Warning: Output_interface not supplied by user. Falling back on default_output_interface "Console" 24/2/2015 -- 15:47:21 - - This is Suricata version 2.0.6 RELEASE 24/2/2015 -- 15:47:21 - - CPUs/cores online: 12 default-log-dir = /var/log/suricata/ unix-command = (null) unix-command.enabled = no outputs = (null) outputs.0 = fast outputs.0.fast = (null) outputs.0.fast.enabled = yes outputs.0.fast.filename = fast.log outputs.0.fast.append = yes outputs.1 = unified2-alert outputs.1.unified2-alert = (null) outputs.1.unified2-alert.enabled = no outputs.1.unified2-alert.filename = unified2.alert outputs.2 = http-log outputs.2.http-log = (null) outputs.2.http-log.enabled = yes outputs.2.http-log.filename = http.log outputs.2.http-log.append = yes outputs.3 = tls-log outputs.3.tls-log = (null) outputs.3.tls-log.enabled = no outputs.3.tls-log.filename = tls.log outputs.3.tls-log.certs-log-dir = certs outputs.4 = pcap-info outputs.4.pcap-info = (null) outputs.4.pcap-info.enabled = no outputs.5 = pcap-log outputs.5.pcap-log = (null) outputs.5.pcap-log.enabled = no outputs.5.pcap-log.filename = log.pcap outputs.5.pcap-log.limit = 1000mb outputs.5.pcap-log.max-files = 2000 outputs.5.pcap-log.mode = normal outputs.5.pcap-log.use-stream-depth = no outputs.6 = alert-debug outputs.6.alert-debug = (null) outputs.6.alert-debug.enabled = no outputs.6.alert-debug.filename = alert-debug.log outputs.6.alert-debug.append = yes outputs.7 = alert-prelude outputs.7.alert-prelude = (null) outputs.7.alert-prelude.enabled = no outputs.7.alert-prelude.profile = suricata outputs.7.alert-prelude.log-packet-content = no outputs.7.alert-prelude.log-packet-header = yes outputs.8 = stats outputs.8.stats = (null) outputs.8.stats.enabled = yes outputs.8.stats.filename = stats.log outputs.8.stats.interval = 300 outputs.9 = syslog outputs.9.syslog = (null) outputs.9.syslog.enabled = no outputs.9.syslog.facility = local5 outputs.10 = drop outputs.10.drop = (null) outputs.10.drop.enabled = no outputs.10.drop.filename = drop.log outputs.10.drop.append = yes outputs.11 = file-store outputs.11.file-store = (null) outputs.11.file-store.enabled = no outputs.11.file-store.log-dir = files outputs.11.file-store.force-magic = no outputs.11.file-store.force-md5 = no outputs.12 = file-log outputs.12.file-log = (null) outputs.12.file-log.enabled = no outputs.12.file-log.filename = files-json.log outputs.12.file-log.append = yes outputs.12.file-log.force-magic = no outputs.12.file-log.force-md5 = no magic-file = /usr/share/file/magic nfq = af-packet = (null) af-packet.0 = interface af-packet.0.interface = eth0 af-packet.0.threads = 1 af-packet.0.cluster-id = 99 af-packet.0.cluster-type = cluster_flow af-packet.0.defrag = yes af-packet.0.use-mmap = yes af-packet.1 = interface af-packet.1.interface = eth1 af-packet.1.threads = 1 af-packet.1.cluster-id = 98 af-packet.1.cluster-type = cluster_flow af-packet.1.defrag = yes af-packet.2 = interface af-packet.2.interface = default detect-engine = (null) detect-engine.0 = profile detect-engine.0.profile = medium detect-engine.1 = custom-values detect-engine.1.custom-values = (null) detect-engine.1.custom-values.toclient-src-groups = 2 detect-engine.1.custom-values.toclient-dst-groups = 2 detect-engine.1.custom-values.toclient-sp-groups = 2 detect-engine.1.custom-values.toclient-dp-groups = 3 detect-engine.1.custom-values.toserver-src-groups = 2 detect-engine.1.custom-values.toserver-dst-groups = 4 detect-engine.1.custom-values.toserver-sp-groups = 2 detect-engine.1.custom-values.toserver-dp-groups = 25 detect-engine.2 = sgh-mpm-context detect-engine.2.sgh-mpm-context = auto detect-engine.3 = inspection-recursion-limit detect-engine.3.inspection-recursion-limit = 3000 threading = (null) threading.set-cpu-affinity = yes threading.cpu-affinity = (null) threading.cpu-affinity.0 = management-cpu-set threading.cpu-affinity.0.management-cpu-set = (null) threading.cpu-affinity.0.management-cpu-set.cpu = (null) threading.cpu-affinity.0.management-cpu-set.cpu.0 = 0 threading.cpu-affinity.1 = receive-cpu-set threading.cpu-affinity.1.receive-cpu-set = (null) threading.cpu-affinity.1.receive-cpu-set.cpu = (null) threading.cpu-affinity.1.receive-cpu-set.cpu.0 = 1 threading.cpu-affinity.2 = decode-cpu-set threading.cpu-affinity.2.decode-cpu-set = (null) threading.cpu-affinity.2.decode-cpu-set.cpu = (null) threading.cpu-affinity.2.decode-cpu-set.cpu.0 = 2 threading.cpu-affinity.2.decode-cpu-set.mode = balanced threading.cpu-affinity.3 = stream-cpu-set threading.cpu-affinity.3.stream-cpu-set = (null) threading.cpu-affinity.3.stream-cpu-set.cpu = (null) threading.cpu-affinity.3.stream-cpu-set.cpu.0 = 0-4 threading.cpu-affinity.4 = detect-cpu-set threading.cpu-affinity.4.detect-cpu-set = (null) threading.cpu-affinity.4.detect-cpu-set.cpu = (null) threading.cpu-affinity.4.detect-cpu-set.cpu.0 = 6 threading.cpu-affinity.4.detect-cpu-set.cpu.1 = 7 threading.cpu-affinity.4.detect-cpu-set.cpu.2 = 8 threading.cpu-affinity.4.detect-cpu-set.mode = exclusive threading.cpu-affinity.4.detect-cpu-set.threads = 3 threading.cpu-affinity.4.detect-cpu-set.prio = (null) threading.cpu-affinity.4.detect-cpu-set.prio.low = (null) threading.cpu-affinity.4.detect-cpu-set.prio.low.0 = 0-4 threading.cpu-affinity.4.detect-cpu-set.prio.medium = (null) threading.cpu-affinity.4.detect-cpu-set.prio.medium.0 = 5-23 threading.cpu-affinity.4.detect-cpu-set.prio.default = medium threading.cpu-affinity.5 = verdict-cpu-set threading.cpu-affinity.5.verdict-cpu-set = (null) threading.cpu-affinity.5.verdict-cpu-set.cpu = (null) threading.cpu-affinity.5.verdict-cpu-set.cpu.0 = 0 threading.cpu-affinity.5.verdict-cpu-set.prio = (null) threading.cpu-affinity.5.verdict-cpu-set.prio.default = high threading.cpu-affinity.6 = reject-cpu-set threading.cpu-affinity.6.reject-cpu-set = (null) threading.cpu-affinity.6.reject-cpu-set.cpu = (null) threading.cpu-affinity.6.reject-cpu-set.cpu.0 = 0 threading.cpu-affinity.6.reject-cpu-set.prio = (null) threading.cpu-affinity.6.reject-cpu-set.prio.default = low threading.cpu-affinity.7 = output-cpu-set threading.cpu-affinity.7.output-cpu-set = (null) threading.cpu-affinity.7.output-cpu-set.cpu = (null) threading.cpu-affinity.7.output-cpu-set.cpu.0 = 0 threading.cpu-affinity.7.output-cpu-set.prio = (null) threading.cpu-affinity.7.output-cpu-set.prio.default = medium threading.detect-thread-ratio = 1.5 cuda = (null) cuda.0 = mpm cuda.0.mpm = (null) cuda.0.mpm.packet-buffer-limit = 2400 cuda.0.mpm.packet-size-limit = 1500 cuda.0.mpm.packet-buffers = 10 cuda.0.mpm.batching-timeout = 1 cuda.0.mpm.page-locked = enabled cuda.0.mpm.device-id = 0 cuda.0.mpm.cuda-streams = 2 mpm-algo = ac pattern-matcher = (null) pattern-matcher.0 = b2gc pattern-matcher.0.b2gc = (null) pattern-matcher.0.b2gc.search-algo = B2gSearchBNDMq pattern-matcher.0.b2gc.hash-size = low pattern-matcher.0.b2gc.bf-size = medium pattern-matcher.1 = b2gm pattern-matcher.1.b2gm = (null) pattern-matcher.1.b2gm.search-algo = B2gSearchBNDMq pattern-matcher.1.b2gm.hash-size = low pattern-matcher.1.b2gm.bf-size = medium pattern-matcher.2 = b2g pattern-matcher.2.b2g = (null) pattern-matcher.2.b2g.search-algo = B2gSearchBNDMq pattern-matcher.2.b2g.hash-size = low pattern-matcher.2.b2g.bf-size = medium pattern-matcher.3 = b3g pattern-matcher.3.b3g = (null) pattern-matcher.3.b3g.search-algo = B3gSearchBNDMq pattern-matcher.3.b3g.hash-size = low pattern-matcher.3.b3g.bf-size = medium pattern-matcher.4 = wumanber pattern-matcher.4.wumanber = (null) pattern-matcher.4.wumanber.hash-size = low pattern-matcher.4.wumanber.bf-size = medium defrag = (null) defrag.memcap = 32mb defrag.hash-size = 65536 defrag.trackers = 65535 defrag.max-frags = 65535 defrag.prealloc = yes defrag.timeout = 60 flow = (null) flow.memcap = 512mb flow.hash-size = 65536 flow.prealloc = 10000 flow.emergency-recovery = 30 flow-timeouts = (null) flow-timeouts.default = (null) flow-timeouts.default.new = 30 flow-timeouts.default.established = 300 flow-timeouts.default.closed = 0 flow-timeouts.default.emergency-new = 10 flow-timeouts.default.emergency-established = 100 flow-timeouts.default.emergency-closed = 0 flow-timeouts.tcp = (null) flow-timeouts.tcp.new = 60 flow-timeouts.tcp.established = 3600 flow-timeouts.tcp.closed = 120 flow-timeouts.tcp.emergency-new = 10 flow-timeouts.tcp.emergency-established = 300 flow-timeouts.tcp.emergency-closed = 20 flow-timeouts.udp = (null) flow-timeouts.udp.new = 30 flow-timeouts.udp.established = 300 flow-timeouts.udp.emergency-new = 10 flow-timeouts.udp.emergency-established = 100 flow-timeouts.icmp = (null) flow-timeouts.icmp.new = 30 flow-timeouts.icmp.established = 300 flow-timeouts.icmp.emergency-new = 10 flow-timeouts.icmp.emergency-established = 100 stream = (null) stream.memcap = 128mb stream.checksum-validation = yes stream.inline = auto stream.reassembly = (null) stream.reassembly.memcap = 64mb stream.reassembly.depth = 1mb stream.reassembly.toserver-chunk-size = 2560 stream.reassembly.toclient-chunk-size = 2560 host = (null) host.hash-size = 4096 host.prealloc = 1000 host.memcap = 16777216 logging = (null) logging.default-log-level = info logging.default-output-filter = logging.outputs = (null) logging.outputs.0 = console logging.outputs.0.console = (null) logging.outputs.0.console.enabled = no logging.outputs.1 = file logging.outputs.1.file = (null) logging.outputs.1.file.enabled = no logging.outputs.1.file.filename = /var/log/suricata.log logging.outputs.2 = syslog logging.outputs.2.syslog = (null) logging.outputs.2.syslog.enabled = no logging.outputs.2.syslog.facility = local5 logging.outputs.2.syslog.format = [%i] <%d> -- pfring = (null) pfring.0 = interface pfring.0.interface = eth0 pfring.0.threads = 1 pfring.0.cluster-id = 99 pfring.0.cluster-type = cluster_flow pfring.1 = interface pfring.1.interface = default pcap = (null) pcap.0 = interface pcap.0.interface = eth0 pcap.1 = interface pcap.1.interface = default ipfw = default-rule-path = /etc/suricata/rules rule-files = (null) rule-files.0 = hackingtools.rules rule-files.1 = malware.rules rule-files.2 = policy.rules rule-files.3 = threats.rules rule-files.4 = uri-apt.rules rule-files.5 = apt-gen-list.rules rule-files.6 = SQLi.rules classification-file = /etc/suricata/classification.config reference-config-file = /etc/suricata/reference.config vars = (null) vars.address-groups = (null) vars.address-groups.HOME_NET = [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12] vars.address-groups.EXTERNAL_NET = !$HOME_NET vars.address-groups.HTTP_SERVERS = $HOME_NET vars.address-groups.SMTP_SERVERS = $HOME_NET vars.address-groups.SQL_SERVERS = $HOME_NET vars.address-groups.DNS_SERVERS = $HOME_NET vars.address-groups.TELNET_SERVERS = $HOME_NET vars.address-groups.AIM_SERVERS = $EXTERNAL_NET vars.address-groups.DNP3_SERVER = $HOME_NET vars.address-groups.DNP3_CLIENT = $HOME_NET vars.address-groups.MODBUS_CLIENT = $HOME_NET vars.address-groups.MODBUS_SERVER = $HOME_NET vars.address-groups.ENIP_CLIENT = $HOME_NET vars.address-groups.ENIP_SERVER = $HOME_NET vars.port-groups = (null) vars.port-groups.HTTP_PORTS = 80 vars.port-groups.SHELLCODE_PORTS = !80 vars.port-groups.ORACLE_PORTS = 1521 vars.port-groups.SSH_PORTS = 22 vars.port-groups.DNP3_PORTS = 20000 action-order = (null) action-order.0 = pass action-order.1 = drop action-order.2 = reject action-order.3 = alert host-os-policy = (null) host-os-policy.windows = (null) host-os-policy.windows.0 = 0.0.0.0/0 host-os-policy.bsd = (null) host-os-policy.bsd-right = (null) host-os-policy.old-linu0x = (null) host-os-policy.linux = (null) host-os-policy.old-solaris = (null) host-os-policy.solaris = (null) host-os-policy.solaris.0 = ::1 host-os-policy.hpux10 = (null) host-os-policy.hpux11 = (null) host-os-policy.irix = (null) host-os-policy.macos = (null) host-os-policy.vista = (null) host-os-policy.windows2k3 = (null) asn1-max-frames = 256 engine-analysis = (null) engine-analysis.rules-fast-pattern = yes engine-analysis.rules = yes pcre = (null) pcre.match-limit = 3500 pcre.match-limit-recursion = 1500 libhtp = (null) libhtp.default-config = (null) libhtp.default-config.personality = IDS libhtp.default-config.request-body-limit = 3072 libhtp.default-config.response-body-limit = 3072 libhtp.default-config.request-body-minimal-inspect-size = 32kb libhtp.default-config.request-body-inspect-window = 4kb libhtp.default-config.response-body-minimal-inspect-size = 32kb libhtp.default-config.response-body-inspect-window = 4kb libhtp.default-config.double-decode-path = no libhtp.default-config.double-decode-query = no libhtp.server-config = (null) libhtp.server-config.0 = apache libhtp.server-config.0.apache = (null) libhtp.server-config.0.apache.address = (null) libhtp.server-config.0.apache.personality = Apache_2_2 libhtp.server-config.0.apache.request-body-limit = 4096 libhtp.server-config.0.apache.response-body-limit = 4096 libhtp.server-config.0.apache.double-decode-path = no libhtp.server-config.0.apache.double-decode-query = no libhtp.server-config.1 = iis7 libhtp.server-config.1.iis7 = (null) libhtp.server-config.1.iis7.address = (null) libhtp.server-config.1.iis7.personality = IIS_7_0 libhtp.server-config.1.iis7.request-body-limit = 4096 libhtp.server-config.1.iis7.response-body-limit = 4096 libhtp.server-config.1.iis7.double-decode-path = no libhtp.server-config.1.iis7.double-decode-query = no profiling = (null) profiling.rules = (null) profiling.rules.enabled = yes profiling.rules.filename = rule_perf.log profiling.rules.append = yes profiling.rules.sort = avgticks profiling.rules.limit = 100 profiling.packets = (null) profiling.packets.enabled = yes profiling.packets.filename = packet_stats.log profiling.packets.append = yes profiling.packets.csv = (null) profiling.packets.csv.enabled = no profiling.packets.csv.filename = packet_stats.csv profiling.locks = (null) profiling.locks.enabled = no profiling.locks.filename = lock_stats.log profiling.locks.append = yes coredump = (null) coredump.max-dump = unlimited napatech = (null) napatech.hba = -1 napatech.use-all-streams = yes napatech.streams = (null) napatech.streams.0 = 1 napatech.streams.1 = 2 napatech.streams.2 = 3