[root@suricata ~]# suricata -c /etc/suricata/suricata.yaml -s /var/data/sahil/md5.rules --af-packet=ens160 -vvvv Initialization syslog logging with format "[%i] <%d> -- ". 27/6/2016 -- 10:04:34 - - This is Suricata version 3.1 RELEASE 27/6/2016 -- 10:04:34 - - CPUs/cores online: 8 27/6/2016 -- 10:04:34 - - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 27/6/2016 -- 10:04:34 - - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization. Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization. Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-inspect-window' set to 16872 after randomization. 27/6/2016 -- 10:04:34 - - DNS request flood protection level: 500 27/6/2016 -- 10:04:34 - - DNS per flow memcap (state-memcap): 524288 27/6/2016 -- 10:04:34 - - DNS global memcap: 16777216 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- DNS request flood protection level: 500 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- DNS per flow memcap (state-memcap): 524288 Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- DNS request flood protection level: 500 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- DNS global memcap: 16777216 Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- DNS per flow memcap (state-memcap): 524288 27/6/2016 -- 10:04:34 - - Protocol detection and parser disabled for modbus protocol. Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- DNS global memcap: 16777216 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:34 EDT): suricata[16650]: [16650] -- Protocol detection and parser disabled for modbus protocol. Message from syslogd@suricata at Jun 27 10:04:34 ... suricata:[16650] -- Protocol detection and parser disabled for modbus protocol. 27/6/2016 -- 10:04:34 - - Found an MTU of 1500 for 'ens160' 27/6/2016 -- 10:04:35 - - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT): suricata[16650]: [16650] -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 Message from syslogd@suricata at Jun 27 10:04:35 ... suricata:[16650] -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 27/6/2016 -- 10:04:35 - - preallocated 65535 defrag trackers of size 168 27/6/2016 -- 10:04:35 - - defrag memory usage: 14679896 bytes, maximum: 4294967296 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT): suricata[16650]: [16650] -- preallocated 65535 defrag trackers of size 168 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:35 EDT): suricata[16650]: [16650] -- defrag memory usage: 14679896 bytes, maximum: 4294967296 Message from syslogd@suricata at Jun 27 10:04:35 ... suricata:[16650] -- preallocated 65535 defrag trackers of size 168 Message from syslogd@suricata at Jun 27 10:04:35 ... suricata:[16650] -- defrag memory usage: 14679896 bytes, maximum: 4294967296 27/6/2016 -- 10:04:36 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 27/6/2016 -- 10:04:36 - - preallocated 1000 hosts of size 136 27/6/2016 -- 10:04:36 - - host memory usage: 398144 bytes, maximum: 16777216 27/6/2016 -- 10:04:36 - - using magic-file /usr/share/file/magic Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT): suricata[16650]: [16650] -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT): suricata[16650]: [16650] -- preallocated 1000 hosts of size 136 Message from syslogd@suricata at Jun 27 10:04:36 ... suricata:[16650] -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT): suricata[16650]: [16650] -- host memory usage: 398144 bytes, maximum: 16777216 Message from syslogd@suricata at Jun 27 10:04:36 ... suricata:[16650] -- preallocated 1000 hosts of size 136 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:36 EDT): suricata[16650]: [16650] -- using magic-file /usr/share/file/magic Message from syslogd@suricata at Jun 27 10:04:36 ... suricata:[16650] -- host memory usage: 398144 bytes, maximum: 16777216 Message from syslogd@suricata at Jun 27 10:04:36 ... suricata:[16650] -- using magic-file /usr/share/file/magic 27/6/2016 -- 10:04:37 - - Core dump size set to unlimited. Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:37 EDT): suricata[16650]: [16650] -- Core dump size set to unlimited. Message from syslogd@suricata at Jun 27 10:04:37 ... suricata:[16650] -- Core dump size set to unlimited. 27/6/2016 -- 10:04:38 - - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 27/6/2016 -- 10:04:38 - - preallocated 10000 flows of size 296 27/6/2016 -- 10:04:38 - - flow memory usage: 7154304 bytes, maximum: 67108864 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- preallocated 10000 flows of size 296 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- flow memory usage: 7154304 bytes, maximum: 67108864 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- preallocated 10000 flows of size 296 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- flow memory usage: 7154304 bytes, maximum: 67108864 27/6/2016 -- 10:04:38 - - stream "prealloc-sessions": 2048 (per thread) Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "prealloc-sessions": 2048 (per thread) 27/6/2016 -- 10:04:38 - - stream "memcap": 1073741824 27/6/2016 -- 10:04:38 - - stream "midstream" session pickups: disabled 27/6/2016 -- 10:04:38 - - stream "async-oneside": disabled 27/6/2016 -- 10:04:38 - - stream "checksum-validation": enabled 27/6/2016 -- 10:04:38 - - stream."inline": disabled 27/6/2016 -- 10:04:38 - - stream "max-synack-queued": 5 27/6/2016 -- 10:04:38 - - stream.reassembly "memcap": 1073741824 27/6/2016 -- 10:04:38 - - stream.reassembly "depth": 0 27/6/2016 -- 10:04:38 - - stream.reassembly "toserver-chunk-size": 2469 27/6/2016 -- 10:04:38 - - stream.reassembly "toclient-chunk-size": 2580 27/6/2016 -- 10:04:38 - - stream.reassembly.raw: enabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "memcap": 1073741824 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "prealloc-sessions": 2048 (per thread) Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "midstream" session pickups: disabled Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "memcap": 1073741824 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "async-oneside": disabled Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "midstream" session pickups: disabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "checksum-validation": enabled Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "async-oneside": disabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream."inline": disabled Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "checksum-validation": enabled 27/6/2016 -- 10:04:38 - - segment pool: pktsize 4, prealloc 256 27/6/2016 -- 10:04:38 - - segment pool: pktsize 16, prealloc 512 27/6/2016 -- 10:04:38 - - segment pool: pktsize 112, prealloc 512 27/6/2016 -- 10:04:38 - - segment pool: pktsize 248, prealloc 512 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream "max-synack-queued": 5 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream."inline": disabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "memcap": 1073741824 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "depth": 0 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "toserver-chunk-size": 2469 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream "max-synack-queued": 5 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "toclient-chunk-size": 2580 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "memcap": 1073741824 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "depth": 0 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly.raw: enabled 27/6/2016 -- 10:04:38 - - segment pool: pktsize 512, prealloc 512 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "toserver-chunk-size": 2469 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "toclient-chunk-size": 2580 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 4, prealloc 256 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly.raw: enabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 16, prealloc 512 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 112, prealloc 512 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 248, prealloc 512 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 512, prealloc 512 27/6/2016 -- 10:04:38 - - segment pool: pktsize 768, prealloc 1024 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 4, prealloc 256 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 16, prealloc 512 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 768, prealloc 1024 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 112, prealloc 512 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 248, prealloc 512 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 512, prealloc 512 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 768, prealloc 1024 27/6/2016 -- 10:04:38 - - segment pool: pktsize 1448, prealloc 1024 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 1448, prealloc 1024 27/6/2016 -- 10:04:38 - - segment pool: pktsize 65535, prealloc 128 27/6/2016 -- 10:04:38 - - stream.reassembly "chunk-prealloc": 250 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- segment pool: pktsize 65535, prealloc 128 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 1448, prealloc 1024 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "chunk-prealloc": 250 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- segment pool: pktsize 65535, prealloc 128 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "chunk-prealloc": 250 27/6/2016 -- 10:04:38 - - stream.reassembly "zero-copy-size": 128 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- stream.reassembly "zero-copy-size": 128 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- stream.reassembly "zero-copy-size": 128 27/6/2016 -- 10:04:38 - - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 27/6/2016 -- 10:04:38 - - preallocated 1000 ippairs of size 136 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 27/6/2016 -- 10:04:38 - - ippair memory usage: 398144 bytes, maximum: 16777216 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- preallocated 1000 ippairs of size 136 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- ippair memory usage: 398144 bytes, maximum: 16777216 27/6/2016 -- 10:04:38 - - Delayed detect disabled Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- preallocated 1000 ippairs of size 136 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- Delayed detect disabled 27/6/2016 -- 10:04:38 - - pattern matchers: MPM: ac, SPM: bm 27/6/2016 -- 10:04:38 - - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 27/6/2016 -- 10:04:38 - - grouping: udp-whitelist (default) 53, 135, 5060 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- pattern matchers: MPM: ac, SPM: bm Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- Delayed detect disabled Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- pattern matchers: MPM: ac, SPM: bm Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:38 EDT): suricata[16650]: [16650] -- grouping: udp-whitelist (default) 53, 135, 5060 27/6/2016 -- 10:04:38 - - Loading reputation file: /etc/suricata/iprep/badhosts.list Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 Message from syslogd@suricata at Jun 27 10:04:38 ... suricata:[16650] -- grouping: udp-whitelist (default) 53, 135, 5060 27/6/2016 -- 10:04:39 - - host memory usage: 13307672 bytes, maximum: 16777216 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:04:39 EDT): suricata[16650]: [16650] -- host memory usage: 13307672 bytes, maximum: 16777216 Message from syslogd@suricata at Jun 27 10:04:39 ... suricata:[16650] -- host memory usage: 13307672 bytes, maximum: 16777216 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/botcc.rules 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/ciarmy.rules 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/compromised.rules 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/drop.rules 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/dshield.rules 27/6/2016 -- 10:04:39 - - Loading rule file: /etc/suricata/rules/emerging-activex.rules 27/6/2016 -- 10:04:40 - - Loading rule file: /etc/suricata/rules/emerging-attack_response.rules 27/6/2016 -- 10:04:40 - - Loading rule file: /etc/suricata/rules/emerging-chat.rules 27/6/2016 -- 10:04:40 - - Loading rule file: /etc/suricata/rules/emerging-current_events.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-dns.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-dos.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-exploit.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-ftp.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-games.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules 27/6/2016 -- 10:04:41 - - Loading rule file: /etc/suricata/rules/emerging-malware.rules 27/6/2016 -- 10:04:42 - - Loading rule file: /etc/suricata/rules/emerging-misc.rules 27/6/2016 -- 10:04:42 - - Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules 27/6/2016 -- 10:04:42 - - Loading rule file: /etc/suricata/rules/emerging-p2p.rules 27/6/2016 -- 10:04:42 - - Loading rule file: /etc/suricata/rules/emerging-policy.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-rpc.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-scada.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-scan.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-shellcode.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-smtp.rules 27/6/2016 -- 10:04:43 - - Loading rule file: /etc/suricata/rules/emerging-sql.rules 27/6/2016 -- 10:04:46 - - Loading rule file: /etc/suricata/rules/emerging-trojan.rules 27/6/2016 -- 10:05:12 - - Loading rule file: /etc/suricata/rules/emerging-user_agents.rules 27/6/2016 -- 10:05:13 - - Loading rule file: /etc/suricata/rules/emerging-web_client.rules 27/6/2016 -- 10:05:14 - - Loading rule file: /etc/suricata/rules/emerging-web_server.rules 27/6/2016 -- 10:05:20 - - Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rules 27/6/2016 -- 10:05:47 - - Loading rule file: /etc/suricata/rules/emerging-worm.rules 27/6/2016 -- 10:05:47 - - Loading rule file: /etc/suricata/rules/tor.rules 27/6/2016 -- 10:05:48 - - Loading rule file: /etc/suricata/rules/local.rules 27/6/2016 -- 10:05:48 - - Loading rule file: /etc/suricata/rules/cnc.rules 27/6/2016 -- 10:05:50 - - Loading rule file: /etc/suricata/rules/attack.rules 27/6/2016 -- 10:06:00 - - Loading rule file: /etc/suricata/rules/phishing.rules 27/6/2016 -- 10:07:23 - - Loading rule file: /etc/suricata/rules/fraud.rules 27/6/2016 -- 10:07:23 - - Loading rule file: /etc/suricata/rules/malware.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/decoder-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/stream-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/http-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/smtp-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/dns-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/tls-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /etc/suricata/rules/app-layer-events.rules 27/6/2016 -- 10:07:24 - - Loading rule file: /var/data/sahil/md5.rules 27/6/2016 -- 10:07:24 - - MD5 hash size 2097664 bytes 27/6/2016 -- 10:07:25 - - MD5 hash size 2097664 bytes 27/6/2016 -- 10:07:25 - - 47 rule files processed. 72869 rules successfully loaded, 0 rules failed 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for tcp-packet 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for tcp-stream 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for udp-packet 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for other-ip 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_uri 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_raw_uri 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_user_agent 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_raw_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_raw_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_method 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for file_data Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for tcp-packet 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for file_data Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for tcp-stream 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_stat_msg Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for udp-packet Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for tcp-packet Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for tcp-stream 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_stat_code Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for other-ip Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for udp-packet 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_client_body Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_uri Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for other-ip 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_host Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_raw_uri Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_uri 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_raw_host Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_header Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_raw_uri 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_cookie Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_header Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for http_cookie Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_user_agent Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_header 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for dns_query Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_raw_header Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_user_agent 27/6/2016 -- 10:07:33 - - using shared mpm ctx' for tls_sni Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_raw_header Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_raw_header Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_method Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_raw_header Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for file_data Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_method Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for file_data Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for file_data Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_stat_msg Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for file_data Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_stat_code Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_stat_msg Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_stat_code Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_client_body Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_host Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_client_body Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_raw_host Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_host Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_cookie Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_raw_host Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for http_cookie Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_cookie Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for dns_query Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for http_cookie Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- using shared mpm ctx' for tls_sni Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for dns_query Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- using shared mpm ctx' for tls_sni 27/6/2016 -- 10:07:33 - - 72877 signatures processed. 1205 are IP-only rules, 60423 are inspecting packet payload, 13475 inspect application layer, 100 are decoder event only 27/6/2016 -- 10:07:33 - - building signature grouping structure, stage 1: preprocessing rules... complete Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- building signature grouping structure, stage 1: preprocessing rules... complete Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- building signature grouping structure, stage 1: preprocessing rules... complete 27/6/2016 -- 10:07:33 - - TCP toserver: 41 port groups, 41 unique SGH's, 0 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- TCP toserver: 41 port groups, 41 unique SGH's, 0 copies Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- TCP toserver: 41 port groups, 41 unique SGH's, 0 copies 27/6/2016 -- 10:07:33 - - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies 27/6/2016 -- 10:07:33 - - UDP toserver: 41 port groups, 30 unique SGH's, 11 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- UDP toserver: 41 port groups, 30 unique SGH's, 11 copies Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- UDP toserver: 41 port groups, 30 unique SGH's, 11 copies 27/6/2016 -- 10:07:33 - - UDP toclient: 21 port groups, 12 unique SGH's, 9 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:33 EDT): suricata[16650]: [16650] -- UDP toclient: 21 port groups, 12 unique SGH's, 9 copies Message from syslogd@suricata at Jun 27 10:07:33 ... suricata:[16650] -- UDP toclient: 21 port groups, 12 unique SGH's, 9 copies 27/6/2016 -- 10:07:34 - - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:34 EDT): suricata[16650]: [16650] -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies Message from syslogd@suricata at Jun 27 10:07:34 ... suricata:[16650] -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies 27/6/2016 -- 10:07:34 - - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:34 EDT): suricata[16650]: [16650] -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies Message from syslogd@suricata at Jun 27 10:07:34 ... suricata:[16650] -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies 27/6/2016 -- 10:07:51 - - Unique rule groups: 107 27/6/2016 -- 10:07:51 - - Builtin MPM "toserver TCP packet": 29 27/6/2016 -- 10:07:51 - - Builtin MPM "toclient TCP packet": 20 27/6/2016 -- 10:07:51 - - Builtin MPM "toserver TCP stream": 33 27/6/2016 -- 10:07:51 - - Builtin MPM "toclient TCP stream": 21 27/6/2016 -- 10:07:51 - - Builtin MPM "toserver UDP packet": 29 27/6/2016 -- 10:07:51 - - Builtin MPM "toclient UDP packet": 11 27/6/2016 -- 10:07:51 - - Builtin MPM "other IP packet": 2 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_uri": 10 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_raw_uri": 2 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_header": 9 27/6/2016 -- 10:07:51 - - AppLayer MPM "toclient http_header": 4 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_user_agent": 3 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Unique rule groups: 107 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_raw_header": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toserver TCP packet": 29 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Unique rule groups: 107 27/6/2016 -- 10:07:51 - - AppLayer MPM "toclient http_raw_header": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toclient TCP packet": 20 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toserver TCP packet": 29 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_method": 4 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toserver TCP stream": 33 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toclient TCP packet": 20 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toclient TCP stream": 21 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver file_data": 1 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toserver TCP stream": 33 27/6/2016 -- 10:07:51 - - AppLayer MPM "toclient file_data": 5 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toserver UDP packet": 29 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toclient TCP stream": 21 27/6/2016 -- 10:07:51 - - AppLayer MPM "toclient http_stat_code": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "toclient UDP packet": 11 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toserver UDP packet": 29 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_client_body": 6 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- Builtin MPM "other IP packet": 2 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "toclient UDP packet": 11 27/6/2016 -- 10:07:51 - - AppLayer MPM "toserver http_cookie": 2 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_uri": 10 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- Builtin MPM "other IP packet": 2 27/6/2016 -- 10:07:51 - - AppLayer MPM "toclient http_cookie": 3 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_raw_uri": 2 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_uri": 10 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_header": 9 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_raw_uri": 2 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toclient http_header": 4 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_header": 9 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_user_agent": 3 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toclient http_header": 4 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_raw_header": 1 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_user_agent": 3 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toclient http_raw_header": 1 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_raw_header": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_method": 4 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toclient http_raw_header": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver file_data": 1 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_method": 4 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toclient file_data": 5 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver file_data": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toclient http_stat_code": 1 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_client_body": 6 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toserver http_cookie": 2 Broadcast message from systemd-journald@suricata (Mon 2016-06-27 10:07:51 EDT): suricata[16650]: [16650] -- AppLayer MPM "toclient http_cookie": 3 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toclient file_data": 5 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toclient http_stat_code": 1 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_client_body": 6 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toserver http_cookie": 2 Message from syslogd@suricata at Jun 27 10:07:51 ... suricata:[16650] -- AppLayer MPM "toclient http_cookie": 3 27/6/2016 -- 10:13:23 - - [ERRCODE: SC_ERR_MEM_ALLOC(1)] - SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes 27/6/2016 -- 10:13:23 - - [ERRCODE: SC_ERR_FATAL(171)] - Out of memory. The engine cannot be initialized. Exiting...