http)": 8
266
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_header (http)": 8
267
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_header_names (http)": 1
268
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_header_names (http)": 1
269
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept (http)": 1
270
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept_enc (http)": 1
271
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_accept_lang (http)": 1
272
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_referer (http)": 1
273
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_content_len (http)": 1
274
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_content_len (http)": 1
275
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_content_type (http)": 2
276
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_content_type (http)": 2
277
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_protocol (http)": 1
278
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_protocol (http)": 1
279
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_start (http)": 4
280
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_start (http)": 4
281
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_raw_header (http)": 2
282
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_raw_header (http)": 2
283
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_method (http)": 2
284
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_cookie (http)": 2
285
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_cookie (http)": 2
286
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_user_agent (http)": 5
287
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver http_host (http)": 1
288
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient http_stat_code (http)": 1
289
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver dns_query (dns)": 4
290
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver tls.sni (tls)": 2
291
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_issuer (tls)": 2
292
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_subject (tls)": 2
293
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient tls.cert_serial (tls)": 1
294
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver ssh.proto (ssh)": 1
295
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient ssh.proto (ssh)": 1
296
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (smtp)": 6
297
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (http)": 6
298
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (smb)": 6
299
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (smb)": 6
300
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toserver file_data (http2)": 6
301
1/7/2021 -- 10:34:17 - <Perf> - AppLayer MPM "toclient file_data (http2)": 6
302
1/7/2021 -- 10:34:19 - <Config> - AutoFP mode using "Hash" flow load balancer
303
1/7/2021 -- 10:34:19 - <Info> - Using 1 live device(s).
304
1/7/2021 -- 10:34:19 - <Info> - using interface igb0
305
1/7/2021 -- 10:34:19 - <Info> - running in 'auto' checksum mode. Detection of interface state will require 1000ULL packets
306
1/7/2021 -- 10:34:19 - <Info> - Found an MTU of 1500 for 'igb0'
307
1/7/2021 -- 10:34:19 - <Info> - Set snaplen to 1524 for 'igb0'
308
1/7/2021 -- 10:34:19 - <Info> - RunModeIdsPcapAutoFp initialised
309
1/7/2021 -- 10:34:19 - <Config> - using 1 flow manager threads
310
1/7/2021 -- 10:34:19 - <Config> - using 1 flow recycler threads
311
1/7/2021 -- 10:34:19 - <Info> - Running in live mode, activating unix socket
312
1/7/2021 -- 10:34:19 - <Info> - Using unix socket file '/var/run/suricata/suricata-command.socket'
313
1/7/2021 -- 10:34:19 - <Notice> - all 13 packet processing threads, 4 management threads initialized, engine started.
314
1/7/2021 -- 10:34:36 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
315
^C1/7/2021 -- 10:50:25 - <Notice> - Signal Received.  Stopping engine.
316
1/7/2021 -- 10:50:25 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
317
1/7/2021 -- 10:51:26 - <Error> - [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - "RX#01-igb0". Killing engine
318
#
(1-1/2)