[1633] 27/2/2018 -- 20:27:17 - (suricata.c:1107) (LogVersion) -- This is Suricata version 4.0.0-dev [1633] 27/2/2018 -- 20:27:17 - (util-cpu.c:171) (UtilCpuPrintSummary) -- CPUs/cores online: 4 [1633] 27/2/2018 -- 20:27:17 - (util-device.c:252) (LiveBuildDeviceListCustom) -- Adding interface enp10s0 from config file [1633] 27/2/2018 -- 20:27:17 - (app-layer-htp.c:2251) (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 31994 and 'request-body-inspect-window' set to 3967 after randomization. [1633] 27/2/2018 -- 20:27:17 - (app-layer-htp.c:2269) (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 42393 and 'response-body-inspect-window' set to 16583 after randomization. [1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:360) (DNSUDPConfigure) -- DNS request flood protection level: 500 [1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:372) (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288 [1633] 27/2/2018 -- 20:27:17 - (app-layer-dns-udp.c:384) (DNSUDPConfigure) -- DNS global memcap: 16777216 [1633] 27/2/2018 -- 20:27:17 - (app-layer-modbus.c:1521) (RegisterModbusParsers) -- Protocol detection and parser disabled for modbus protocol. [1633] 27/2/2018 -- 20:27:17 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'enp10s0' [1633] 27/2/2018 -- 20:27:17 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'enp10s0' [1634] 27/2/2018 -- 20:27:17 - (host.c:213) (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 [1634] 27/2/2018 -- 20:27:17 - (host.c:236) (HostInitConfig) -- preallocated 1000 hosts of size 136 [1634] 27/2/2018 -- 20:27:17 - (host.c:238) (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 33554432 [1634] 27/2/2018 -- 20:27:17 - (util-coredump-config.c:129) (CoredumpLoadConfig) -- Core dump size set to unlimited. [1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:208) (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 [1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:233) (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168 [1634] 27/2/2018 -- 20:27:17 - (defrag-hash.c:240) (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:366) (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:382) (StreamTcpInitConfig) -- stream "memcap": 67108864 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:388) (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:394) (StreamTcpInitConfig) -- stream "async-oneside": disabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:411) (StreamTcpInitConfig) -- stream "checksum-validation": enabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:439) (StreamTcpInitConfig) -- stream."inline": disabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:452) (StreamTcpInitConfig) -- stream "bypass": disabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:474) (StreamTcpInitConfig) -- stream "max-synack-queued": 5 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:492) (StreamTcpInitConfig) -- stream.reassembly "memcap": 268435456 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:510) (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:586) (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2439 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:588) (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2588 [1634] 27/2/2018 -- 20:27:17 - (stream-tcp.c:600) (StreamTcpInitConfig) -- stream.reassembly.raw: enabled [1634] 27/2/2018 -- 20:27:17 - (stream-tcp-reassemble.c:354) (StreamTcpReassemblyConfig) -- stream.reassembly "segment-prealloc": 2048 [1634] 27/2/2018 -- 20:27:17 - (suricata.c:2407) (SetupDelayedDetect) -- Delayed detect disabled [1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1025) (DetectEngineCtxInitReal) -- pattern matchers: MPM: hs, SPM: hs [1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1421) (DetectEngineCtxLoadConf) -- grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080 [1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1445) (DetectEngineCtxLoadConf) -- grouping: udp-whitelist (default) 53, 135, 5060 [1634] 27/2/2018 -- 20:27:17 - (detect-engine.c:1473) (DetectEngineCtxLoadConf) -- prefilter engines: MPM [1634] 27/2/2018 -- 20:27:17 - (reputation.c:609) (SRepInit) -- IP reputation disabled [1634] 27/2/2018 -- 20:27:17 - (detect.c:425) (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tss.rules [1634] 27/2/2018 -- 20:27:29 - (detect.c:410) (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/custom.rules [1634] 27/2/2018 -- 20:27:29 - (detect.c:496) (SigLoadSignatures) -- No rules loaded from custom.rules. [1634] 27/2/2018 -- 20:27:29 - (detect.c:529) (SigLoadSignatures) -- 2 rule files processed. 17847 rules successfully loaded, 0 rules failed [1634] 27/2/2018 -- 20:27:29 - (util-threshold-config.c:1184) (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-packet [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) (SetupBuiltinMpm) -- using shared mpm ctx' for tcp-stream [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) (SetupBuiltinMpm) -- using shared mpm ctx' for udp-packet [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:210) (SetupBuiltinMpm) -- using shared mpm ctx' for other-ip [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_uri [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_request_line [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_client_body [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_response_line [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_header_names [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_enc [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_accept_lang [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_referer [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_connection [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_len [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_content_type [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_protocol [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_start [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_header [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_method [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_cookie [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_uri [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_user_agent [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_host [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_raw_host [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_msg [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for http_stat_code [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dns_query [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_sni [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_issuer [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_subject [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for tls_cert_serial [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for dce_stub_data [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_protocol [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_protocol [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for ssh_software [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [1634] 27/2/2018 -- 20:27:29 - (detect-engine-mpm.c:155) (DetectMpmInitializeAppMpms) -- using shared mpm ctx' for file_data [1634] 27/2/2018 -- 20:27:29 - (detect.c:3060) (SigAddressPrepareStage1) -- 18213 signatures processed. 1887 are IP-only rules, 5680 are inspecting packet payload, 12650 inspect application layer, 0 are decoder event only [1634] 27/2/2018 -- 20:27:29 - (detect.c:3063) (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete [1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) (RulesGroupByPorts) -- TCP toserver: 41 port groups, 40 unique SGH's, 1 copies [1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) (RulesGroupByPorts) -- TCP toclient: 21 port groups, 21 unique SGH's, 0 copies [1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) (RulesGroupByPorts) -- UDP toserver: 41 port groups, 31 unique SGH's, 10 copies [1634] 27/2/2018 -- 20:27:30 - (detect.c:2902) (RulesGroupByPorts) -- UDP toclient: 21 port groups, 15 unique SGH's, 6 copies [1634] 27/2/2018 -- 20:27:30 - (detect.c:2648) (RulesGroupByProto) -- OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies [1634] 27/2/2018 -- 20:27:30 - (detect.c:2685) (RulesGroupByProto) -- OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies [1634] 27/2/2018 -- 20:27:31 - (detect.c:3428) (SigAddressPrepareStage4) -- Unique rule groups: 110 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toserver TCP packet": 30 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toclient TCP packet": 20 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toserver TCP stream": 31 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toclient TCP stream": 21 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toserver UDP packet": 31 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "toclient UDP packet": 14 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:858) (MpmStoreReportStats) -- Builtin MPM "other IP packet": 2 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_uri": 8 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_request_line": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_client_body": 6 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient http_response_line": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_header": 6 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient http_header": 3 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_header_names": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_accept": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_referer": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_len": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_content_type": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient http_content_type": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_header": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient http_raw_header": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_method": 2 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_cookie": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient http_cookie": 2 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_raw_uri": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_user_agent": 4 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver http_host": 2 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver dns_query": 4 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver tls_sni": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_issuer": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_subject": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient tls_cert_serial": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver ssh_protocol": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toserver file_data": 1 [1634] 27/2/2018 -- 20:27:31 - (detect-engine-mpm.c:865) (MpmStoreReportStats) -- AppLayer MPM "toclient file_data": 5 [1634] 27/2/2018 -- 20:27:38 - (util-logopenfile.c:530) (SCConfLogOpenGeneric) -- Setting logging socket of non-blocking in live mode. [1634] 27/2/2018 -- 20:27:38 - (util-logopenfile.c:535) (SCConfLogOpenGeneric) -- eve-log output device (unix_stream) initialized: dmutmd_fastlog.sck [1634] 27/2/2018 -- 20:27:38 - (runmodes.c:604) (RunModeInitializeEveOutput) -- enabling 'eve-log' module 'alert' [1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:421) (ParseAFPConfig) -- 4 cores, so using 4 threads [1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:434) (ParseAFPConfig) -- Using 4 AF_PACKET threads for interface enp10s0 [1634] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) (AFPGetDevLinktype) -- sa_family = 1 [1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:435) (DisableIfaceOffloadingLinux) -- enp10s0: disabling gro offloading [1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:442) (DisableIfaceOffloadingLinux) -- enp10s0: disabling tso offloading [1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:449) (DisableIfaceOffloadingLinux) -- enp10s0: disabling gso offloading [1634] 27/2/2018 -- 20:27:38 - (util-ioctl.c:456) (DisableIfaceOffloadingLinux) -- enp10s0: disabling sg offloading [1634] 27/2/2018 -- 20:27:38 - (runmode-af-packet.c:491) (ParseAFPConfig) -- enp10s0: enabling zero copy mode by using data release call [1634] 27/2/2018 -- 20:27:38 - (util-runmodes.c:296) (RunModeSetLiveCaptureWorkersForDevice) -- Going to use 4 thread(s) [1634] 27/2/2018 -- 20:27:38 - (flow-manager.c:828) (FlowManagerThreadSpawn) -- using 1 flow manager threads [1634] 27/2/2018 -- 20:27:38 - (flow-manager.c:992) (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads [1634] 27/2/2018 -- 20:27:38 - (unix-manager.c:124) (UnixNew) -- Using unix socket file '/var/run/suricata/suricata-command.socket' [1634] 27/2/2018 -- 20:27:38 - (unix-manager.c:142) (UnixNew) -- Created socket directory /var/run/suricata/ [1634] 27/2/2018 -- 20:27:38 - (tm-threads.c:2182) (TmThreadWaitOnThreadInit) -- all 4 packet processing threads, 2 management threads initialized, engine started. [1715] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 [1715] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) (AFPGetDevLinktype) -- sa_family = 1 [1716] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 [1716] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) (AFPGetDevLinktype) -- sa_family = 1 [1717] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 [1717] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) (AFPGetDevLinktype) -- sa_family = 1 [1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1651) (AFPComputeRingParams) -- AF_PACKET RX Ring params: block_size=32768 block_nr=26 frame_size=1600 frame_nr=520 [1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:1572) (AFPGetDevLinktype) -- sa_family = 1 [1718] 27/2/2018 -- 20:27:38 - (source-af-packet.c:479) (AFPPeersListReachedInc) -- All AFP capture threads are running.